Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day Attacks

  • Lingyu Wang
  • Mengyuan Zhang
  • Sushil Jajodia
  • Anoop Singhal
  • Massimiliano Albanese
Conference paper

DOI: 10.1007/978-3-319-11212-1_28

Volume 8713 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Wang L., Zhang M., Jajodia S., Singhal A., Albanese M. (2014) Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day Attacks. In: Kutyłowski M., Vaidya J. (eds) Computer Security - ESORICS 2014. ESORICS 2014. Lecture Notes in Computer Science, vol 8713. Springer, Cham

Abstract

The interest in diversity as a security mechanism has recently been revived in various applications, such as Moving Target Defense (MTD), resisting worms in sensor networks, and improving the robustness of network routing. However, most existing efforts on formally modeling diversity have focused on a single system running diverse software replicas or variants. At a higher abstraction level, as a global property of the entire network, diversity and its impact on security have received limited attention. In this paper, we take the first step towards formally modeling network diversity as a security metric for evaluating the robustness of networks against potential zero day attacks. Specifically, we first devise a biodiversity-inspired metric based on the effective number of distinct resources. We then propose two complementary diversity metrics, based on the least and the average attacking efforts, respectively. Finally, we evaluate our algorithm and metrics through simulation.

Keywords

Security Metrics Diversity Network Security Zero Day Attack Network Robustness 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Lingyu Wang
    • 1
  • Mengyuan Zhang
    • 1
  • Sushil Jajodia
    • 2
  • Anoop Singhal
    • 3
  • Massimiliano Albanese
    • 2
  1. 1.Concordia Institute for Information Systems EngineeringConcordia UniversityCanada
  2. 2.Center for Secure Information SystemsGeorge Mason UniversityUSA
  3. 3.Computer Security DivisionNational Institute of Standards and TechnologyUSA