Evaluating the network diversity of networks against zero-day attacks

Mengyuan Zhang, Lingyu Wang, Sushil Jajodia, Anoop Singhal

Research output: Chapter in Book / Report / Conference proceedingChapterAcademicpeer-review

Abstract

Diversity has long been regarded as a security mechanism and it has found new applications in security, e.g., in cloud, Moving Target Defense (MTD), and network routing. However, most existing efforts rely on intuitive and imprecise notions of diversity, and the few existing models of diversity are mostly designed for a single system running diverse software replicas or variants. At a higher abstraction level, as a global property of the entire network, diversity and its effect on security have received limited attention. In this chapter, we present a formal model of network diversity as a security metric. Specifically, we first devise a biodiversityinspired metric based on the effective number of distinct resources.We then propose two complementary diversity metrics, based on the least and the average attacking efforts, respectively. Finally, we evaluate the proposed metrics through simulation.
Original languageEnglish
Title of host publicationNetwork Security Metrics
PublisherSpringer International Publishing
Pages117-140
ISBN (Electronic)9783319665054
ISBN (Print)9783319665047
DOIs
Publication statusPublished - 15 Nov 2017
Externally publishedYes

Fingerprint

Dive into the research topics of 'Evaluating the network diversity of networks against zero-day attacks'. Together they form a unique fingerprint.

Cite this