Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001
DOI: 10.1109/secpri.2001.924300
|View full text |Cite
|
Sign up to set email alerts
|

A trend analysis of exploitations

Abstract: We have conducted an empirical study of a number of computer security exploits and determined that the rates at which incidents involving the exploit are reported to the CERT can be modeled using a common mathematical framework. Data associated with three significant exploits involving vulnerabilities in phf, imap, and bind can all be modeled using the formula Á · Ë ¢ Ô Å where is the cumulative count of reported incidents, Å is the time since the start of the exploit cycle, and Á and Ë are the regression coef… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
47
0

Publication Types

Select...
5
3
1

Relationship

0
9

Authors

Journals

citations
Cited by 71 publications
(47 citation statements)
references
References 3 publications
0
47
0
Order By: Relevance
“…This information should be provided as well. Finally, the age of the vulnerability is extremely relevant to assess its severity, as shown by this study of the Computer Emergency Response Team (CERT/CC) incidents database [1].…”
Section: Damage Assessment and Alert Qualificationmentioning
confidence: 99%
“…This information should be provided as well. Finally, the age of the vulnerability is extremely relevant to assess its severity, as shown by this study of the Computer Emergency Response Team (CERT/CC) incidents database [1].…”
Section: Damage Assessment and Alert Qualificationmentioning
confidence: 99%
“…These values can be conservative, and can be refined from measures of exploit activity on the Internet (e.g., [BAMF01]). However, it is important to be consistent, and to assign similar values to vulnerabilities with similar difficulties.…”
Section: Attack Difficultymentioning
confidence: 99%
“…Possible approaches for a quantitative perspective of exploitation trends are discussed in [9]. Probabilistic examinations of intrusions have been presented by several researchers [10,11]. In [12], Rescorla has studied vulnerabilities in open source servers.…”
Section: Introductionmentioning
confidence: 99%