Attack potential in impact & complexity

L. Allodi, F. Massacci

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

© 2017 ACM.Vulnerability exploitation is reportedly one of the main attack vectors against computer systems. Yet, most vulnerabilities remain unexploited by attackers. It is therefore of central importance to identify vulnerabilities that carry a high 'potential for attack'. In this paper we rely on Symantec data on real attacks detected in the wild to identify a trade-off in the Impact and Complexity of a vulnerability, in terms of attacks that it generates; exploiting this effect, we devise a readily computable estimator of the vulnerability's Attack Potential that reliably estimates the expected volume of attacks against the vulnerability. We evaluate our estimator performance against standard patching policies by measuring foiled attacks and demanded workload expressed as the number of vulnerabilities entailed to patch. We show that our estimator significantly improves over standard patching policies by ruling out low-risk vulnerabilities, while maintaining invariant levels of coverage against attacks in the wild. Our estimator can be used as a first aid for vulnerability prioritisation to focus assessment efforts on high-potential vulnerabilities.
Original languageEnglish
Title of host publicationARES 2017 - Proceedings of the 12th International Conference on Availability, Reliability and Security
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450352574
ISBN (Print)9781450352574
DOIs
Publication statusPublished - 29 Aug 2017
Externally publishedYes
Event12th International Conference on Availability, Reliability and Security, ARES 2017 - Reggio Calabria, Italy
Duration: 29 Aug 20171 Sept 2017

Publication series

NameACM International Conference Proceeding Series

Conference

Conference12th International Conference on Availability, Reliability and Security, ARES 2017
Country/TerritoryItaly
CityReggio Calabria
Period29/08/171/09/17

Funding

Œis work has been supported by the EU FP7 programme (grant no. 285223, SECONOMICS) and by the NWO project SpySpot (grant

FundersFunder number
EU FP7 programme
Seventh Framework Programme285223
Nederlandse Organisatie voor Wetenschappelijk Onderzoek

    Fingerprint

    Dive into the research topics of 'Attack potential in impact & complexity'. Together they form a unique fingerprint.

    Cite this