William Fithen scite author profile

We have conducted an empirical study of a number of computer security exploits and determined that the rates at which incidents involving the exploit are reported to the CERT can be modeled using a common mathematical framework. Data associated with three significant exploits involving vulnerabilities in phf, imap, and bind can all be modeled using the formula Á · Ë ¢ Ô Å where is the cumulative count of reported incidents, Å is the time since the start of the exploit cycle, and Á and Ë are the regression coefficients determined by analysis of the incident report data. Further analysis of two additional exploits involving vulnerabilities in mountd and statd confirm the model. We believe that the models will aid in predicting the severity of subsequent vulnerability exploitations, based on the rate of early incident reports. A Trend Analysis of Exploitations AbstractWe have conducted an empirical study of a number of computer security exploits and determined that the rates at which incidents involving the exploit are reported to the CERT can be modeled using a common mathematical framework. Data associated with three significant exploits involving vulnerabilities in phf, imap, and bind can all be modeled using the formula Á · Ë ¢ Ô Å where is the cumulative count of reported incidents, Å is the time since the start of the exploit cycle, and Á and Ë are the regression coefficients determined by analysis of the incident report data. Further analysis of two additional exploits involving vulnerabilities in mountd and statd confirm the model. We believe that the models will aid in predicting the severity of subsequent vulnerability exploitations, based on the rate of early incident reports.

show abstract

Formal modeling of vulnerability

Fithen

Hernan

O'Rourke³

et al. 2004

Bell Labs Tech. J.

View full text Add to dashboard Cite

Windows of vulnerability: a case study analysis

Arbaugh¹,

Fithen

McHugh³

2000

Computer

172

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

William Fithen

State of the Practice of Intrusion Detection Technologies

A trend analysis of exploitations

Formal modeling of vulnerability

Windows of vulnerability: a case study analysis

Contact Info

Product

Resources

About