Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero-Day Attacks

Zhang, Mengyuan; Wang, Lingyu; Jajodia, Sushil; Singhal, Anoop; Albanese, Massimiliano

doi:10.1109/tifs.2016.2516916

Cited by 109 publications

(81 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mishra and Gupta [12] proposed a hybrid solution which uses the concept of CSS matching and URI matching to defend against zero-day phishing attacks. Wang et al proposed some representative works on measuring the zero-day attack [1,13,14]. To evaluate the robustness of networks, [13,14] modeled network diversity as a security metric and then proposed two complementary diversity metrics.…”

Section: Related Workmentioning

confidence: 99%

“…Wang et al proposed some representative works on measuring the zero-day attack [1,13,14]. To evaluate the robustness of networks, [13,14] modeled network diversity as a security metric and then proposed two complementary diversity metrics. The paper [1] conducted the evaluation process based on how many zero-day vulnerabilities are required to compromise a network asset.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Security Measurement for Unknown Threats Based on Attack Preferences

Yin

Sun

Wang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Security measurement matters to every stakeholder in network security. It provides security practitioners the exact security awareness. However, most of the works are not applicable to the unknown threat. What is more, existing efforts on security metric mainly focus on the ease of certain attack from a theoretical point of view, ignoring the "likelihood of exploitation." To help administrator have a better understanding, we analyze the behavior of attackers who exploit the zero-day vulnerabilities and predict their attack timing. Based on the prediction, we propose a method of security measurement. In detail, we compute the optimal attack timing from the perspective of attacker, using a long-term game to estimate the risk of being found and then choose the optimal timing based on the risk and profit. We design a learning strategy to model the information sharing mechanism among multiattackers and use spatial structure to model the long-term process. After calculating the Nash equilibrium for each subgame, we consider the likelihood of being attacked for each node as the security metric result. The experiment results show the efficiency of our approach.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Security Measurement for Unknown Threats Based on Attack Preferences

Yin

Sun

Wang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Security requirements should be far easier to identify than the technical interactions between different systems, and their identification is at the basis of most security management best practices [22,24].…”

Section: Introductionmentioning

confidence: 99%

Estimating the Assessment Difficulty of CVSS Environmental Metrics: An Experiment

Allodi

Biagioni

Crispo

et al. 2017

Future Data and Security Engineering

View full text Add to dashboard Cite

Abstract[Context] The CVSS framework provides several dimensions to score vulnerabilities. The environmental metrics allow security analysts to downgrade or upgrade vulnerability scores based on a company's computing environments and security requirements.[Question] How difficult is for a human assessor to change the CVSS environmental score due to changes in security requirements (let alone technical configurations) for PCI-DSS compliance for networks and systems vulnerabilities of different type? [Results] A controlled experiment with 29 MSc students shows that given a segmented network it is significantly more difficult to apply the CVSS scoring guidelines on security requirements with respect to a flat network layout, both before and after the network has been changed to meet the PCI-DSS security requirements. The network configuration also impact the correctness of vulnerabilities assessment at system level but not at application level.[Contribution] This paper is the first attempt to empirically investigate the guidelines for the CVSS environmental metrics. We discuss theoretical and practical key aspects needed to move forward vulnerability assessments for large scale systems.

show abstract

“…However, none of those metrics considered the diversity of SM on the power grid by considering the defensive strategies.The use of diversity on SM has gained much attention as an important security property [13]. Diversity on SM deployment strategies for resilience has been evaluated [7] and has been found to improve the robustness [6] of the network against zero-day attack by introducing a network security metric. Previously, multiple studies have been performed that study survivability through heterogeneity.…”

mentioning

confidence: 99%

A Diversity-Based Substation Cyber Defense Strategy Utilizing Coloring Games

Touhiduzzaman

Hahn

Srivastava

2019

IEEE Trans. Smart Grid

View full text Add to dashboard Cite

Growing cybersecurity risks in the power grid require that utilities implement a variety of security mechanism (SM ) composed mostly of VPNs, firewalls, or other custom security components. While they provide some protection, they might contain software vulnerabilities which can lead to a cyber-attack. In this paper, the severity of a cyber-attack has been decreased by employing a diverse set of SM that reduce repetition of a single vulnerability. This paper focuses on the allocation of diverse SM and tries to increase the security of the cyber assets located within the electronic security perimeter(ESP) of a substation. We have used a graph-based coloring game in a distributed manner to allocate diverse SM for protecting the cyber assets. The vulnerability assessment for power grid network is also analyzed using this game theoretic method. An improved, diversified SMs for worst-case scenario has been demonstrated by reaching the Nash equilibrium of graph coloring game. As a case study, we analyze the IEEE-14 and IEEE-118 bus system, observe the different distributed coloring algorithm for allocating diverse SM and calculating the overall network criticality.proposed in [12]. However, none of those metrics considered the diversity of SM on the power grid by considering the defensive strategies.The use of diversity on SM has gained much attention as an important security property [13]. Diversity on SM deployment strategies for resilience has been evaluated [7] and has been found to improve the robustness [6] of the network against zero-day attack by introducing a network security metric. Previously, multiple studies have been performed that study survivability through heterogeneity. Source code modification [14] [15] had been proposed to diversify the software packages on computer systems. Keromytis and Prevelakis [16] modified the environment and structure of the network to achieved the diversity against system monocultures.In [17], the authors proposed a distributed graph coloring algorithm which leverages a malicious node to attack the same software packages, this resulted in software diversity. This work focuses on topological properties of the computer network which is similar to the concepts [5] of preventing human behavior epidemics on social relations.Recently, game theory has been applied to the distributed algorithm to achieve the proper allocation of resources in cloud computing [18], peer-to-peer system [19] and web cache [20]. Papagopoulou and Spirakas [21] proposed theoretical background of efficient graph coloring game which was based on local search. In [22], the authors proposed a gametheoretic approach of vertex coloring in a distributed manner for evaluating the performance of the wireless network in a simulated environment.In this paper, Our work emphasizes on interdependency, the complex network where a system-wide study of diversity has not yet performed. We focused on the heterogeneity of SM in the substation to reduce the propagation of computer malware.

show abstract

Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero-Day Attacks

Cited by 109 publications

References 38 publications

Security Measurement for Unknown Threats Based on Attack Preferences

Security Measurement for Unknown Threats Based on Attack Preferences

Estimating the Assessment Difficulty of CVSS Environmental Metrics: An Experiment

A Diversity-Based Substation Cyber Defense Strategy Utilizing Coloring Games

Contact Info

Product

Resources

About