Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities

Published

Author(s)

M. Albanese, Sushil Jajodia, Anoop Singhal, Lingyu Wang

Abstract

Computer systems are vulnerable to both known and zero-day attacks. Although known attack patterns can be easily modeled, thus enabling the definition of suitable hardening strategies, handling zero-day vulnerabilities is inherently difficult due to their unpredictable nature. Previous research has attempted to assess the risk associated with unknown attack patterns, and a metric to quantify such risk, the k-zero-day safety metric, has been defined. However, existing algorithms for computing this metric are not scalable, and assume that complete zero-day attack graphs have been generated, which may be unfeasible in practice for large networks. In this paper, we propose a framework comprising a suite of polynomial algorithms for estimating the k-zero-day safety of possibly large networks efficiently, without pre-computing the entire attack graph. We validate our approach experimentally, and show that the proposed solution is computationally efficient and accurate.
Proceedings Title
E-Business and Telecommunications (Communications in Computer and Information Science)
Volume
456
Conference Dates
July 29-31, 2013
Conference Location
Reykjavik, IS
Conference Title
10th International Conference on Security and Cryptography (SECRYPT 2013)

Keywords

attack graphs, vulnerability analysis, zero-day

Citation

Albanese, M. , Jajodia, S. , Singhal, A. and Wang, L. (2013), An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities, E-Business and Telecommunications (Communications in Computer and Information Science), Reykjavik, IS, [online], https://doi.org/10.1007/978-3-662-44788-8_19, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913051 (Accessed March 29, 2024)
Created July 30, 2013, Updated October 12, 2021