当前位置:
X-MOL 学术
›
Comput. Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Quantifiable & Comparable Evaluations of Cyber Defensive Capabilities: A Survey & Novel, Unified Approach
Computers & Security ( IF 5.6 ) Pub Date : 2020-09-01 , DOI: 10.1016/j.cose.2020.101907 Michael D. Iannacone , Robert A. Bridges
Computers & Security ( IF 5.6 ) Pub Date : 2020-09-01 , DOI: 10.1016/j.cose.2020.101907 Michael D. Iannacone , Robert A. Bridges
Metrics and frameworks to quantifiably assess security measures have arisen from needs of three distinct research communities - statistical measures from the intrusion detection and prevention literature, evaluation of cyber exercises, e.g.,red-team and capture-the-flag competitions, and economic analyses addressing cost-versus-security tradeoffs. In this paper we provide two primary contributions to the security evaluation literature - a representative survey, and a novel framework for evaluating security that is flexible, applicable to all three use cases, and readily interpretable. In our survey of the literature we identify the distinct themes from each community's evaluation procedures side by side and flesh out the drawbacks and benefits of each. The evaluation framework we propose includes comprehensively modeling the resource, labor, and attack costs in dollars incurred based on expected resource usage, accuracy metrics, and time. This framework provides a unified approach in that it incorporates the accuracy and performance metrics, which dominate intrusion detection evaluation, the time to detection and impact to data and resources of an attack, favored by educational competitions' metrics, and the monetary cost of many essential security components used in financial analysis. Moreover, it is flexible enough to accommodate each use case, easily interpretable and comparable, and comprehensive in terms of costs considered.Finally, we provide two examples of the framework applied to real-world use cases. Overall, we provide a survey and a grounded, flexible framework with multiple concrete examples for evaluating security which can address the needs of three currently distinct communities.
中文翻译:
网络防御能力的可量化和可比较评估:调查和新颖的统一方法
量化评估安全措施的指标和框架来自三个不同研究团体的需求——来自入侵检测和预防文献的统计措施、网络演习的评估,例如红队和夺旗比赛,以及解决问题的经济分析成本与安全的权衡。在本文中,我们为安全评估文献提供了两个主要贡献 - 一项代表性调查和一个用于评估安全性的新框架,该框架灵活、适用于所有三个用例且易于解释。在我们对文献的调查中,我们从每个社区的评估程序中找出不同的主题,并充实每个主题的缺点和优点。我们提出的评估框架包括对资源、劳动力、以及基于预期资源使用、准确性指标和时间产生的攻击成本(以美元计)。该框架提供了一种统一的方法,因为它结合了在入侵检测评估中占主导地位的准确性和性能指标、检测时间以及对攻击的数据和资源的影响、教育竞赛指标的青睐,以及许多基本要素的货币成本。财务分析中使用的安全组件。此外,它足够灵活以适应每个用例,易于解释和比较,并且考虑的成本全面。最后,我们提供了两个应用于实际用例的框架示例。总体而言,我们提供了一项调查和接地的,
更新日期:2020-09-01
中文翻译:
网络防御能力的可量化和可比较评估:调查和新颖的统一方法
量化评估安全措施的指标和框架来自三个不同研究团体的需求——来自入侵检测和预防文献的统计措施、网络演习的评估,例如红队和夺旗比赛,以及解决问题的经济分析成本与安全的权衡。在本文中,我们为安全评估文献提供了两个主要贡献 - 一项代表性调查和一个用于评估安全性的新框架,该框架灵活、适用于所有三个用例且易于解释。在我们对文献的调查中,我们从每个社区的评估程序中找出不同的主题,并充实每个主题的缺点和优点。我们提出的评估框架包括对资源、劳动力、以及基于预期资源使用、准确性指标和时间产生的攻击成本(以美元计)。该框架提供了一种统一的方法,因为它结合了在入侵检测评估中占主导地位的准确性和性能指标、检测时间以及对攻击的数据和资源的影响、教育竞赛指标的青睐,以及许多基本要素的货币成本。财务分析中使用的安全组件。此外,它足够灵活以适应每个用例,易于解释和比较,并且考虑的成本全面。最后,我们提供了两个应用于实际用例的框架示例。总体而言,我们提供了一项调查和接地的,
京公网安备 11010802027423号