Control charting methods for autocorrelated cyber vulnerability data

Control charting cyber vulnerabilities is challenging because the same vulnerabilities can remain from period to period. Also, hosts (personal computers, servers, printers, etc.) are often scanned infrequently and can be unavailable during scanning. To address these challenges, control charting of the period-to-period demerits per host using a hybrid moving centerline residual-based and adjusted demerit (MCRAD) chart is proposed. The intent is to direct limited administrator resources to unusual cases when automatic patching is insufficient. The proposed chart is shown to offer superior average run length performance compared with three alternative methods from the literature. The methods are illustrated using three datasets.