Prioritizing Vulnerability Remediation by Determining Attacker-Targeted Vulnerabilities

Security&Privacy
2009
Issue No. 1 - January/February
Abstract - Prioritizing Vulnerability Remediation by Determining Attacker-Targeted Vulnerabilities

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Michel Cukier Articles by Susmit Panjwani

January/February 2009 (vol. 7 no. 1)

pp. 42-48

	ASCII Text	x
	Michel Cukier, Susmit Panjwani, "Prioritizing Vulnerability Remediation by Determining Attacker-Targeted Vulnerabilities," IEEE Security and Privacy, vol. 7, no. 1, pp. 42-48, January/February, 2009.

	BibTex	x
	@article{ 10.1109/MSP.2009.13, author = {Michel Cukier and Susmit Panjwani}, title = {Prioritizing Vulnerability Remediation by Determining Attacker-Targeted Vulnerabilities}, journal ={IEEE Security and Privacy}, volume = {7}, number = {1}, issn = {1540-7993}, year = {2009}, pages = {42-48}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2009.13}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security and Privacy TI - Prioritizing Vulnerability Remediation by Determining Attacker-Targeted Vulnerabilities IS - 1 SN - 1540-7993 SP42 EP48 EPD - 42-48 A1 - Michel Cukier, A1 - Susmit Panjwani, PY - 2009 KW - attacks KW - vulnerabilities KW - honeypots KW - empirical data VL - 7 JA - IEEE Security and Privacy ER -

Michel Cukier, University of Maryland

Susmit Panjwani, University of Maryland

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.13

This article attempts to empirically analyze which vulnerabilities attackers tend to target in order to prioritize vulnerability remediation. This analysis focuses on the link between malicious connections and vulnerabilities, where each connection is considered malicious. Attacks requiring multiple connections are counted as multiple attacks. As the number of connections increases, so does the cost of recovering from the intrusion. The authors deployed four honey pots for four months, each running a different Windows service pack with its associated set of vulnerabilities. They then performed three empirical analyses to determine the relationship between the number of malicious connections and the total number of vulnerabilities, the number of malicious connections and the number of the vulnerabilities for different services, and the number of known successful attacks and the number of vulnerabilities for different services.

1. A. Ozment and S.E. Schechter, "Milk or Wine: Does Software Security Improve with Age?" Proc. 15th Usenix Security Symp., 2006, pp. 93–104.
2. "Creating a Patch and Vulnerability Management Program," Special Publication 800-40, US Nat'l Inst. of Science and Technology (NIST), 2005.
3. S. Panjwani et al., "An Experimental Evaluation to Determine if Port Scans Are Precursors to an Attack," Proc. Int'l. Conf. Dependable Systems and Networks (DSN 05), IEEE CS Press, 2005, pp. 602–611.
4. M. Kendall and J.D. Gibbons, Rank Correlation Methods, Edward Arnold, 1990.
5. J.P. Guilford, Fundamental Statistics in Psychology and Education, McGraw-Hill, 1965.

Index Terms:

attacks, vulnerabilities, honeypots, empirical data

Citation:

Michel Cukier, Susmit Panjwani, "Prioritizing Vulnerability Remediation by Determining Attacker-Targeted Vulnerabilities," IEEE Security and Privacy, vol. 7, no. 1, pp. 42-48, Jan./Feb. 2009, doi:10.1109/MSP.2009.13

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.