Prioritizing Vulnerability Remediation by Determining Attacker-Targeted Vulnerabilities

TitlePrioritizing Vulnerability Remediation by Determining Attacker-Targeted Vulnerabilities
Publication TypeJournal Articles
Year of Publication2009
AuthorsCukier M, Panjwani S
JournalSecurity Privacy, IEEE
Volume7
Issue1
Pagination42 - 48
Date Published2009/02//jan
ISBN Number1540-7993
Keywordsattacker-targeted vulnerabilities, intrusion detection, malicious connections, security of data, vulnerability remediation, Windows service pack
Abstract

This article attempts to empirically analyze which vulnerabilities attackers tend to target in order to prioritize vulnerability remediation. This analysis focuses on the link between malicious connections and vulnerabilities, where each connection is considered malicious. Attacks requiring multiple connections are counted as multiple attacks. As the number of connections increases, so does the cost of recovering from the intrusion. The authors deployed four honey pots for four months, each running a different Windows service pack with its associated set of vulnerabilities. They then performed three empirical analyses to determine the relationship between the number of malicious connections and the total number of vulnerabilities, the number of malicious connections and the number of the vulnerabilities for different services, and the number of known successful attacks and the number of vulnerabilities for different services.

DOI10.1109/MSP.2009.13