| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Zieger, Andrej | |
| dc.contributor.author | Freiling, Felix | |
| dc.contributor.author | Kossakowski, Klaus-Peter | |
| dc.date.accessioned | 2020-08-26T09:15:12Z | - |
| dc.date.available | 2020-08-26T09:15:12Z | - |
| dc.date.issued | 2018-5-7 | |
| dc.identifier.uri | http://hdl.handle.net/20.500.12738/943 | - |
| dc.description.abstract | To manage cyber security risks in practice, a simple yet effective method to assess such risks for individual systems is needed. With time-to-compromise (TTC), McQueen et al. (2005) introduced such a metric that measures the expected time that a system remains uncompromised given a specific threat landscape. TTC combines simplicity with expressiveness and therefore has evolved into one of the most successful cybersecurity metrics in practice. We revisit TTC and identify several mathematical and methodological shortcomings which we address by embedding all aspects of the metric into the continuous domain and the possibility to incorporate information about vulnerability characteristics and other cyber threat intelligence into the model. We propose ?-TTC, a formal extension of TTC which includes information from CVSS vectors as well as a continuous attacker skill based on a ?-distribution. We show that our new metric remains simple enough for practical use and gives more realistic predictions than the original TTC by using data from a modern and productively used vulnerability database of a national CERT. | |
| dc.language.iso | en | |
| dc.publisher | IEEE | |
| dc.title | The ?-Time-to-Compromise Metric for Practical Cyber Security Risk Estimation | |
| dc.type | inProceedings | |
| dc.relation.conference | International Conference on IT Security Incident Management & IT Forensics (IMF) ; -Mai ; Hamburg, Germany | |
| tuhh.container.endpage | 133 | |
| tuhh.container.startpage | 115 | |
| tuhh.oai.show | true | en_US |
| tuhh.publication.institute | Department Informatik | |
| tuhh.publication.institute | Fakultät Technik und Informatik | |
| tuhh.publisher.doi | 10.1109/IMF.2018.00006 | |
| tuhh.publisher.url | https://ieeexplore.ieee.org/document/8514838 | |
| tuhh.type.opus | InProceedings (Aufsatz / Paper einer Konferenz etc.) | - |
| dc.type.casrai | Conference Paper | - |
| dc.type.dini | contributionToPeriodical | - |
| dc.type.driver | contributionToPeriodical | - |
| dcterms.DCMIType | Text | - |
| item.creatorGND | Zieger, Andrej | - |
| item.creatorGND | Freiling, Felix | - |
| item.creatorGND | Kossakowski, Klaus-Peter | - |
| item.fulltext | No Fulltext | - |
| item.creatorOrcid | Zieger, Andrej | - |
| item.creatorOrcid | Freiling, Felix | - |
| item.creatorOrcid | Kossakowski, Klaus-Peter | - |
| item.grantfulltext | none | - |
| item.cerifentitytype | Publications | - |
| item.languageiso639-1 | en | - |
| item.openairecristype | http://purl.org/coar/resource_type/c_5794 | - |
| item.openairetype | inProceedings | - |
| crisitem.author.dept | Department Informatik | - |
| crisitem.author.orcid | 0009-0005-9852-7947 | - |
| crisitem.author.parentorg | Fakultät Technik und Informatik | - |
| Appears in Collections: | Publications without full text | |
Add Files to Item
Note about this record
Export
Items in REPOSIT are protected by copyright, with all rights reserved, unless otherwise indicated.