Adaptive modeling for security vulnerability propagation to predict the impact of business process redesign

preprint OA: closed CC-BY-4.0
🔓 Open OA copy View at publisher

Abstract

Background: Business process redesign (BPR) is typical in organizations and is followed by adaptive maintenance on supporting applications. However, BPR leads to information security vulnerabilities that can propagate to its supporting applications. Methods: : This study proposes a new method called Node Strength-based Vulnerability Modeling (NSVM) for modeling security vulnerability propagation in the business processes and IT service layers. We applied the concept of social network strength to build our propagation model. The propagation model is needed to predict the impact of BPR on application vulnerabilities. We chose e-commerce applications as a case study. We evaluated the vulnerability propagation model by comparing the predicted vulnerability scores from the model with the actual scores of e-commerce applications in the National Vulnerability Database. Results: : Our experimentation indicates that the propagation strength between nodes is influenced by Common Weakness Enumerations (CWEs) between them. Thus, the vulnerability propagation model can predict vulnerability scores at module nodes in the IT service layer. In the NSVM, the best prediction scores were obtained by aggregating the adjacency and initial scores using the maximum principle approach. The best evaluation results yield mean absolute error (MAE), root mean squared error (RMSE), and mean squared error (MSE) scores of 0.60, 1.44, and 1.16, respectively. Conclusion: Our study shows that the vulnerability propagation model with an adaptive mechanism based on BPR can be used to predict security vulnerability scores as the impact of business process redesign.

My notes (saved in your browser only)

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. The paper's references may be in our DB but unresolved to ``paper_id`` (resolution happens at ingest when the cited DOI matches a row we already have). Run the cross-source citation reconcile pass to retry.

Source provenance

europepmc
last seen: 2026-05-19T01:45:01.086888+00:00
unpaywall
last seen: 2026-05-26T02:00:01.498150+00:00
License: CC-BY-4.0