An Experimental Approach for Estimating Cyber Risk: A Proposal Building upon Cyber Ranges and Capture the Flags

Giorgio Di Tizio, Fabio Massacci, Luca Allodi, Stanislav Dashevskyi, Jelena Mirkovic

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

6 Citations (Scopus)

Abstract

Current approaches to estimate the risk of compromise are based on either historical data or pure technical assessments, such as the number and severity of vulnerabilities in the target network. We propose a novel experimental approach for estimating the risk of compromise based on experimental data, as opposed to observational data, by leveraging on cyber ranges and capture the flag exercises. We identify the key design principles in terms of response and explanatory variables, specification of how they can be measured, and the overall block design from related experiments and approaches as well as assess their suitability and limitations.

Original languageEnglish
Title of host publicationProceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020
PublisherInstitute of Electrical and Electronics Engineers
Pages56-65
Number of pages10
ISBN (Electronic)9781728185972
DOIs
Publication statusPublished - Sept 2020
Event5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 - Virtual, Genoa, Italy
Duration: 7 Sept 202011 Sept 2020

Conference

Conference5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020
Country/TerritoryItaly
CityVirtual, Genoa
Period7/09/2011/09/20

Bibliographical note

Funding Information:
This research has been partly funded by the EU under the H2020 Programs H2020-EU.2.1.1-CyberSec4Europe (Grant No. 830929)

Publisher Copyright:
© 2020 IEEE.

Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.

Funding

This research has been partly funded by the EU under the H2020 Programs H2020-EU.2.1.1-CyberSec4Europe (Grant No. 830929)

Keywords

  • CTFs
  • Cyber ranges
  • Risk assessment

Fingerprint

Dive into the research topics of 'An Experimental Approach for Estimating Cyber Risk: A Proposal Building upon Cyber Ranges and Capture the Flags'. Together they form a unique fingerprint.

Cite this