In this paper we present and validate a novel attacker model based on the \ economic notion that the attacker has limited resources to forge a new \ attack. We focus on the vulnerability exploitation case, whereby the \ attacker has to choose whether to exploit a new vulnerability or keep an old \ one. We postulate that most vulnerabilities remain unattacked, and that the \ exploit development cycle relates to software updates rather than to the \ disclosure of new vulnerabilities. We develop a simple mathematical model to \ show the mechanisms underlying our observations and name it ``The Work-Averse Attacker Model''. \ We then leverage Symantec's data sharing \ platform WINE to validate our model by analysing records of attacks against \ more than 1M real systems. We find the `Model of the Work-Averse Attacker' \ to be strongly supported by the data and, in particular, that: (a) the great \ majority of attacks per software version is driven by one vulnerability \ only; (b) an exploit lives two years before being substituted by a new one; \ (c) the exploit arrival rate depends on the software's update rate rather \ than on time or knowledge of the vulnerability.
The Work-Averse Attacker Model / Massacci, Fabio; Allodi, Luca. - (2015). ((Intervento presentato al convegno ECIS 2015 tenutosi a Munster nel 26th May-29th May 2015.
Titolo: | The Work-Averse Attacker Model |
Autori: | Massacci, Fabio; Allodi, Luca |
Autori Unitn: | |
Titolo del volume contenente il saggio: | ECIS 2015 -Twenty-Third European Conference on Information Systems |
Luogo di edizione: | Munster |
Casa editrice: | AIS |
Anno di pubblicazione: | 2015 |
Codice identificativo Scopus: | 2-s2.0-85007499811 |
Handle: | http://hdl.handle.net/11572/117168 |
Citazione: | The Work-Averse Attacker Model / Massacci, Fabio; Allodi, Luca. - (2015). ((Intervento presentato al convegno ECIS 2015 tenutosi a Munster nel 26th May-29th May 2015. |
Appare nelle tipologie: | 04.1 Saggio in atti di convegno (Paper in proceedings) |
File in questo prodotto:
File | Descrizione | Tipologia | Licenza | |
---|---|---|---|---|
ecis_work-averse.pdf | Articolo | Versione editoriale (Publisher’s layout) | Tutti i diritti riservati (All rights reserved) | Administrator |