Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Model-Based Evaluation: From Dependability to Security
IEEE Transactions on Dependable and Secure Computing
Computer Security in the 21st Century
Computer Security in the 21st Century
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
AMBRA: automated model-based risk analysis
Proceedings of the 2007 ACM workshop on Quality of protection
Ontology-based generation of IT-security metrics
Proceedings of the 2010 ACM Symposium on Applied Computing
The use of application scanners in software product quality assessment
Proceedings of the 8th international workshop on Software quality
Can we measure security and how?
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
| Hi-index | 0.00 |
A proper security metrics and measurement process is thus a means to automatize security decisions. Unfortunately, so far automatic security evaluation techniques have failed to achieve the performance of security experts. In this paper we argue security metrics are by nature highly unstable in time. Moreover, their effectiveness depends on specific target of evaluation. In this paper we elaborate this finding and we describe our experimental framework with its results.