Measuring Security Risks Research Articles

A Study on the Measuring Methods of Website Security Risk Rate

Traditionally, website security risks are measured using static analysis based on patterns and dynamic analysis by accessing websites with user devices. Recently, similarity hash-based website security risk analysis and machine learning-based website security risk analysis methods have been proposed. In this study, we propose a technique to measure website risk by collecting public information on the Internet. Publicly available DNS information, IP information, and website reputation information were used to measure security risk. Website reputation information includes global traffic rankings, malware distribution history, and HTTP access status. In this study, we collected public information on a total of 2000 websites, including 1000 legitimate domains and 1000 malicious domains, to assess their security risk. We evaluated 11 categories of public information collected by the Korea Internet & Security Agency, an international domain registrar. Through this study, public information about websites can be collected and used to measure website security risk.

Detecting and Measuring Security Risks of Hosting-Based Dangling Domains

Public hosting services offer a convenient and secure option for creating web applications. However, adversaries can take over a domain by exploiting released service endpoints, leading to hosting-based domain takeover. This threat has affected numerous popular websites, including the subdomains of microsoft.com. However, no effective detection system for identifying vulnerable domains at scale exists to date. This paper fills the research gap by presenting a novel framework, HostingChecker, for detecting domain takeovers. HostingChecker expands detection scope and improves efficiency compared to previous work by: (i) identifying vulnerable hosting services using a semi-automated method; and (ii) detecting vulnerable domains through passive reconstruction of domain dependency chains. The framework enables us to detect the subdomains of Tranco sites on a daily basis. It discovers 10,351 vulnerable subdomains under Tranco Top-1M apex domains, which is over 8× more than previous findings, demonstrating its effectiveness. Furthermore, we conduct an in-depth security analysis on the affected vendors (e.g., Amazon, Alibaba) and gain a suite of new insights, including flawed domain ownership validation implementation. In the end, we have reported the issues to the security response centers of affected vendors, and some (e.g., Baidu and Tencent) have adopted our mitigation. The full paper is provided in [2].

Detecting and Measuring Security Risks of Hosting-Based Dangling Domains

Public hosting services provide convenience for domain owners to build web applications with better scalability and security. However, if a domain name points to released service endpoints (e.g., nameservers allocated by a provider), adversaries can take over the domain by applying the same endpoints. Such a security threat is called "hosting-based domain takeover''. In recent years, a large number of domain takeover incidents have occurred; even well-known websites like the subdomains of microsoft.com have been impacted. However, until now, there has been no effective detection system to identify these vulnerable domains on a large scale. In this paper, we fill this research gap by presenting a novel framework, HostingChecker, for detecting domain takeovers. Compared with previous work, HostingChecker expands the detection scope and improves the detection efficiency by: (i) systematically identifying vulnerable hosting services using a semi-automated method; and (ii) effectively detecting vulnerable domains through passive reconstruction of domain dependency chains. The framework enables us to detect the subdomains of Tranco sites on a daily basis. We evaluate the effectiveness of HostingChecker and eventually detect 10,351 subdomains from Tranco Top-1M apex domains vulnerable to domain takeover, which are over 8× more than previous findings. Furthermore, we conduct an in-depth security analysis on the affected vendors, like Amazon and Alibaba, and gain a suite of new insights, including flawed implementation of domain ownership validation. Following responsible disclosure processes, we have reported issues to the security response centers of affected vendors, and some (e.g., Baidu and Tencent) have adopted our mitigation.

Automatic system for measuring security risk of Android application from third party app store

Third party app stores are being used by people to pick up cracked or free Android apps. Hackers make use of these stores to distribute malicious apps. So, the level of security risk of downloading and using apps from such stores will be helpful for people who want to use the store. We implement an automatic system that downloads and analyzes every app. Our preliminary result shows that around half of apps from two app stores interesting to us are already known malware. Copyright © 2016 John Wiley & Sons, Ltd.

IT security planning under uncertainty for high-impact events

While many IT security incidents result in relatively minor operational disruptions or minimal recovery costs, occasionally high-impact security breaches can have catastrophic effects on the firm. Unfortunately, measuring security risk and planning for countermeasures or mitigation is a difficult task. Past research has suggested risk metrics which may be beneficial in understanding and planning for security incidents, but most of these metrics are aimed at identifying expected overall loss and do not directly address the identification of, or planning for, sparse events which might result in high-impact loss. The use of an upper percentile value or some other worst-case measure has been widely discussed in the literature as a means of stochastic optimization, but has not been applied to this decision domain. A key requirement in security planning for any threat scenario, expected or otherwise, is the ability to choose countermeasures optimally with regard to tradeoffs between countermeasure cost and remaining risk. Most of the planning models in the literature are qualitative, and none that we are aware of allow for the optimal determination of these tradeoffs. Therefore, we develop a model for optimally choosing countermeasures to block or mitigate security attacks in the presence of a given threat level profile. We utilize this model to examine scenarios under both expected threat levels and worst-case levels, and develop budget-dependent risk curves. These curves demonstrate the tradeoffs which occur if decision makers divert budgets away from planning for ordinary risk in an effort to mitigate the effects of potential high-impact outcomes.

A Scalable Approach to Analyzing Network Security using Compact Attack Graphs

The compact attack graphs implicitly reveal the threat of sophisticated multi-step attacks by enumerating possible sequences of exploits leading to the compromising given critical resources in enterprise networks with thousands of hosts. For security analysts, the challenge is how to analyze the complex attack graphs with possible ten thousands of nodes for defending the security of network. In the paper, we will essentially discuss three issues about it. The first is to compute non-loop attack paths with the distance less than the given number that the real attacker may take practically in realistic attack scenarios. The second is how to measure security risk of the given critical resources. The third is to find the solution to removing vulnerabilities in such a way that given critical resources cannot be compromised while the cost for such removal incurs the least cost. We propose the scalable approach to solve the above three issues respectively. The approach is proved to have a polynomial time complexity and can scale to the attack graphs with ten thousands of nodes corresponding large enterprise networks.