NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities

Published

Author(s)

M. Albanese, Sushil Jajodia, Anoop Singhal, Lingyu Wang

Abstract

Computer systems are vulnerable to both known and zero-day attacks. Although known attack patterns can be easily modeled, thus enabling the definition of suitable hardening strategies, handling zero-day vulnerabilities is inherently difficult due to their unpredictable nature. Previous research has attempted to assess the risk associated with unknown attack patterns, and a metric to quantify such risk, the k-zero-day safety metric, has been defined. However, existing algorithms for computing this metric are not scalable, and assume that complete zero-day attack graphs have been generated, which may be unfeasible in practice for large networks. In this paper, we propose a framework comprising a suite of polynomial algorithms for estimating the k-zero-day safety of possibly large networks efficiently, without pre-computing the entire attack graph. We validate our approach experimentally, and show that the proposed solution is computationally efficient and accurate.
Proceedings Title
E-Business and Telecommunications (Communications in Computer and Information Science)
Volume
456
Conference Dates
July 29-31, 2013
Conference Location
Reykjavik, IS
Conference Title
10th International Conference on Security and Cryptography (SECRYPT 2013)
Pub Type
Conferences

Download Paper

https://doi.org/10.1007/978-3-662-44788-8_19
Local Download

Keywords

attack graphs, vulnerability analysis, zero-day
Cybersecurity and privacy

Citation

Albanese, M. , Jajodia, S. , Singhal, A. and Wang, L. (2013), An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities, E-Business and Telecommunications (Communications in Computer and Information Science), Reykjavik, IS, [online], https://doi.org/10.1007/978-3-662-44788-8_19, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913051 (Accessed October 8, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 30, 2013, Updated October 12, 2021
Was this page helpful?