Information Technology Reference
In-Depth Information
na, nd
), the probability
that the size of the window is zero because the defenders discover the vulnera-
bility before the attackers:
Starting from this result, we can compute
P
(
vw
=0
|
∞
Pd
(
nd
)
P
(
vw
=0
|
na, nd
)=1
−
P
(
vw
=
i
|
na, nd
)=
(1
−
(1
−
Pa
(
na
)))
·
(1
−
Pd
(
nd
))
i
=1
Taking into account that a loss occurs if and only if
vw
≥
1, we have that
∞
Av
(
I
(
na, nd
)) =
Uloss
A
·
ns
A
·
i
·
P
(
vw
=
i
|
na, nd
)
i
=1
that can be further simplified to
1
−
Pd
(
nd
)
Av
(
I
(
na, nd
))=
Uloss
A
·
ns
A
·
Pa
(
na
)
Pd
(
nd
)
·
(1
−
(1
−
Pa
(
na
))
·
(1
−
Pd
(
nd
)))
By replacing
Pd(nd)
and
Pa(na)
, according to (1), and then both
Pd(1)
and
Pa(1)
by
p
,wehavethat
−
−
p
)
na
)
·
−
p
)
nd
(1
(1
(1
Aver
(
I
(
na, nd
)) =
Uloss
A
·
ns
A
·
(1
−
(1
−
p
)
nd
)
·
(1
−
(1
−
p
)
na
+
nd
)
Taking into account that
p
is fairly small because
δ
t is small, we can exploit
q
)
n
−
≈
−
q
·
n
and rewrite the equation for the average impact as follows:
(1
1
1
−
p
·
nd
Aver
(
I
(
na, nd
))
≈
Uloss
A
·
(1 +
nd
p
·
nd
·
na
)
q
)
n
n
may be applied to the probability
that no loss occurs as well. In this way, we can deduce that:
The approximation (1
−
≈
1
−
q
·
1
1+
n
nd
P
(
vw
=0
|
na, nd
)
≈
Hence, the probability that no loss occurs
-
depends upon the ratio between the number of attackers and of defenders
rather than upon both the number of attackers and the one of defenders
-
is independent of the probability that an attacker or a defender finds V.
To increase the accuracy of the approximation, we can reduce
δ
tsothat
p
is
reduced too. However,
δ
t cannot be arbitrary small because it has to be larger
than both the time to define and implement an attack and the one to patch the
infrastructure.
By deriving
Aver(I(na, nd))
with respect to
nd
and
na
, we can verify that
lower number of defenders and/or larger number of attackers always result into
larger impacts because of larger vulnerability windows.
