An attack volume metric

What is it about?

In the past ten years or so, researchers have been using something called the "attack surface" to understand how vulnerable computer systems are to attacks. This attack surface is like the weak points or entry doors that hackers can use to break into a system. They've come up with different ways to measure how big this attack surface is. Think of it like a castle with many gates. The attack surface is all the ways an intruder can try to get in, whether it's through the front gate, a secret back door, or a hidden tunnel. Researchers have been mostly focusing on these entry points to figure out how easy it is for hackers to get in. But there's a problem. Not all entry points are equally important. Imagine the castle again, but now think about which entry points would cause the most damage if a bad guy got in. It turns out that this depends on a lot of things, like how the castle is built and how it's set up inside. So, in this paper, we're trying to find a better way to measure the risk of a system being hacked. We're not just looking at the entry points; we're also considering how vulnerabilities inside the system are connected and how they can be exploited together. This helps us understand the real impact of a potential attack. We introduce a new idea called "attack volume metrics." This means we're not just looking at the surface of the system but also how deep an attack could go and what it could affect.

Featured Image

Photo by Markus Spiske on Unsplash

Photo by Markus Spiske on Unsplash