Familiarity breeds contempt

Clark, Sandy; Frei, Stefan; Blaze, Matt; Smith, Jonathan M.

doi:10.1145/1920261.1920299

Cited by 35 publications

(5 citation statements)

References 11 publications

(9 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Frei et al [12] showed that exploits are often quicker to arrive than patches are. An analysis of the same flavour is provided by [27] and [7]. Other studies focused on the modeling of the vulnerability discovery processes.…”

Section: Related Workmentioning

confidence: 99%

“…Current vulnerability discovery models are however not general enough to represent trends for all software [21]. Moreover, vulnerability disclosure and discovery are complex processes [7,22], and can be influenced by {black/white}-hat community activities [7] and economics [17]. The different risk levels coming from different vulnerability types and exploit sources is outlined in [4].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

The Heavy Tails of Vulnerability Exploitation

Allodi

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In this paper we analyse the frequency at which vulnerabilities are exploited in the wild by relying on data collected worldwide by Symantec's sensors. Our analysis comprises 374 exploited vulnerabilities for a total of 75.7 Million recorded attacks spanning three years (2009)(2010)(2011)(2012). We find that for some software as little as 5% of exploited vulnerabilities is responsible for about 95% of the attacks against that platform. This strongly skewed distribution is consistent for all considered software categories, for which a general take-away is that less than 10% of vulnerabilities account for more than 90% of the attacks (with the exception of pre-2009 Java vulnerabilities). Following these findings, we hypothesise vulnerability exploitation may follow a Power Law distribution. Rigorous hypothesis testing results in neither accepting nor rejecting the Power Law Hypothesis, for which further data collection from the security community may be needed. Finally, we present and discuss the Law of the Work-Averse Attacker as a possible explanation for the heavy-tailed distributions we find in the data, and present examples of its effects for Apple Quicktime and Microsoft Internet Explorer vulnerabilities.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

The Heavy Tails of Vulnerability Exploitation

Allodi

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…There are also external reasons for this trend. Recently, researchers at the University of Pennsylvania analyzed the rate at which vulnerabilities were discovered following 700 major software releases (Clark et al 2010). They found that, in most cases, there was a honeymoon period, averaging about 110 days, during which time relatively few vulnerabilities appeared.…”

Section: Law #6: •mentioning

confidence: 99%

Managing Risk and Information Security

Harkins¹

2013

View full text Add to dashboard Cite

show abstract

“…To be proactive, organizations must take security assurance steps after a software product has been released, but before the broad hacker community discovers its vulnerabilities [7].…”

mentioning

confidence: 99%

“…Our definition of Germination Period includes the previously identified "Honeymoon period", which occurs after the release of a system, but before the identification of its first vulnerability [7]. Both of these periods represent opportunities where proactive counter-measures can be advantageously taken.…”

mentioning

confidence: 99%

Can Cybersecurity Be Proactive? A Big Data Approach and Challenges

Chen

Kazman

Monarch

et al. 2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

The cybersecurity community typically reacts to attacks after they occur. Being reactive is costly and can be fatal where attacks threaten lives, important data, or mission success. But can cybersecurity be done proactively? Our research capitalizes on the Germination Period-the time lag between hacker communities discussing software flaw types and flaws actually being exploited-where proactive measures can be taken. We argue for a novel proactive approach, utilizing big data, for (I) identifying potential attacks before they come to fruition; and based on this identification, (II) developing preventive countermeasures. The big data approach resulted in our vision of the Proactive Cybersecurity System (PCS), a layered, modular service platform that applies big data collection and processing tools to a wide variety of unstructured data sources to predict vulnerabilities and develop countermeasures. Our exploratory study is the first to show the promise of this novel proactive approach and illuminates challenges that need to be addressed.

show abstract

Familiarity breeds contempt

Cited by 35 publications

References 11 publications

The Heavy Tails of Vulnerability Exploitation

The Heavy Tails of Vulnerability Exploitation

Managing Risk and Information Security

Can Cybersecurity Be Proactive? A Big Data Approach and Challenges

Contact Info

Product

Resources

About