Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Peter Mell (Fed)

Displaying 26 - 50 of 65

On the Internet Connectivity in Africa

November 18, 2015

Author(s)

Assane Gueye, Peter Mell, Desire Banse, Faical Y. Congo

This study measures and documents growth of Internet connectivity in Africa from 2010 to 2014 with a focus on inter-country relationships. We evaluate both intra-continent connectivity as well as connectivity to other continents. An initial analysis

Minimizing Attack Graph Data Structures

November 14, 2015

Author(s)

Peter Mell, Richard Harang

An attack graph is a data structure representing how an attacker can chain together multiple attacks to expand their influence within a network (often in an attempt to reach some set of goal states). Restricting attack graph size is vital for the execution

Defensive Resource Allocations with Security Chokepoints in IPv6 Networks

July 15, 2015

Author(s)

Assane Gueye, Peter M. Mell, Richard Harang, Richard J. La

Securely configured Internet Protocol version 6 networks can be made resistant to network scanning, forcing attackers to propagate following existing benign communication paths. We exploit this attacker limitation in a defensive approach in which

Measuring Limits on the Ability of Colluding Countries to Partition the Internet

June 30, 2015

Author(s)

Peter M. Mell, Richard Harang, Assane Gueye

We show that the strength of Internet-based network interconnectivity of countries is increasing over time. We then evaluate bounds on the extent to which a group of colluding countries can disrupt this connectivity. We evaluate the degree to which a group

Evasion-Resistant Network Scan Detection

May 9, 2015

Author(s)

Richard Harang, Peter Mell

Popular network scan detection algorithms operate through evaluating external sources for unusual connection patterns and traffic rates. Research has revealed evasive tactics that enable full circumvention of existing approaches (specifically the widely

The Resilience of the Internet to Colluding Country Induced Connectivity Disruptions

March 3, 2015

Author(s)

Peter M. Mell, Richard Harang, Assane Gueye

Lightweight Packing of Log Files for Improved Compression in Mobile Tactical Networks

October 8, 2014

Author(s)

Peter M. Mell, Richard Harang

Devices in mobile tactical edge networks are often resource constrained due to their lightweight and mobile nature, and often have limited access to bandwidth. In order to maintain situational awareness in the cyber domain, security logs from these devices

Reducing the Cognitive Load on Analysts Through Hamming Distance Based Alert Aggregation

September 30, 2014

Author(s)

Peter M. Mell, Richard Harang

Previous work introduced the idea of grouping alerts at a Hamming distance of 1 to achieve alert aggregation; such aggregated meta-alerts were shown to increase alert interpret-ability. However, a mean of 84,023 daily Snort alerts were reduced to a still

Using Network Tainting to Bound the Scope of Network Ingress Attacks

July 1, 2014

Author(s)

Peter M. Mell, Richard Harang

This research describes a novel security metric, network taint, which is related to software taint analysis. We use it here to bound the possible malicious influence of a known compromised node through monitoring and evaluating network flows. The result is

Limitations to Threshold Random Walk Scan Detection and Mitigating Enhancements

October 16, 2013

Author(s)

Peter M. Mell, Richard Harang

This paper discusses limitations in one of the most widely cited single source scan detection algorithms: threshold random walk (TRW). If an attacker knows that TRW is being employed, these limitations enable full circumvention allowing undetectable high

What's Special About Cloud Security?

July 16, 2012

Author(s)

Peter M. Mell

While cloud security concerns have consistently ranked as one of the top challenges to cloud adoption, it is not clear what security issues are special with respect to cloud computing. To approach this question, we attempt to derive cloud security issues

The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities

July 10, 2012

Author(s)

Elizabeth LeMay, Peter Mell, Karen Scarfone

The Common Misuse Scoring System (CMSS) is a set of measures of the severity of software feature misuse vulnerabilities. A software feature is a functional capability provided by software. A software feature misuse vulnerability is a vulnerability in which

The NIST Definition of Cloud Computing

September 28, 2011

Author(s)

Peter M. Mell, Timothy Grance

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with

The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities

December 27, 2010

Author(s)

Peter M. Mell, Karen Scarfone

The Common Configuration Scoring System (CCSS) is a set of measures of the severity of software security configuration issues. CCSS is derived from the Common Vulnerability Scoring System (CVSS), which was developed to measure the severity of

Intrusion Detection and Prevention Systems

October 22, 2010

Author(s)

Karen A. Scarfone, Peter M. Mell

Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents. An intrusion detection and prevention system (IDPS) is software that automates the intrusion detection

State of Security Readiness

June 10, 2010

Author(s)

Ramaswamy Chandramouli, Peter M. Mell

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. However, the

An Analysis of CVSS Version 2 Vulnerability Scoring

October 14, 2009

Author(s)

Karen A. Scarfone, Peter M. Mell

The Common Vulnerability Scoring System (CVSS) is a specification that is used to measure the relative severity of software vulnerabilities. CVSS version 2, which was finalized in June 2007, was designed to address several deficiencies discovered during

Vulnerability Scoring for Security Configuration Settings

October 29, 2008

Author(s)

Karen A. Scarfone, Peter M. Mell

The best-known vulnerability scoring standard, the Common Vulnerability Scoring System (CVSS), is designed to quantify the severity of security-related software flaw vulnerabilities. This paper describes our efforts to determine if CVSS could be adapted

Improving the Common Vulnerability Scoring System

September 28, 2007

Author(s)

Peter M. Mell, Karen A. Scarfone

The Common Vulnerability Scoring System is an emerging standard for scoring the impact of vulnerabilities. This paper presents the results of our analysis of the scoring system and the results of our experiment scoring a large set of vulnerabilities using

The Common Vulnerability Scoring System (CVSS) and its Applicability to Federal Agency Systems

August 30, 2007

Author(s)

Peter M. Mell, Karen A. Scarfone, Sasha Romanosky

The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. The National Vulnerability Database (NVD) provides specific CVSS scores for virtually all publicly known

A Complete Guide to the Common Vulnerability Scoring System Version 2.0

July 30, 2007

Author(s)

Peter M. Mell, Karen A. Scarfone, Sasha Romanosky

The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS consists of three groups: Base, Temporal and Environmental. Each group produces a numeric score ranging

CVSS-SIG Version 2 History

July 30, 2007

Author(s)

Peter M. Mell, Karen A. Scarfone, Gavin Reid

This document attempts to interpret the history and rationale behind changes made in the Common Vulnerability Scoring System (CVSS) from version 1 to version 2 (referred to as CVSS v1 and v2 in this document.) This document contains multiple appendices

Guide to Intrusion Detection and Prevention Systems (IDPS)

February 20, 2007

Author(s)

Karen A. Scarfone, Peter M. Mell

The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist

Common Vulnerability Scoring System

December 29, 2006

Author(s)

Peter M. Mell, Karen Kent Scarfone, Sasha Romanosky

Organizations struggle to assess the relative importance of software vulnerabilities across disparate hardware and software platforms. They must prioritize vulnerabilities and remediate those that pose the greatest risk. However, most software vendors and

Guide to Malware Incident Prevention and Handling

November 23, 2005

Author(s)

Peter M. Mell, Karen Kent, Joseph Nusbaum

[Superseded by SP 800-83 Rev. 1 (July 2013): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913930] This publication provides recommendations for improving an organizations malware incident prevention measures. It also gives extensive