Quantitative Assessment of Risk Reduction with Cybercrime Black Market Monitoring
作者: Luca Allodi , Woohyun Shim , Fabio Massacci
DOI: 10.1109/SPW.2013.16
关键词:
摘要: Cybercrime is notoriously maintained and empowered by the underground economy, manifested in black markets. In such markets, attack tools vulnerability exploits are constantly traded. this paper, we focus on making a quantitative assessment of risk attacks coming from investigating expected reduction overall against final users if, for example, vulnerabilities traded markets were all to be promptly patched. order conduct analysis, mainly use data (a) bundled 90+ collected us; (b) actual records 9 × 107 Symantec's Data Sharing Programme WINE. Our results illustrate that market an important source population users; further show mitigation strategies based monitoring may outperform traditional CVSS scores providing up 20% more attacks.
tue.nl
acm.org 参考文章(19)
Karen A. Scarfone, Stephen D. Quinn, Christopher S. Johnson, Matthew Barrett, SP 800-117. Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 National Institute of Standards & Technology. ,(2010)
W W Hunter, SEAT BELT USAGE AND BENEFITS IN NORTH CAROLINA ACCIDENTS ,(1974)
Cormac Herley, Dinei Florêncio, Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy Economics of Information Security and Privacy. pp. 33- 53 ,(2010) , 10.1007/978-1-4419-6967-5_3
Mehran Bozorgi, Lawrence K. Saul, Stefan Savage, Geoffrey M. Voelker, Beyond heuristics: learning to classify vulnerabilities and predict exploits knowledge discovery and data mining. pp. 105- 114 ,(2010) , 10.1145/1835804.1835821
Leonard Evans, Double pair comparison—A new method to determine how occupant characteristics affect fatality risk in traffic crashes Accident Analysis & Prevention. ,vol. 18, pp. 217- 227 ,(1986) , 10.1016/0001-4575(86)90006-0
Stefan Frei, Martin May, Ulrich Fiedler, Bernhard Plattner, Large-scale vulnerability analysis Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense - LSAD '06. pp. 131- 138 ,(2006) , 10.1145/1162666.1162671
Leonard Evans, The effectiveness of safety belts in preventing fatalities. Accident Analysis & Prevention. ,vol. 18, pp. 229- 241 ,(1986) , 10.1016/0001-4575(86)90007-2
Leyla Bilge, Tudor Dumitras, Before we knew it Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 833- 844 ,(2012) , 10.1145/2382196.2382284
Chris Grier, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Manufacturing compromise Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 821- 832 ,(2012) , 10.1145/2382196.2382283
Luca Allodi, Fabio Massacci, A preliminary analysis of vulnerability scores for attacks in wild Proceedings of the 2012 ACM Workshop on Building analysis datasets and gathering experience returns for security - BADGERS '12. pp. 17- 24 ,(2012) , 10.1145/2382416.2382427