|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks
Nov.-Dec. 2012 (vol. 9 no. 6)
pp. 825-837
| ASCII Text | x | ||
| Hannes Holm, Mathias Ekstedt, Dennis Andersson, "Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 6, pp. 825-837, Nov.-Dec., 2012. | |||
| BibTex | x | ||
| @article{ 10.1109/TDSC.2012.66, author = {Hannes Holm and Mathias Ekstedt and Dennis Andersson}, title = {Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks}, journal ={IEEE Transactions on Dependable and Secure Computing}, volume = {9}, number = {6}, issn = {1545-5971}, year = {2012}, pages = {825-837}, doi = {http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.66}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - JOUR JO - IEEE Transactions on Dependable and Secure Computing TI - Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks IS - 6 SN - 1545-5971 SP825 EP837 EPD - 825-837 A1 - Hannes Holm, A1 - Mathias Ekstedt, A1 - Dennis Andersson, PY - 2012 KW - Network security KW - Mathematical model KW - Authorization KW - Computer crime KW - Computational modeling KW - Telecommunication network management KW - Risk management KW - network management KW - Network-level security and protection KW - unauthorized access (hacking KW - phreaking) KW - risk management VL - 9 JA - IEEE Transactions on Dependable and Secure Computing ER - | |||
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.66
Web Extra: View Supplemental Material(PDF)
The Common Vulnerability Scoring System (CVSS) is a widely used and well-established standard for classifying the severity of security vulnerabilities. For instance, all vulnerabilities in the US National Vulnerability Database (NVD) are scored according to this method. As computer systems typically have multiple vulnerabilities, it is often desirable to aggregate the score of individual vulnerabilities to a system level. Several such metrics have been proposed, but their quality has not been studied. This paper presents a statistical analysis of how 18 security estimation metrics based on CVSS data correlate with the time-to-compromise of 34 successful attacks. The empirical data originates from an international cyber defense exercise involving over 100 participants and were collected by studying network traffic logs, attacker logs, observer logs, and network vulnerabilities. The results suggest that security modeling with CVSS data alone does not accurately portray the time-to-compromise of a system. However, results also show that metrics employing more CVSS data are more correlated with time-to-compromise. As a consequence, models that only use the weakest link (most severe vulnerability) to compose a metric are less promising than those that consider all vulnerabilities.
Index Terms:
Network security,Mathematical model,Authorization,Computer crime,Computational modeling,Telecommunication network management,Risk management,network management,Network-level security and protection,unauthorized access (hacking,phreaking),risk management
Citation:
Hannes Holm, Mathias Ekstedt, Dennis Andersson, "Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 6, pp. 825-837, Nov.-Dec. 2012, doi:10.1109/TDSC.2012.66
Usage of this product signifies your acceptance of the Terms of Use.