Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Deana Shick
December 2018 - White Paper Towards Improving CVSS

Topics: Vulnerability Analysis

This paper outlines challenges with the Common Vulnerability Scoring System (CVSS).

May 2016 - Technical Report Using Honeynets and the Diamond Model for ICS Threat Analysis

Topics: Vulnerability Analysis

This report presents an approach to analyzing approximately 16 gigabytes of full packet capture data collected from an industrial control system honeynet—a network of seemingly vulnerable machines designed to lure attackers.

April 2016 - Technical Report A Unique Approach to Threat Analysis Mapping: A Malware-Centric Methodology

As they constantly change network infrastructure, adversaries consistently use and update their tools. This report presents a way for researchers to begin threat analysis with those tools rather than with network or incident data alone.

March 2016 - White Paper Malware Capability Development Patterns Respond to Defenses: Two Case Studies

Topics: Malware Analysis

In this paper, the authors describe their analysis of two case studies to outline the relationship between adversaries and network defenders.

May 2014 - Technical Report Investigating Advanced Persistent Threat 1 (APT1)

Topics: Measurement and Analysis

This report analyzes unclassified data sets in an attempt to understand APT1's middle infrastructure.

January 2014 - Presentation Investigating APT1

Topics: Network Situational Awareness

In this presentation, the authors discuss utilizing the Internet Census 2012 data to understand how public sources tell a story about specific threat groups.