Title :
Antimalware software: Do we measure resilience?
Author :
Ford, Richard ; Carvalho, Marco ; Mayron, Liam ; Bishop, Martin
Author_Institution :
Harris Inst. for Assured Inf., Florida Inst. of Technol., Melbourne, FL, USA
Abstract :
There is great interest in the topic of resilient cyber systems, especially with respect to attacks by malicious software. The challenges of measuring the actual resilience of a system and the ambiguity of the term “resilience” itself cloud much of the accompanying research. In this paper, we examine some of the lessons learned in defining resilience metrics. We argue that such metrics are highly contextual and that a general, quantitative set of metrics for resilience of cyber systems is impractical. Instead, a set of considerations and guidelines for building metrics that are helpful for a particular system are provided. We then consider these metrics in the light of current anti-malware software tests and argue that testing efforts have been primarily directed toward robust systems, not resilient ones. As such, current anti-malware tests tend to push the market toward existing solutions geared toward prevention rather than mitigation and survivability.
Keywords :
invasive software; program testing; software metrics; software reliability; anti-malware software tests; malicious software; resilience metrics; resilient cyber systems; Generators; Guidelines; Malware; Measurement; Resilience; Robustness; Software; Antimalware Software; Metrics; Resilience; Security measurement;
Conference_Titel :
Anti-malware Testing Research (WATeR), 2013 Workshop on
Conference_Location :
Montreal, QC
DOI :
10.1109/WATeR.2013.6707877
