Exploitability analysis using predictive cybersecurity framework
作者: Subil Abraham , Suku Nair
DOI: 10.1109/CYBCONF.2015.7175953
关键词:
摘要: Managing Security is a complex process and existing research in the field of cybersecurity metrics provide limited insight into understanding impact attacks have on overall security goals an enterprise. We need new generation that can enable enterprises to react even faster order properly protect mission-critical systems midst both undiscovered disclosed vulnerabilities. In this paper, we propose practical predictive model for exploitability analysis networking environment using stochastic modeling. Our built upon trusted CVSS Exploitability framework analyze how atomic attributes namely Access Complexity, Vector Authentication make up score evolve over specific time period. formally define nonhomogeneous Markov which incorporates dependent covariates, vulnerability age discovery rate. The daily transition-probability matrices our study are estimated combination Frei's & Alhazmi Malaiya's Logistic model. An conducted show feasibility effectiveness proposed approach. approach enables apply analytics cyber improve decision making reduce risk.
sci-hub.se 参考文章(30)
Sushil Jajodia, Steven Noel, Advanced Cyber Attack Modeling Analysis and Visualization ,(2010)
Lingyu Wang, Anoop Singhal, Sushil Jajodia, Measuring the overall security of network configurations using attack graphs Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security. pp. 98- 112 ,(2007) , 10.1007/978-3-540-73538-0_9
Lingyu Wang, Tania Islam, Tao Long, Anoop Singhal, Sushil Jajodia, An Attack Graph-Based Probabilistic Security Metric Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security. ,vol. 5094, pp. 283- 296 ,(2008) , 10.1007/978-3-540-70567-3_22
O.H. Alhazmi, Y.K. Malaiya, Modeling the vulnerability discovery process international symposium on software reliability engineering. pp. 129- 138 ,(2005) , 10.1109/ISSRE.2005.30
Sudhakar Govindavajhala, Xinming Ou, Andrew W. Appel, MulVAL: a logic-based network security analyzer usenix security symposium. pp. 8- 8 ,(2005)
Kishor S. Trivedi, Dong Seong Kim, Arpan Roy, Deep Medhi, Dependability and security models design of reliable communication networks. pp. 11- 20 ,(2009) , 10.1109/DRCN.2009.5340029
J. McHugh, W.L. Fithen, W.A. Arbaugh, Windows of vulnerability: a case study analysis IEEE Computer. ,vol. 33, pp. 52- 59 ,(2000) , 10.1109/2.889093
Hanno Langweg, Framework for malware resistance metrics Proceedings of the 2nd ACM workshop on Quality of protection - QoP '06. pp. 39- 44 ,(2006) , 10.1145/1179494.1179503
Lingyu Wang, Anoop Singhal, Sushil Jajodia, Toward measuring network security using attack graphs Proceedings of the 2007 ACM workshop on Quality of protection - QoP '07. pp. 49- 54 ,(2007) , 10.1145/1314257.1314273
Shengwei Yi, Yong Peng, Qi Xiong, Ting Wang, Zhonghua Dai, Haihui Gao, Junfeng Xu, Jiteng Wang, Lijuan Xu, Overview on attack graph generation and visualization technology international conference on anti-counterfeiting, security, and identification. pp. 1- 6 ,(2013) , 10.1109/ICASID.2013.6825274