Wang, Lingyu, Jajodia, Sushil, Singhal, Anoop and Noel, Steven (2010) k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks. Technical Report. Concordia University, Montreal, Quebec. (Unpublished)
Preview |
Text (Technical Report) (application/pdf)
169kBk0d.pdf |
Abstract
The security risk of a network against unknown zero day attacks has been considered as something unmeasurable since software flaws are less predictable than hardware faults and the process of finding such flaws and developing exploits seems to be chaotic. In this paper, we propose a novel security metric, k-zero day safety, based on the number of unknown zero day vulnerabilities. That is, the metric counts at least how many unknown vulnerabilities are required for compromising a network asset, regardless of what vulnerabilities those are. We formally define the metric based on a model of relevant network components. We then devise algorithms for computing the metric. Finally, we discuss how to apply the metric for hardening a network.
| Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
|---|---|
| Item Type: | Monograph (Technical Report) |
| Authors: | Wang, Lingyu and Jajodia, Sushil and Singhal, Anoop and Noel, Steven |
| Institution: | Concordia University |
| Date: | 2010 |
| ID Code: | 6744 |
| Deposited By: | LINGYU WANG |
| Deposited On: | 08 Jul 2010 14:54 |
| Last Modified: | 18 Jan 2018 17:29 |
Repository Staff Only: item control page
Download Statistics
Download Statistics