Measuring vulnerabilities and their exploitation cycle

Evangelos Morakis, Stilianos Vidalis, Andrew Blyth

Research output: Contribution to journalArticlepeer-review

8 Citations (Scopus)


In a world ruled by chaotic causality, Heisenberg's uncertainty principle is only a natural limitation. Analysts only have their personal logic, experience and intuition to depend on in order to make judgments regarding the safety of a system. However, today's analysts are getting bombarded with large amounts of data coming from all kinds of security-related products, such as vulnerability scanners, anti-viruses, firewalls etc, causing information overload and data congestion. Thus, the question remains: How can analysts make a correct judgment regarding the vulnerabilities from which a system is suffering, especially when all the ammunition he/she possesses can not deal with such a complex, ever-changing environment? To this end, we believe that structuring knowledge/information regarding a specific domain in an object-oriented hierarchy tree, and providing a formal model to reason and construct possible scenarios of attacks, will provide an analyst with the necessary ammunition.

Original languageEnglish
Pages (from-to)45-55
Number of pages11
JournalInformation Security Technical Report
Issue number4
Publication statusPublished - 1 Apr 2003


Dive into the research topics of 'Measuring vulnerabilities and their exploitation cycle'. Together they form a unique fingerprint.

Cite this