CINECA IRIS Institutional Research Information System
IRIS è l'Anagrafe della ricerca dell'Università degli Studi di Trento, e ha lo scopo di raccogliere, documentare, conservare e diffondere, anche ad accesso aperto, la produzione scientifica degli autori afferenti all'Università degli Studi di Trento.
EnglishIn this paper we present and validate a novel attacker model based on the \ economic notion that the attacker has limited resources to forge a new \ attack. We focus on the vulnerability exploitation case, whereby the \ attacker has to choose whether to exploit a new vulnerability or keep an old \ one. We postulate that most vulnerabilities remain unattacked, and that the \ exploit development cycle relates to software updates rather than to the \ disclosure of new vulnerabilities. We develop a simple mathematical model to \ show the mechanisms underlying our observations and name it ``The Work-Averse Attacker Model''. \ We then leverage Symantec's data sharing \ platform WINE to validate our model by analysing records of attacks against \ more than 1M real systems. We find the `Model of the Work-Averse Attacker' \ to be strongly supported by the data and, in particular, that: (a) the great \ majority of attacks per software version is driven by one vulnerability \ only; (b) an exploit lives two years before being substituted by a new one; \ (c) the exploit arrival rate depends on the software's update rate rather \ than on time or knowledge of the vulnerability.
The Work-Averse Attacker Model / Massacci, Fabio; Allodi, Luca. - (2015). ((Intervento presentato al convegno ECIS 2015 tenutosi a Munster nel 26th May-29th May 2015.
| Titolo: | The Work-Averse Attacker Model |
| Autori: | Massacci, Fabio; Allodi, Luca |
| Autori Unitn: | |
| Titolo del volume contenente il saggio: | ECIS 2015 -Twenty-Third European Conference on Information Systems |
| Luogo di edizione: | Munster |
| Casa editrice: | AIS |
| Anno di pubblicazione: | 2015 |
| Codice identificativo Scopus: | 2-s2.0-85007499811 |
| Handle: | http://hdl.handle.net/11572/117168 |
| Citazione: | The Work-Averse Attacker Model / Massacci, Fabio; Allodi, Luca. - (2015). ((Intervento presentato al convegno ECIS 2015 tenutosi a Munster nel 26th May-29th May 2015. |
| Appare nelle tipologie: | 04.1 Saggio in atti di convegno (Paper in proceedings) |
File in questo prodotto:
| File | Descrizione | Tipologia | Licenza | |
|---|---|---|---|---|
| ecis_work-averse.pdf | Articolo | Versione editoriale (Publisher’s layout) | Tutti i diritti riservati (All rights reserved) | Administrator |
Copyright © 2021