Show simple item record

dc.contributor.authorHamid, Thaier K.A.en_GB
dc.contributor.authorMaple, Carstenen_GB
dc.contributor.authorSant, Paulen_GB
dc.date.accessioned2013-04-07T16:07:35Z
dc.date.available2013-04-07T16:07:35Z
dc.date.issued2012
dc.identifier.citationThaier Hamid, Carsten Maple and Paul Sant, (2012) 'Methodologies to Develop Quantitative Risk Evaluation Metrics' 48 (14):17-24 International Journal of Computer Applicationsen_GB
dc.identifier.issn0975-8887
dc.identifier.doi10.5120/7416-0413
dc.identifier.urihttp://hdl.handle.net/10547/279153
dc.description.abstractThe goal of this work is to advance a new methodology to measure a severity cost for each host using the Common Vulnerability Scoring System (CVSS) based on base, temporal and environmental metrics by combining related sub-scores to produce a unique severity cost by modeling the problem's parameters in to a mathematical framework. We build our own CVSS Calculator using our equations to simplify the calculations of the vulnerabilities scores and to benchmark with other models. We design and develop a new approach to represent the cost assigned to each host by dividing the scores of the vulnerabilities to two main levels of privileges, user and root, and we classify these levels into operational levels to identify and calculate the severity cost of multi steps vulnerabilities. Finally we implement our framework on a simple network, using Nessus scanner as tool to discover known vulnerabilities and to implement the results to build and represent our cost centric attack graph.
dc.language.isoenen
dc.publisherFCS - Foundation of Computer Science, USAen_GB
dc.relation.urlhttp://research.ijcaonline.org/volume48/number14/pxc3880413.pdfen_GB
dc.rightsArchived with thanks to International Journal of Computer Applicationsen_GB
dc.subjectquantifying securityen_GB
dc.subjectCvssv2en_GB
dc.titleMethodologies to develop quantitative risk evaluation metricsen
dc.typeArticleen
dc.identifier.journalInternational Journal of Computer Applicationsen_GB
html.description.abstractThe goal of this work is to advance a new methodology to measure a severity cost for each host using the Common Vulnerability Scoring System (CVSS) based on base, temporal and environmental metrics by combining related sub-scores to produce a unique severity cost by modeling the problem's parameters in to a mathematical framework. We build our own CVSS Calculator using our equations to simplify the calculations of the vulnerabilities scores and to benchmark with other models. We design and develop a new approach to represent the cost assigned to each host by dividing the scores of the vulnerabilities to two main levels of privileges, user and root, and we classify these levels into operational levels to identify and calculate the severity cost of multi steps vulnerabilities. Finally we implement our framework on a simple network, using Nessus scanner as tool to discover known vulnerabilities and to implement the results to build and represent our cost centric attack graph.


Files in this item

Thumbnail
Name:
pxc3880413.pdf
Size:
597.3Kb
Format:
PDF
Description:
Full-text article

This item appears in the following Collection(s)

Show simple item record