Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day Attacks

被引：0

作者：

Wang, Lingyu ^{[1
]}

Zhang, Mengyuan ^{[1
]}

Jajodia, Sushil ^{[2
]}

Singhal, Anoop ^{[3
]}

Albanese, Massimiliano ^{[2
]}

机构：

[1] Concordia Univ, Concordia Inst Informat Syst Engn, Montreal, PQ, Canada

[2] George Mason Univ, Ctr Secure Informat Syst, Fairfax, VA 22030 USA

[3] Natl Inst Standards & Technol, Comp Secur Div, Gaithersburg, MD USA

来源：

COMPUTER SECURITY - ESORICS 2014, PT II | 2014年 / 8713卷

基金：

加拿大自然科学与工程研究理事会;

关键词：

Security Metrics; Diversity; Network Security; Zero Day Attack; Network Robustness; DESIGN DIVERSITY; WEB SERVERS; SECURITY; VULNERABILITY; SYSTEM;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The interest in diversity as a security mechanism has recently been revived in various applications, such as Moving Target Defense (MTD), resisting worms in sensor networks, and improving the robustness of network routing. However, most existing efforts on formally modeling diversity have focused on a single system running diverse software replicas or variants. At a higher abstraction level, as a global property of the entire network, diversity and its impact on security have received limited attention. In this paper, we take the first step towards formally modeling network diversity as a security metric for evaluating the robustness of networks against potential zero day attacks. Specifically, we first devise a biodiversity-inspired metric based on the effective number of distinct resources. We then propose two complementary diversity metrics, based on the least and the average attacking efforts, respectively. Finally, we evaluate our algorithm and metrics through simulation.

引用

页码：494 / 511

页数：18

共 50 条

[21] An Efficient Hybrid Evolutionary Approach for Identification of Zero-Day Attacks on Wired/Wireless Network System
Alok Kumar Shukla
[J]. Wireless Personal Communications, 2022, 123 : 1 - 29
[22] ZeroWall: Detecting Zero-Day Web Attacks through Encoder-Decoder Recurrent Neural Networks
Tang, Ruming
Yang, Zheng
Li, Zeyan
Meng, Weibin
Wang, Haixin
Li, Qi
Sun, Yongqian
Pei, Dan
Wei, Tao
Xu, Yanfei
Liu, Yan
[J]. IEEE INFOCOM 2020 - IEEE CONFERENCE ON COMPUTER COMMUNICATIONS, 2020, : 2479 - 2488
[23] An Asset-Based Approach to Mitigate Zero-Day Ransomware Attacks
Azzedin, Farag
Suwad, Husam
Rahman, Md Mahfuzur
[J]. CMC-COMPUTERS MATERIALS & CONTINUA, 2022, 73 (02): : 3003 - 3020
[24] Distributed Detection of Zero-Day Network Traffic Flows
Miao, Yuantian
Pan, Lei
Rajasegarar, Sutharshan
Zhang, Jun
Leckie, Christopher
Xiang, Yang
[J]. DATA MINING, AUSDM 2017, 2018, 845 : 173 - 191
[25] Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter?
Holm, Hannes
[J]. 2014 47TH HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS), 2014, : 4895 - 4904
[26] Detection of zero-day attacks: An unsupervised port-based approach
Blaise, Agathe
Bouet, Mathieu
Conan, Vania
Secci, Stefano
[J]. COMPUTER NETWORKS, 2020, 180 (180)
[27] IoTZeroJar: Towards a Honeypot Architecture for Detection of Zero-Day Attacks in IoT
Ellouh, Mahmoud
Ghaleb, Mustafa
Felemban, Muhamad
[J]. Proceedings - 2022 14th IEEE International Conference on Computational Intelligence and Communication Networks, CICN 2022, 2022, : 765 - 771
[28] Training for the unknown: The role of feedback and similarity in detecting zero-day attacks
Ben-Asher, Noam
Gonzalez, Cleotilde
[J]. 6TH INTERNATIONAL CONFERENCE ON APPLIED HUMAN FACTORS AND ERGONOMICS (AHFE 2015) AND THE AFFILIATED CONFERENCES, AHFE 2015, 2015, 3 : 1088 - 1095
[29] Anomaly Detection of Zero-Day Attacks Based on CNN and Regularization Techniques
Ibrahim Hairab, Belal
Aslan, Heba K.
Elsayed, Mahmoud Said
Jurcut, Anca D.
Azer, Marianne A.
[J]. ELECTRONICS, 2023, 12 (03)
[30] Cyber resilience recovery model to combat zero-day malware attacks
Tran, Hiep
Campos-Nanez, Enrique
Fomin, Pavel
Wasek, James
[J]. COMPUTERS & SECURITY, 2016, 61 : 19 - 31

← 1 2 3 4 5 →