An Analysis of Vulnerability Trends

Browne, Hilary K.; Arbaugh, William A.; McHugh, John; Fithen, William

An Analysis of Vulnerability Trends

Files

CS-TR-4200.ps(1.04 MB)

No. of downloads: 616

CS-TR-4200.pdf(185.15 KB)

No. of downloads: 1173

Date

2000-11-13

Authors

Browne, Hilary K.

Arbaugh, William A.

McHugh, John

Fithen, William

Abstract

We have conducted an empirical study of a number of computer security exploits and determined that the rates at which incidents involving the each exploit are reported to the CERT can be modeled using a common mathematical framework. Data associated with three significant exploits involving vulnerabilities in phf, imap, and bind can all be modeled using the formula C = I + S * sqrt(M) where C is the cumulative count of reported incidents, M is the time since the start of the exploit cycle, and I and S are the regression coefficients determined by analysis of the incident report data. Further analysis of two additional exploits involving vulnerabilities in mountd and statd confirm the model. We believe that the models will aid in predicting the severity of subsequent vulnerability exploitations, based on the rate of early incident reports. (Also cross-referenced as UMIACS-TR-2000-76)

URI (handle)

http://hdl.handle.net/1903/1112

Collections

Technical Reports from UMIACS
Technical Reports of the Computer Science Department

Full item page