Review of k-Zero Day Safety Network Security Metrics to Measure the Risk on Different Vulnerabilities

Today's computer networks face intelligent attackers who combine multiple vulnerabilities to penetrate networks with destructive impact. The overall network security cannot be determined by simply counting the number of vulnerabilities. Due to the less predictable nature of software flaws we can’t measure the security risk of unknown vulnerabilities. This affects to security metrics, because a safer configuration would be of little value if it were equally vulnerable to zero-day attacks. In this paper, instead of just measuring how much such vulnerability would be required for compromising network assets we can also attempting to rank unknown vulnerabilities. By using collaborative filtering technique to different (types of) zero-day vulnerabilities and novel security metrics for uncertain and dynamic data we propose a Flexible and Robust k-Zero Day Safety security model to rank the zero-day attacks.
DOI: 10.17762/ijritcc2321-8169.160443