A review of algorithms for determination of attackability metrics

Abstract

Attackability is a concept proposed recently in literature to measure the extent that a software system or service could be the target of a successful attack. A Holistic predictive attackability metrics model has been proposed in our previous study. Metrics derived from this model, their theoretical and empirical validation were proposed and evaluated. The method of measurement of these metrics is largely manual this paper illustrates algorithms that can be adopted with suitable tools to automate the collections of the attackability metrics.