Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day Attacks

被引：0

作者：

Wang, Lingyu ^{[1
]}

Zhang, Mengyuan ^{[1
]}

Jajodia, Sushil ^{[2
]}

Singhal, Anoop ^{[3
]}

Albanese, Massimiliano ^{[2
]}

机构：

[1] Concordia Univ, Concordia Inst Informat Syst Engn, Montreal, PQ, Canada

[2] George Mason Univ, Ctr Secure Informat Syst, Fairfax, VA 22030 USA

[3] Natl Inst Standards & Technol, Comp Secur Div, Gaithersburg, MD USA

来源：

COMPUTER SECURITY - ESORICS 2014, PT II | 2014年 / 8713卷

基金：

加拿大自然科学与工程研究理事会;

关键词：

Security Metrics; Diversity; Network Security; Zero Day Attack; Network Robustness; DESIGN DIVERSITY; WEB SERVERS; SECURITY; VULNERABILITY; SYSTEM;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The interest in diversity as a security mechanism has recently been revived in various applications, such as Moving Target Defense (MTD), resisting worms in sensor networks, and improving the robustness of network routing. However, most existing efforts on formally modeling diversity have focused on a single system running diverse software replicas or variants. At a higher abstraction level, as a global property of the entire network, diversity and its impact on security have received limited attention. In this paper, we take the first step towards formally modeling network diversity as a security metric for evaluating the robustness of networks against potential zero day attacks. Specifically, we first devise a biodiversity-inspired metric based on the effective number of distinct resources. We then propose two complementary diversity metrics, based on the least and the average attacking efforts, respectively. Finally, we evaluate our algorithm and metrics through simulation.

引用

页码：494 / 511

页数：18

共 50 条

[1] Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero-Day Attacks
Zhang, Mengyuan
Wang, Lingyu
Jajodia, Sushil
Singhal, Anoop
Albanese, Massimiliano
[J]. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2016, 11 (05) : 1071 - 1086
[2] Network Attack Surface: Lifting the Concept of Attack Surface to the Network Level for Evaluating Networks' Resilience Against Zero-Day Attacks
Zhang, Mengyuan
Wang, Lingyu
Jajodia, Sushil
Singhal, Anoop
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2021, 18 (01) : 310 - 324
[3] Defence against the dark art of zero-day attacks
Madou, Matias
[J]. Network Security, 2022, 2022 (11)
[4] Empirical Evaluation of the A3 Environment: Evaluating Defenses Against Zero-Day Attacks
Clark, Shane S.
Paulos, Aaron
Benyo, Brett
Pal, Partha
Schantz, Richard
[J]. PROCEEDINGS 10TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY ARES 2015, 2015, : 80 - 89
[5] Detection of Zero-day Attacks on IoT
Reardon, Shay
Hssayeni, Murtadha D.
Mahgoub, Imadeldin
[J]. 2024 INTERNATIONAL CONFERENCE ON SMART APPLICATIONS, COMMUNICATIONS AND NETWORKING, SMARTNETS-2024, 2024,
[6] Anomaly Detection Based on CNN and Regularization Techniques Against Zero-Day Attacks in IoT Networks
Hairab, Belal Ibrahim
Elsayed, Mahmoud Said
Jurcut, Anca D.
Azer, Marianne A.
[J]. IEEE ACCESS, 2022, 10 : 98427 - 98440
[7] Detection of zero-day attacks in computer networks using combined classification
Gavari Bami, Hamid
Moharamkhani, Elaheh
Zadmehr, Behrouz
Najafpoor, Vahid
Shokouhifar, Mohammad
[J]. CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2022, 34 (27):
[8] Detecting and Analyzing Zero-day Attacks using Honeypots
Musca, Constantin
Mirica, Emma
Deaconescu, Razvan
[J]. 19TH INTERNATIONAL CONFERENCE ON CONTROL SYSTEMS AND COMPUTER SCIENCE (CSCS 2013), 2013, : 543 - 548
[9] Effective Defence Against Zero-Day Exploits Using Bayesian Networks
Li, Tingting
Hankin, Chris
[J]. CRITICAL INFORMATION INFRASTRUCTURES SECURITY (CRITIS 2016), 2018, 10242 : 123 - 136
[10] Protecting Embedded Systems from Zero-Day Attacks
Taylor, Stephen
[J]. NAECON 2018 - IEEE NATIONAL AEROSPACE AND ELECTRONICS CONFERENCE, 2018, : 165 - 168

← 1 2 3 4 5 →