An Attack Graph Based Procedure for Risk Estimation of Zero-Day Attacks

Performing risk assessment of computer networks is inevitable when doing network hardening. To have efficient attack prevention, risk evaluation must be done in an accurate and quantitative manner. Such risk assessment requires thorough understanding of attack's causes or vulnerabilities and their related characteristics. But the major problem is that, such information is not always provided because, gathering them is time consuming. Also, there are vulnerabilities that are known by attackers but there is no information about them in databases like NVD. Such vulnerabilities are referred to as unknown or zero day attacks. Existing standards like NVD ignore the effect of unknown attacks in risk assessment of networks. Therefore, they cannot have exact evaluation of security improvement in network hardening. In this paper, we proposed an innovative method for predictive risk evaluation of unknown vulnerabilities.