U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Network Attack Surface: Lifting the Attack Surface Concept to Network Level for Evaluating the Resilience against Zero-Day Attacks

Published

Author(s)

Meng Zhang, Lingyu Wang, Sushil Jajodia, Anoop Singhal

Abstract

The concept of attack surface has seen many applications in various domains, e.g., software security, cloud security, mobile device security, Moving Target Defense (MTD), etc. However, in contrast to the original attack surface metric, which is formally and quantitatively defined for a software, most of the applications at higher abstraction levels, such as the network level, are limited to an intuitive and qualitative notion, losing the modeling power of the original concept. In this paper, we lift the attack surface concept to the network level as a formal security metric for evaluating the resilience of networks against zero day attacks. Specifically, we first develop novel models for aggregating the attack surface of different network resources. We then design heuristic algorithms to estimate the network attack surface while reducing the effort spent on calculating attack surface for individual resources. Finally, the proposed methods are evaluated through experiments.
Citation
IEEE Transactions on Dependable and Secure Computing
Pub Type
Journals

Download Paper

https://doi.org/10.1109/TDSC.2018.2889086
Local Download

Keywords

Software, Measurement, Firewalls (computing), Permission, Resilience, Heuristic algorithms
Networking and Cybersecurity

Citation

Zhang, M. , Wang, L. , Jajodia, S. and Singhal, A. (2018), Network Attack Surface: Lifting the Attack Surface Concept to Network Level for Evaluating the Resilience against Zero-Day Attacks, IEEE Transactions on Dependable and Secure Computing, [online], https://doi.org/10.1109/TDSC.2018.2889086, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=921183 (Accessed April 26, 2024)

Created December 20, 2018, Updated October 12, 2021