Skip to main content

NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero Day Attacks

Published

Author(s)

Meng Zhang, Lingyu Wang, Sushil Jajodia, Anoop Singhal, M. Albanese

Abstract

Diversity has long been regarded as a security mechanism for improving the resilience of software and networks against various attacks. More recently, diversity has found new applications in cloud computing security, Moving Target Defense (MTD), and improving the robustness of network routing. However, most existing efforts rely on intuitive and imprecise notions of diversity, and the few existing models of diversity are mostly designed for a single system running diverse software replicas or variants. At a higher abstraction level, as a global property of the entire network, diversity and its effect on security have received limited attention. In this paper, we take the first step towards formally modeling network diversity as a security metric by designing and evaluating a series of diversity metrics. Specifically, we first devise a biodiversity-inspired metric based on the effective number of distinct resources. We then propose two complementary diversity metrics, based on the least and the average attacking efforts, respectively. We provide guidelines for instantiating the proposed metrics and present a case study on estimating software diversity. Finally, we evaluate the proposed metrics through simulation.
Citation
IEEE Transactions on Information Forensics and Security
Volume
11
Issue
5

Keywords

Security Metrics, Diversity, Network Security, Zero Day Attack, Network Resilience

Citation

Zhang, M. , Wang, L. , Jajodia, S. , Singhal, A. and Albanese, M. (2016), Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero Day Attacks, IEEE Transactions on Information Forensics and Security, [online], https://doi.org/10.1109/TIFS.2016.2516916, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=918869 (Accessed October 8, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created January 11, 2016, Updated October 12, 2021
Was this page helpful?