Modeling network diversity for evaluating the robustness of networks against zero-day attacks

Lingyu Wang; Mengyuan Zhang; Sushil Jajodia; Anoop Singhal; Massimiliano Albanese

doi:10.1007/978-3-319-11212-1_28

Modeling network diversity for evaluating the robustness of networks against zero-day attacks

Lingyu Wang, Mengyuan Zhang, Sushil Jajodia, Anoop Singhal, Massimiliano Albanese

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

The interest in diversity as a security mechanism has recently been revived in various applications, such as Moving Target Defense (MTD), resisting worms in sensor networks, and improving the robustness of network routing. However, most existing efforts on formally modeling diversity have focused on a single system running diverse software replicas or variants. At a higher abstraction level, as a global property of the entire network, diversity and its impact on security have received limited attention. In this paper, we take the first step towards formally modeling network diversity as a security metric for evaluating the robustness of networks against potential zero day attacks. Specifically, we first devise a biodiversity-inspired metric based on the effective number of distinct resources. We then propose two complementary diversity metrics, based on the least and the average attacking efforts, respectively. Finally, we evaluate our algorithm and metrics through simulation. © 2014 Springer International Publishing Switzerland.

Original language	English
Title of host publication	Computer Security, ESORICS 2014 - 19th European Symposium on Research in Computer Security, Proceedings
Publisher	Springer Verlag
Pages	494-511
ISBN (Print)	9783319112114
DOIs	https://doi.org/10.1007/978-3-319-11212-1_28
Publication status	Published - 2014
Externally published	Yes
Event	19th European Symposium on Research in Computer Security, ESORICS 2014 - , Poland Duration: 7 Sept 2014 → 11 Sept 2014

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th European Symposium on Research in Computer Security, ESORICS 2014
Country/Territory	Poland
Period	7/09/14 → 11/09/14

Access to Document

10.1007/978-3-319-11212-1_28

Persistent URL (handle)

Persistent link

Cite this

Wang, L., Zhang, M., Jajodia, S., Singhal, A., & Albanese, M. (2014). Modeling network diversity for evaluating the robustness of networks against zero-day attacks. In Computer Security, ESORICS 2014 - 19th European Symposium on Research in Computer Security, Proceedings (pp. 494-511). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). Springer Verlag. https://doi.org/10.1007/978-3-319-11212-1_28

Wang, Lingyu ; Zhang, Mengyuan ; Jajodia, Sushil et al. / Modeling network diversity for evaluating the robustness of networks against zero-day attacks. Computer Security, ESORICS 2014 - 19th European Symposium on Research in Computer Security, Proceedings. Springer Verlag, 2014. pp. 494-511 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a4b230a83fe34aa3b1dcce1285385711,

title = "Modeling network diversity for evaluating the robustness of networks against zero-day attacks",

abstract = "The interest in diversity as a security mechanism has recently been revived in various applications, such as Moving Target Defense (MTD), resisting worms in sensor networks, and improving the robustness of network routing. However, most existing efforts on formally modeling diversity have focused on a single system running diverse software replicas or variants. At a higher abstraction level, as a global property of the entire network, diversity and its impact on security have received limited attention. In this paper, we take the first step towards formally modeling network diversity as a security metric for evaluating the robustness of networks against potential zero day attacks. Specifically, we first devise a biodiversity-inspired metric based on the effective number of distinct resources. We then propose two complementary diversity metrics, based on the least and the average attacking efforts, respectively. Finally, we evaluate our algorithm and metrics through simulation. {\textcopyright} 2014 Springer International Publishing Switzerland.",

author = "Lingyu Wang and Mengyuan Zhang and Sushil Jajodia and Anoop Singhal and Massimiliano Albanese",

year = "2014",

doi = "10.1007/978-3-319-11212-1\_28",

language = "English",

isbn = "9783319112114",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "494--511",

booktitle = "Computer Security, ESORICS 2014 - 19th European Symposium on Research in Computer Security, Proceedings",

note = "19th European Symposium on Research in Computer Security, ESORICS 2014 ; Conference date: 07-09-2014 Through 11-09-2014",

}

Wang, L, Zhang, M, Jajodia, S, Singhal, A & Albanese, M 2014, Modeling network diversity for evaluating the robustness of networks against zero-day attacks. in Computer Security, ESORICS 2014 - 19th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Verlag, pp. 494-511, 19th European Symposium on Research in Computer Security, ESORICS 2014, Poland, 7/09/14. https://doi.org/10.1007/978-3-319-11212-1_28

Modeling network diversity for evaluating the robustness of networks against zero-day attacks. / Wang, Lingyu; Zhang, Mengyuan; Jajodia, Sushil et al.
Computer Security, ESORICS 2014 - 19th European Symposium on Research in Computer Security, Proceedings. Springer Verlag, 2014. p. 494-511 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Modeling network diversity for evaluating the robustness of networks against zero-day attacks

AU - Wang, Lingyu

AU - Zhang, Mengyuan

AU - Jajodia, Sushil

AU - Singhal, Anoop

AU - Albanese, Massimiliano

PY - 2014

Y1 - 2014

N2 - The interest in diversity as a security mechanism has recently been revived in various applications, such as Moving Target Defense (MTD), resisting worms in sensor networks, and improving the robustness of network routing. However, most existing efforts on formally modeling diversity have focused on a single system running diverse software replicas or variants. At a higher abstraction level, as a global property of the entire network, diversity and its impact on security have received limited attention. In this paper, we take the first step towards formally modeling network diversity as a security metric for evaluating the robustness of networks against potential zero day attacks. Specifically, we first devise a biodiversity-inspired metric based on the effective number of distinct resources. We then propose two complementary diversity metrics, based on the least and the average attacking efforts, respectively. Finally, we evaluate our algorithm and metrics through simulation. © 2014 Springer International Publishing Switzerland.

AB - The interest in diversity as a security mechanism has recently been revived in various applications, such as Moving Target Defense (MTD), resisting worms in sensor networks, and improving the robustness of network routing. However, most existing efforts on formally modeling diversity have focused on a single system running diverse software replicas or variants. At a higher abstraction level, as a global property of the entire network, diversity and its impact on security have received limited attention. In this paper, we take the first step towards formally modeling network diversity as a security metric for evaluating the robustness of networks against potential zero day attacks. Specifically, we first devise a biodiversity-inspired metric based on the effective number of distinct resources. We then propose two complementary diversity metrics, based on the least and the average attacking efforts, respectively. Finally, we evaluate our algorithm and metrics through simulation. © 2014 Springer International Publishing Switzerland.

UR - https://www.scopus.com/pages/publications/84906511087

UR - https://www.scopus.com/inward/citedby.url?scp=84906511087&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-11212-1_28

DO - 10.1007/978-3-319-11212-1_28

M3 - Conference contribution

SN - 9783319112114

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 494

EP - 511

BT - Computer Security, ESORICS 2014 - 19th European Symposium on Research in Computer Security, Proceedings

PB - Springer Verlag

T2 - 19th European Symposium on Research in Computer Security, ESORICS 2014

Y2 - 7 September 2014 through 11 September 2014

ER -

Wang L, Zhang M, Jajodia S, Singhal A, Albanese M. Modeling network diversity for evaluating the robustness of networks against zero-day attacks. In Computer Security, ESORICS 2014 - 19th European Symposium on Research in Computer Security, Proceedings. Springer Verlag. 2014. p. 494-511. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-11212-1_28

Modeling network diversity for evaluating the robustness of networks against zero-day attacks

Abstract

Publication series

Conference

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this