An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags

IRIS

Current approaches to estimate the risk of compromise are based on either historical data or pure technical assessments, such as the number and severity of vulnerabilities in the target network. We propose a novel experimental approach for estimating the risk of compromise based on experimental data, as opposed to observational data, by leveraging on cyber ranges and capture the flag exercises. We identify the key design principles in terms of response and explanatory variables, specification of how they can be measured, and the overall block design from related experiments and approaches as well as assess their suitability and limitations.

An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags / Di Tizio, Giorgio; Massacci, Fabio; Allodi, Luca; Dashevskyi, Stanislav; Mirkovic, Jelena. - ELETTRONICO. - (2020), pp. 56-65. (Intervento presentato al convegno CACOE tenutosi a Virtual Event nel 7th September 2020) [10.1109/EuroSPW51379.2020.00016].

An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags

Di Tizio, Giorgio;Massacci, Fabio;Allodi, Luca;Dashevskyi, Stanislav;Mirkovic, Jelena

2020-01-01

Abstract

Current approaches to estimate the risk of compromise are based on either historical data or pure technical assessments, such as the number and severity of vulnerabilities in the target network. We propose a novel experimental approach for estimating the risk of compromise based on experimental data, as opposed to observational data, by leveraging on cyber ranges and capture the flag exercises. We identify the key design principles in terms of response and explanatory variables, specification of how they can be measured, and the overall block design from related experiments and approaches as well as assess their suitability and limitations.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno di pubblicazione (Date of publication)
	
			2020
		
	Titolo del volume (Proceedings title)
	
			EUROS&PW 2020
		
	Luogo di edizione (Place of publication)
	
			Washington
		
	Casa editrice (Publisher)
	
			IEEE Computer Society
		
	ISBN
	
			978-1-7281-8597-2
		
	Codice Scopus (Scopus Identifier)
	
			2-s2.0-85097082419
		
	Codice WOS (WOS identifier)
	
			WOS:000630275400007
		
	Tutti gli autori
	
			Di Tizio, Giorgio; Massacci, Fabio; Allodi, Luca; Dashevskyi, Stanislav; Mirkovic, Jelena
		
	Citazione
	
			An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags / Di Tizio, Giorgio; Massacci, Fabio; Allodi, Luca; Dashevskyi, Stanislav; Mirkovic, Jelena. - ELETTRONICO. - (2020), pp. 56-65. (Intervento presentato al  convegno CACOE tenutosi a Virtual Event nel 7th September 2020) [10.1109/EuroSPW51379.2020.00016].
		
	Appare nelle tipologie:
	
			04.1 Saggio in atti di convegno (Paper in Proceedings)

File in questo prodotto:

File	Dimensione	Formato
An_Experimental_Approach_for_Estimating_Cyber_Risk_a_Proposal_Building_upon_Cyber_Ranges_and_Capture_the_Flags.pdf Solo gestori archivio Tipologia: Versione editoriale (Publisher’s layout) Licenza: Tutti i diritti riservati (All rights reserved) Dimensione 157.41 kB Formato Adobe PDF Visualizza/Apri	157.41 kB	Adobe PDF	Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/278390

Citazioni

ND

5

1

social impact