• DocumentCode
    3116438
  • Title

    A trend analysis of exploitations

  • Author

    Browne, Hilary K. ; Arbaugh, William A. ; McHugh, John ; Fithen, William L.

  • Author_Institution
    Dept. of Comput. Sci., Maryland Univ., College Park, MD, USA
  • fYear
    2001
  • fDate
    2001
  • Firstpage
    214
  • Lastpage
    229
  • Abstract
    We have conducted an empirical study of a number of computer security exploits and determined that the rates at which incidents involving the exploit are reported to CERT can be modeled using a common mathematical framework. Data associated with three significant exploits involving vulnerabilities in phf, imap, and bind can all be modeled using the formula C=I+S×√M where C is the cumulative count of reported incidents, M is the time since the start of the exploit cycle, and I and S are the regression coefficients determined by analysis of the incident report data. Further analysis of two additional exploits involving vulnerabilities in mountd and statd confirm the model. We believe that the models will aid in predicting the severity of subsequent vulnerability exploitations, based on the rate of early incident reports
  • Keywords
    security of data; computer security exploits; exploitations; system intrusions; trend analysis; vulnerabilities; vulnerability exploitation; Computer science; Data analysis; Data mining; Educational institutions; Performance analysis; Predictive models; Regression analysis; Risk management; Software engineering; System software;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium on
  • Conference_Location
    Oakland, CA
  • ISSN
    1081-6011
  • Print_ISBN
    0-7695-1046-9
  • Type

    conf

  • DOI
    10.1109/SECPRI.2001.924300
  • Filename
    924300
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3116438