Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||M. Albanese; Sushil Jajodia; Anoop Singhal; Lingyu Wang;|
|Title:||An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities|
|Published:||July 31, 2013|
|Abstract:||Computer systems are vulnerable to both known and zero-day attacks. Although known attack patterns can be easily modeled, thus enabling the definition of suitable hardening strategies, handling zero-day vulnerabilities is inherently difficult due to their unpredictable nature. Previous research has attempted to assess the risk associated with unknown attack patterns, and a metric to quantify such risk, the k-zero-day safety metric, has been defined. However, existing algorithms for computing this metric are not scalable, and assume that complete zero-day attack graphs have been generated, which may be unfeasible in practice for large networks. In this paper, we propose a framework comprising a suite of polynomial algorithms for estimating the k-zero-day safety of possibly large networks efficiently, without pre-computing the entire attack graph. We validate our approach experimentally, and show that the proposed solution is computationally efficient and accurate.|
|Conference:||10th International Conference on Security and Cryptography (SECRYPT 2013)|
|Proceedings:||E-Business and Telecommunications (Communications in Computer and Information Science)|
|Pages:||pp. 322 - 340|
|Dates:||July 29-31, 2013|
|Keywords:||attack graphs, vulnerability analysis, zero-day|
|Research Areas:||Computer Security, Cybersecurity|
|DOI:||http://dx.doi.org/10.1007/978-3-662-44788-8_19 (Note: May link to a non-U.S. Government webpage)|
|PDF version:||Click here to retrieve PDF version of paper (421KB)|