Information Technology Reference
In-Depth Information
In a further case, the overall number of attacks reaches
ns
A
asymptotically.
As an example, the number of attacks in an interval of time sharply increases
after discovering V and then approaches zero in a few intervals of time after this
maximum. This behavior may be modeled by a Weibull distribution so that the
number of attacks executed at
ta
+
δt, δt >
0, is
ns
A
∗
W
(
δ
t) where
e
−
(
δ
α
)
γ
W
(
δt
)=1
−
α
and
γ
determine both the shape of W(t) and the standard deviation. The
lattergoestozeroas
γ
increases. In this case, the overall loss in the revenues
may be approximated as
e
−
(
v
α
)
γ
)
Uloss
A
·
ns
A
·
vw
·
(1
−
Again, this value may be computed starting from the probability distribution of
the window size.
3
Future Developments
This section briefly outlines some developments of our work by discussing the
case of an infrastructure with several vulnerabilities. Then, we also how the 0-
delay model can contribute to the debates on ”security through obscurity” and
on the security advantages of open source components. A further, fundamental,
problem to be considered concerns the validation of the theoretical model results
against those of some real billing infrastructure. Access to real data is fairly
complex because it is well known that owners are not willing to reveal such data.
3.1
Infrastructure with Several Vulnerabilities
In an infrastructure with several vulnerabilities, the worst case for the defender
is when the vulnerabilities are independent, because the discovery of one vulner-
ability does not improve that of discovering the other ones. In the case of such
an infrastructure, we assume that attackers and defenders may be assigned to a
vulnerability. This is not a contradiction even if no a priori information on the
vulnerabilities is available, because we assume that each attacker and each de-
fender consider just one component of the infrastructure. Hence, two defenders
or two attackers are assigned to distinct vulnerabilities if they consider distinct
components. This assumption implies that each vulnerability is always paired
with exactly one component even if it arises because of the interactions among
several components. The component a vulnerability
V
i
is paired with determines
two important parameters namely the loss in the infrastructure revenue for unit
of time due to attacks enabled by
V
i
and the probability
p
i
of finding
V
i
.If
these parameters are known, the 0-delay model, or the constant-delay one, can
be applied to compute the average loss due to
V
i
or the number of defenders to
be assigned to
V
i
to reduce such a loss under some predefined threshold.
However, the most interesting problem to be solved is the relation among
the loss due to each vulnerability and the overall allocation of attackers and
