Abstract
Current approaches to estimate the risk of compromise are based on either historical data or pure technical assessments, such as the number and severity of vulnerabilities in the target network. We propose a novel experimental approach for estimating the risk of compromise based on experimental data, as opposed to observational data, by leveraging on cyber ranges and capture the flag exercises. We identify the key design principles in terms of response and explanatory variables, specification of how they can be measured, and the overall block design from related experiments and approaches as well as assess their suitability and limitations.
Original language | English |
---|---|
Title of host publication | Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 |
Publisher | Institute of Electrical and Electronics Engineers |
Pages | 56-65 |
Number of pages | 10 |
ISBN (Electronic) | 9781728185972 |
DOIs | |
Publication status | Published - Sept 2020 |
Event | 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 - Virtual, Genoa, Italy Duration: 7 Sept 2020 → 11 Sept 2020 |
Conference
Conference | 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 |
---|---|
Country/Territory | Italy |
City | Virtual, Genoa |
Period | 7/09/20 → 11/09/20 |
Bibliographical note
Funding Information:This research has been partly funded by the EU under the H2020 Programs H2020-EU.2.1.1-CyberSec4Europe (Grant No. 830929)
Publisher Copyright:
© 2020 IEEE.
Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.
Funding
This research has been partly funded by the EU under the H2020 Programs H2020-EU.2.1.1-CyberSec4Europe (Grant No. 830929)
Keywords
- CTFs
- Cyber ranges
- Risk assessment