NIST logo

Publication Citation: An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities

NIST Authors in Bold

Author(s): Anoop Singhal; M. Albanese; Sushil Jajodia; Lingyu Wang;
Title: An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities
Published: July 30, 2013
Abstract: Computer systems are vulnerable to both known and zero-day attacks. Although known attack patterns can be easily modeled, thus enabling the development of suitable hardening strategies, handling zero-day vulnerabilities is inherently difficult due to their unpredictable nature. Previous research has attempted to assess the risk associated with unknown attack patterns, and a suitable metric to quantify such risk, the k-zero-day safety metric, has been defined. However, existing algorithms for computing this metric are not scalable, and must assume that complete zero-day attack graphs have been generated, which may be infeasible in practice for large networks. In this paper, we propose a set of polynomial algorithms for estimating the k-zero-day safety of possibly large networks efficiently, without pre-computing the entire attack graph. We validate our approach through experiments, and show that the proposed algorithms are computationally efficient and accurate.
Conference: International Conference on Security and Cryptography (SECRYPT 2013)
Pages: 12 pp.
Location: Reykjavik, -1
Dates: July 29-31, 2013
Keywords: zero-day; vulnerability analysis; attack graphs; reliability
Research Areas: Computer Security, Cybersecurity
PDF version: PDF Document Click here to retrieve PDF version of paper (653KB)