A Survey on Security Metrics
作者: Shouhuai Xu , Richard Garcia-Lebron , Marcus Pendleton
DOI:
关键词:
摘要: The importance of security metrics can hardly be overstated. Despite the attention that has been paid by academia, government and industry in past decades, this important problem stubbornly remains open. In survey, we present a survey knowledge on metrics. is centered novel taxonomy, which classifies into four categories: for measuring system vulnerabilities, defenses, threats, situations. insight underlying taxonomy situations (or outcomes cyber attack-defense interactions) are caused certain threats attacks) against systems have vulnerabilities (including human factors) employ defenses. addition to systematically reviewing proposed literature, discuss gaps between state art ultimate goals.
arxiv.org
harvard.edu参考文章(83)
David Dagon, Cliff Changchun Zou, Wenke Lee, Modeling Botnet Propagation Using Time Zones. network and distributed system security symposium. ,(2006)
Butler Lampson, Practical Principles for Computer Security NATO Security through Science Series - D: Information and Communication Security. ,(2007)
Fabian Monrose, Moheeb Abu Rajab, Andreas Terzis, On the effectiveness of distributed worm monitoring usenix security symposium. pp. 15- 15 ,(2005)
Aziz Mohaisen, Omar Alrawi, AV-Meter: An Evaluation of Antivirus Scans and Labels international conference on detection of intrusions and malware, and vulnerability assessment. pp. 112- 131 ,(2014) , 10.1007/978-3-319-08509-8_7
Benjamin Johnson, John Chuang, Jens Grossklags, Nicolas Christin, Metrics for Measuring ISP Badness: The Case of Spam financial cryptography. pp. 89- 97 ,(2012) , 10.1007/978-3-642-32946-3_8
Luca Allodi, Fabio Massacci, Comparing Vulnerability Severity and Exploits Using Case-Control Studies ACM Transactions on Information and System Security. ,vol. 17, pp. 1- 20 ,(2014) , 10.1145/2630069
Antonio Barresi, David Wagner, Thomas R. Gross, Mathias Payer, Nicolas Carlini, Control-flow bending: on the effectiveness of control-flow integrity usenix security symposium. pp. 161- 176 ,(2015)
Antonio Nappa, Richard Johnson, Leyla Bilge, Juan Caballero, Tudor Dumitras, The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching 2015 IEEE Symposium on Security and Privacy. pp. 692- 708 ,(2015) , 10.1109/SP.2015.48
John Homer, Su Zhang, Xinming Ou, David Schmidt, Yanhui Du, S. Raj Rajagopalan, Anoop Singhal, Aggregating vulnerability metrics in enterprise networks using attack graphs Journal of Computer Security. ,vol. 21, pp. 561- 597 ,(2013) , 10.3233/JCS-130475
Joseph Bonneau, Statistical metrics for individual password strength international workshop on security. pp. 76- 86 ,(2012) , 10.1007/978-3-642-35694-0_10