pone.0279100.g002.tif (170.28 kB)

Visual description of the problem when the cyber components have multiple possible OSs that are updated as time goes forward and cyber components do not return to a previous OS.

Download (170.28 kB)
posted on 2022-12-27, 18:27 authored by Marc Mangel, Alan Brown

A) Two representations of the OS in use (y-axis) in a subset of about 335 computers from a network of about 7000 computers between July 2019 and March 2020 (details on how the data were chosen can be found in S1 Appendix in S1 File) as a function of the most recent OS release (x-axis). In the upper panel, we show the data as presence/absence of an OS in the sample. In the lower panel, we show the relative distribution of the current OS, where the diameter of the circle is proportional to the base-10 logarithm of the counts of that OS. The points (5,3) and (10,9) from the upper panel are not visible in the lower panel because their relative representation is so small. B) When measured by the most recent OS, time moves forward in uniform steps (x-axis), and the maximum OS in use jumps whenever a new OS is released. The maximum updating rate is then the black solid line; if an OS is never updated, it remains at the first release (dotted line). Each location between these two lines corresponds to a probability of the OS in use given the most recent OS. C) With time measured in OS release, the space between the two lines in panel B can be filled using a binomial lattice model (sensu Leisen and Reimer [22]) in which the current OS, at the time of an OS update, is either updated by 1 or remains the same. We let p denote the probability that the OS is updated at each step possible. For example, the probability that at time t the OS is still the first release is (1 − p)t−1 (i.e., in each of the t time steps the OS was not updated) and the probability that the OS is the most recent release is pt (i.e., in each of the t time steps the OS was updated). D) However, in this paper we are interested in measuring time in a natural scale, such as days. In that case, we require knowing the most recent OS release as a function of time. We use the schedule of OS updates shown here for the computations that follow.