Department of Information Technology

Permanent URI for this collectionhttp://erepository.kibu.ac.ke/handle/123456789/187

Browse

Browsing Department of Information Technology by Subject "attackability"

Filter results by typing the first few letters
Now showing 1 - 3 of 3
  • Thumbnail Image
    Item
    Experimental validation of the technical attack ability metrics model
    (International Journal of Information and Communication Technology Research, 2013) Mbuguah, Samuel Mungai; Mwangi, Waweru; Song, Pang Chol; Muchiri, Geoffrey Muketha
    Computer systems have become gradually and fully embedded into our daily activities. Software based systems attackers have noted these dependency, and have increased the number of attacks of such systems. Software managers and designers require a means of predicting the Attackability of system at the design state. Attackability is a concept proposed recently in literature to measure the extent that a software system or service could be the target of a successful attack. These authors have published such a conceptual model called the Holistic predictive attackability metric model for secure service oriented software. Holistic in that it comprises of a social and technical aspect. This paper is considers experimental validation of the technical metrics part of model only. The technical part uses internal software attributes; complexity cohesion and coupling (3C’s) to predict attackability an external attribute. Pilot experiments were conducted with selected objects from which relationship between Attackability and the corresponding attribute was established. A model was generated for each after carrying out Kendall Tau-b correlation, performing regression testing and curve estimation using SPSS software package. The results were then combined to generate Mean Technical attackability model metrics, which was validated through sample 12 software. Jhawk tool was used measure the 3C’s for each software. The data were to used to generate Calculated mean Technical attackability metrics. The results were tabulated against the measured mean attackability. Pearson correlation and regression testing analysis were performed. The results indicates the model and the corresponding metrics could be used in predicting the mean Technical attackability of a software system.
  • Thumbnail Image
    Item
    A review of algorithms for determination of attackability metrics
    (Journal of Emerging Trends in Computing and Information Sciences, 2014) Mbuguah, Samuel Mungai; Muketha, Geoffrey Muchiri; Wabwoba, Franklin
    Attackability is a concept proposed recently in literature to measure the extent that a software system or service could be the target of a successful attack. A Holistic predictive attackability metrics model has been proposed in our previous study. Metrics derived from this model, their theoretical and empirical validation were proposed and evaluated. The method of measurement of these metrics is largely manual this paper illustrates algorithms that can be adopted with suitable tools to automate the collections of the attackability metrics.
  • Thumbnail Image
    Item
    Social attackability metrics for software systems
    (International Journal of Information and Communication Technology Research, 2013) Mbuguah, Samuel Mungai; Mwangi, Waweru; Song, Pang Chol; Muketha, Geoffrey Muchiri
    Software based system have become ubiquitous in modern day activities. Software system based system are being increasing attacked, leading to the need for software system administrators, and managers to have some metrics at predicting the social engineering attackability of a such system. Researchers have identified seven human traits/attributes that make human susceptible to social engineering attacks. Yet they did not model nor come up metrics. The author has published a conceptual a holistic predictive attackability metric model and corresponding metrics to assist the system designers. The model considers the technical metrics based on cohesion, coupling and complexity as used to predict attackability. It also consider the social metrics based on human traits that make the human operators become susceptible to social engineering attacks. The identified human traits are dishonesty, social compliance, Kindness,Time pressure, Herd mentality, greed/need and distraction. This paper considers only the social metrics part of the model.To measure human traits the authors relies on the HEXACO model and Big Five personality trait models. In these model the personality trait are measured using a ranking scale based on Lickert scale. Hence each trait is measured as a percentile. However, for purpose of this paper, to postulate the metric the author considered the discrete case. Why the value of trait take either a value of “1” or “0”. To determine the relationship between traits between and attackability experts were asked to assess the trait versus attackability from which after aggregating for all traits a social attackability metrics was determined. To determine the predictive social attackability metrics each trait was considered to be equally likely to occur and hence a probability of 1/7 and this acts as factor to transform the social attackability metric into predictive attackability metrics.