Breadcrumb

 
 

k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks

Title:

k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks

Wang, Lingyu and Jajodia, Sushil and Singhal, Anoop and Noel, Steven (2010) k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks. Technical Report. Concordia University, Montreal, Quebec. (Unpublished)

[img]
Preview
PDF (Technical Report)
165Kb

Abstract

The security risk of a network against unknown zero day attacks has been considered as something unmeasurable since software flaws are less predictable than hardware faults and the process of finding such flaws and developing exploits seems to be chaotic. In this paper, we propose a novel security metric, k-zero day safety, based on the number of unknown zero day vulnerabilities. That is, the metric counts at least how many unknown vulnerabilities are required for compromising a network asset, regardless of what vulnerabilities those are. We formally define the metric based on a model of relevant network components. We then devise algorithms for computing the metric. Finally, we discuss how to apply the metric for hardening a network.

Divisions:Concordia University > Faculty of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Monograph (Technical Report)
Authors:Wang, Lingyu and Jajodia, Sushil and Singhal, Anoop and Noel, Steven
Institution:Concordia University
Date:2010
ID Code:6744
Deposited By:LINGYU WANG
Deposited On:08 Jul 2010 10:54
Last Modified:08 Dec 2010 18:13
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Document Downloads

More statistics for this item...

Concordia University - Footer