ALDR: A New Metric for Measuring Effective Layering of Defenses

Nathaniel Gordon Boggs; Salvatore Stolfo

ALDR: A New Metric for Measuring Effective Layering of Defenses
Boggs, Nathaniel Gordon
Stolfo, Salvatore
Computer Science
Persistent URL:
Book/Journal Title:
Fifth Layered Assurance Workshop (LAW 2011), Orlando, Florida, December 5-6, 2011
Attackers continually innovate and craft attacks that penetrate existing defenses. New security product purchasing decisions are key in order to keep organizations as secure as possible. Current information available to inform these decisions is often limited to individual security product detection/blocking rates for some test set of attacks. Actual security performance, however, depends on how a security product performs in the context of an organization’s existing security products. Even a security product that tests well on its own may be completely redundant when deployed into an existing environment. We propose a new metric that measures the total security granted by a combination of security products. Also, this metric makes the computation of the added benefit of an additional security product easy. We take the results of each individual security product parsing a certain data set and then, take the union of the results of all security products deployed at that organization. Our metric is the attacks in this union divided by the total attacks in the data set or, in other words, the total detection rate achieved by the whole system. This metric can be computed using existing evaluation techniques and provides a more accurate overall picture of the security posture of an organization as well as a way to measure the real contribution of a specific security product in the context of other security layers.
Computer science
Item views
text | xml
Suggested Citation:
Nathaniel Gordon Boggs, Salvatore Stolfo, , ALDR: A New Metric for Measuring Effective Layering of Defenses, Columbia University Academic Commons, .

Columbia University Libraries | Policies | FAQ