Methodologies to develop quantitative risk evaluation metrics

Thaier K.A. Hamid; Carsten Maple; Paul Sant

doi:10.5120/7416-0413

Methodologies to develop quantitative risk evaluation metrics

Thaier K.A. Hamid
, Carsten Maple
, Paul Sant

Research output: Contribution to journal › Article › peer-review

5 Downloads (Pure)

Abstract

The goal of this work is to advance a new methodology to measure a severity cost for each host using the Common Vulnerability Scoring System (CVSS) based on base, temporal and environmental metrics by combining related sub-scores to produce a unique severity cost by modeling the problem's parameters in to a mathematical framework. We build our own CVSS Calculator using our equations to simplify the calculations of the vulnerabilities scores and to benchmark with other models. We design and develop a new approach to represent the cost assigned to each host by dividing the scores of the vulnerabilities to two main levels of privileges, user and root, and we classify these levels into operational levels to identify and calculate the severity cost of multi steps vulnerabilities. Finally we implement our framework on a simple network, using Nessus scanner as tool to discover known vulnerabilities and to implement the results to build and represent our cost centric attack graph.

Original language	English
Pages (from-to)	17-24
Journal	International Journal of Computer Applications
Volume	48
Issue number	14
DOIs	https://doi.org/10.5120/7416-0413
Publication status	Published - 1 Jan 2012

Keywords

quantifying security

Access to Document

10.5120/7416-0413

Pxc3880413Final published version, 597 KBLicence: CC BY-NC-ND

http://research.ijcaonline.org/volume48/number14/pxc3880413.pdf

Handle.net

Persistent link

Cite this

@article{9bcc02febd5e4823b71ad0f65134b23a,

title = "Methodologies to develop quantitative risk evaluation metrics",

abstract = "The goal of this work is to advance a new methodology to measure a severity cost for each host using the Common Vulnerability Scoring System (CVSS) based on base, temporal and environmental metrics by combining related sub-scores to produce a unique severity cost by modeling the problem's parameters in to a mathematical framework. We build our own CVSS Calculator using our equations to simplify the calculations of the vulnerabilities scores and to benchmark with other models. We design and develop a new approach to represent the cost assigned to each host by dividing the scores of the vulnerabilities to two main levels of privileges, user and root, and we classify these levels into operational levels to identify and calculate the severity cost of multi steps vulnerabilities. Finally we implement our framework on a simple network, using Nessus scanner as tool to discover known vulnerabilities and to implement the results to build and represent our cost centric attack graph.",

keywords = "quantifying security",

author = "Hamid, \{Thaier K.A.\} and Carsten Maple and Paul Sant",

year = "2012",

month = jan,

day = "1",

doi = "10.5120/7416-0413",

language = "English",

volume = "48",

pages = "17--24",

journal = "International Journal of Computer Applications",

issn = "0975-8887",

number = "14",

}

TY - JOUR

T1 - Methodologies to develop quantitative risk evaluation metrics

AU - Hamid, Thaier K.A.

AU - Maple, Carsten

AU - Sant, Paul

PY - 2012/1/1

Y1 - 2012/1/1

N2 - The goal of this work is to advance a new methodology to measure a severity cost for each host using the Common Vulnerability Scoring System (CVSS) based on base, temporal and environmental metrics by combining related sub-scores to produce a unique severity cost by modeling the problem's parameters in to a mathematical framework. We build our own CVSS Calculator using our equations to simplify the calculations of the vulnerabilities scores and to benchmark with other models. We design and develop a new approach to represent the cost assigned to each host by dividing the scores of the vulnerabilities to two main levels of privileges, user and root, and we classify these levels into operational levels to identify and calculate the severity cost of multi steps vulnerabilities. Finally we implement our framework on a simple network, using Nessus scanner as tool to discover known vulnerabilities and to implement the results to build and represent our cost centric attack graph.

AB - The goal of this work is to advance a new methodology to measure a severity cost for each host using the Common Vulnerability Scoring System (CVSS) based on base, temporal and environmental metrics by combining related sub-scores to produce a unique severity cost by modeling the problem's parameters in to a mathematical framework. We build our own CVSS Calculator using our equations to simplify the calculations of the vulnerabilities scores and to benchmark with other models. We design and develop a new approach to represent the cost assigned to each host by dividing the scores of the vulnerabilities to two main levels of privileges, user and root, and we classify these levels into operational levels to identify and calculate the severity cost of multi steps vulnerabilities. Finally we implement our framework on a simple network, using Nessus scanner as tool to discover known vulnerabilities and to implement the results to build and represent our cost centric attack graph.

KW - quantifying security

U2 - 10.5120/7416-0413

DO - 10.5120/7416-0413

M3 - Article

SN - 0975-8887

VL - 48

SP - 17

EP - 24

JO - International Journal of Computer Applications

JF - International Journal of Computer Applications

IS - 14

ER -

Methodologies to develop quantitative risk evaluation metrics

Abstract

Keywords

Access to Document

Handle.net

Fingerprint

Cite this