Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day Attacks

Published

Author(s)

Lingyu Wang, Meng Zhang, Sushil Jajodia, Anoop Singhal, M. Albanese

Abstract

The interest in diversity as a security mechanism has recently been revived in various applications, such as Moving Target Defense (MTD), resisting worms in sensor networks, and improving the robustness of network routing. However, most existing efforts on formally modeling diversity have focused on a single system running diverse software replicas or variants. At a higher abstraction level, as a global property of the entire network, diversity and its impact on security have received limited attention. In this paper, we take the first step towards formally modeling network diversity as a security metric for evaluating the robustness of networks against potential zero day attacks. Specifically, we first devise a biodiversity-inspired metric based on the effective number of distinct resources. We then propose two complementary diversity metrics, based on the least and the average attacking efforts, respectively. Finally, we evaluate our algorithm and metrics through simulation.
Proceedings Title
Computer Security - ESORICS 2014 (Lecture Notes in Computer Science)
Volume
8713
Conference Dates
September 7-11, 2014
Conference Location
Wroclaw , PL
Conference Title
19th European Symposium on Research in Computer Security (ESORICS 2014)

Keywords

diversity, network robustness, network security, security metrics, zero day attack

Citation

Wang, L. , Zhang, M. , Jajodia, S. , Singhal, A. and Albanese, M. (2014), Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day Attacks, Computer Security - ESORICS 2014 (Lecture Notes in Computer Science), Wroclaw , PL, [online], https://doi.org/10.1007/978-3-319-11212-1_28, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=916370 (Accessed December 6, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created September 10, 2014, Updated October 12, 2021