Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities

Published

Author(s)

M. Albanese, Sushil Jajodia, Anoop Singhal, Lingyu Wang

Abstract

Computer systems are vulnerable to both known and zero-day attacks. Although known attack patterns can be easily modeled, thus enabling the definition of suitable hardening strategies, handling zero-day vulnerabilities is inherently difficult due to their unpredictable nature. Previous research has attempted to assess the risk associated with unknown attack patterns, and a metric to quantify such risk, the k-zero-day safety metric, has been defined. However, existing algorithms for computing this metric are not scalable, and assume that complete zero-day attack graphs have been generated, which may be unfeasible in practice for large networks. In this paper, we propose a framework comprising a suite of polynomial algorithms for estimating the k-zero-day safety of possibly large networks efficiently, without pre-computing the entire attack graph. We validate our approach experimentally, and show that the proposed solution is computationally efficient and accurate.
Proceedings Title
E-Business and Telecommunications (Communications in Computer and Information Science)
Volume
456
Conference Dates
July 29-31, 2013
Conference Location
Reykjavik, -1
Conference Title
10th International Conference on Security and Cryptography (SECRYPT 2013)

Keywords

attack graphs, vulnerability analysis, zero-day
Created July 31, 2013, Updated November 10, 2018