An Analysis of Vulnerability Trends

View/ Open
Date
2000-11-13Author
Browne, Hilary K.
Arbaugh, William A.
McHugh, John
Fithen, William
Metadata
Show full item recordAbstract
We have conducted an empirical study of a number of computer security exploits and determined that the rates at which incidents involving the each exploit
are reported to the CERT can be modeled using a common mathematical framework.
Data associated with three significant exploits involving vulnerabilities in
phf, imap, and bind can all be modeled using the formula C = I + S * sqrt(M)
where C is the cumulative count of reported incidents, M is the time since the
start of the exploit cycle, and I and S are the regression coefficients
determined by analysis of the incident report data. Further analysis of two
additional exploits involving vulnerabilities in mountd and statd confirm the
model. We believe that the models will aid in predicting the severity of
subsequent vulnerability exploitations, based on the rate of early incident
reports.
(Also cross-referenced as UMIACS-TR-2000-76)