Abstract
Network Secunetwork security metric enables the direct measurement of the relative effectiveness of different security solutions. The results thus provide quantifiable evidences to assist security practitioners in choosing among those security solutions, which makes network security hardening a science rather than an art. The development of network security metrics has evolved from focusing on known vulnerabilities to considering also unknown zero day attacks. This chapter reviews the challenges and solutions in designing network security metrics for both known and unknown threats. Specifically, we first examine how CVSS scores may be combined based on attack graphs to measure the overall threat of residue vulnerabilites; we then estimate the resilience of networks against unknown vulnerabilities by counting the number of such vulnerabilities along the shortest attack path; finally, we model the effect of diversity on network security with respect to zero day attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Elton, C.: The Ecology of Invasion by Animals and Plants. University Of Chicago Press, Chicago (1958)
Hill, M.O.: Diversity and evenness: a unifying notation and its consequences. Ecology 54(2), 427–432 (1973)
Jha, S., Sheyner, O., Wing, J.M.: Two formal analysis of attack graph. In: Proceedings of the 15th Computer Security Foundation Workshop (CSFW 2002) (2002)
Leinster, T., Cobbold, C.A.: Measuring diversity: the importance of species similarity. Ecology 93(3), 477–489 (2012)
McCann, K.S.: The diversity-stability debate. Nature 405, 228–233 (2000)
McHugh, J.: Quality of protection: measuring the unmeasurable? In: Proceedings of the 2nd ACM QoP, pp. 1–2 (2006)
Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system. IEEE Secur. Priv. 4(6), 85–89 (2006)
National Institute of Standards and Technology: Technology assessment: Methods for measuring the level of computer security. NIST Special Publication 500-133 (1985)
National vulnerability database. http://www.nvd.org. Accessed 9 May 2008
Pielou, E.C.: Ecological Diversity. Wiley, New York (1975)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs (2002)
Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L.: Security metrics guide for information technology systems. NIST Special Publication 800-55 (2003)
Wang, L., Jajodia, S., Singhal, A., Noel, S.: k-zero day safety: measuring the security risk of networks against unknown attacks. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 573–587. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_35
Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Comput. Commun. 29(18), 3812–3824 (2006)
Acknowledgements
The author with Concordia University was partially supported by the Natural Sciences and Engineering Research Council of Canada under Discovery Grant N01035 and by the National Institutes of Standard and Technology under grant 60NANB16D287.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Wang, L., Zhang, M., Singhal, A. (2018). Network Security Metrics: From Known Vulnerabilities to Zero Day Attacks. In: Samarati, P., Ray, I., Ray, I. (eds) From Database to Cyber Security. Lecture Notes in Computer Science(), vol 11170. Springer, Cham. https://doi.org/10.1007/978-3-030-04834-1_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-04834-1_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04833-4
Online ISBN: 978-3-030-04834-1
eBook Packages: Computer ScienceComputer Science (R0)