A Unified Framework for Measuring a Network´s Mean Time-to-Compromise

Author

Nzoukou, William ; Lingyu Wang ; Jajodia, Sushil ; Singhal, Achintya

Author_Institution

Concordia Inst. for Inf. Syst. Eng., Concordia Univ., Montreal, QC, Canada

fYear

2013

fDate

Sept. 30 2013-Oct. 3 2013

Firstpage

215

Lastpage

224

Abstract

Measuring the mean time-to-compromise provides important insights for understanding a network´s weaknesses and for guiding corresponding defense approaches. Most existing network security metrics only deal with the threats of known vulnerabilities and cannot handle zero day attacks with consistent semantics. In this paper, we propose a unified framework for measuring a network´s mean time-to-compromise by considering both known, and zero day attacks. Specifically, we first devise models of the mean time for discovering and exploiting individual vulnerabilities. Unlike existing approaches, we replace the generic state transition model with a more vulnerability-specific graphical model. We then employ Bayesian networks to derive the overall mean time-to-compromise by aggregating the results of individual vulnerabilities. Finally, we demonstrate the framework´s practical application to network hardening through case studies.

Keywords

Bayes methods; computer network reliability; computer network security; network theory (graphs); Bayesian networks; known attacks; network hardening; network mean time-to-compromise; network security metrics; network weaknesses; vulnerability-specic graphical model; zero day attacks; Bayes methods; Knowledge engineering; Measurement; Safety; Security; Semantics; Security metrics; mean time to compromise; network security;

fLanguage

English

Publisher

ieee

Conference_Titel

Reliable Distributed Systems (SRDS), 2013 IEEE 32nd International Symposium on

Conference_Location

Braga

Type

conf

DOI

10.1109/SRDS.2013.30

Filename

6656277