4.2. RISK ASSESSMENT FRAMEWORK FOR WSN IN A SENSOR CLOUD 55
WSN attacks have not yet been corroborated by CVSS and as such the base metrics will
be evaluated subjectively. We also assume that, although preventive measures for the attacks are
available, they are solutions which individual researchers have reported. Hence, based on the
definition of remediation level, we have considered these solutions as workaround fixes. Envi-
ronmental metrics are context specific varying for different organizations and is constant for
any given organization. Houmb’s misuse frequency model [46] performs risk level estimations
as a conditional probability over the Misuse frequency (MF) and Misuse Impact (MI) estimates
of an attack. MF and MI of an attack helps in depicting the likelihood and impact of an at-
tack respectively taking into account the intrinsic attributes of the attack, network architecture,
and security measures used. It is useful in estimating time frames predicting the degradation
of organizational assets like confidentiality, integrity, and availability. Hence, to compute the
probability of success of attack nodes in our attack graph, we have adopted Houmb’s misuse fre-
quency model. MF of an attack is calculated using (4.1)–(4.3) and CVSS parameters specified
in Table 4.5:
MF
init
D
1
3
X
s
i
2S
.
B_fARg; B_fACg; B_fAUg
/
(4.1)
MF
uFac
D
1
3
X
s
i
2S
.
T _fEg; T _fRLg; T _fRCg
/
(4.2)
MF D
1
2
X
s
i
2S
.
MF
init
; MF
uFac
/
: (4.3)
Initial misuse frequency, MF
init
in (4.1) is calculated using exploitability sub-score under
the base metrics (Tables 4.4 and 4.5). We normalize the values of B_{AR}, B_{AC}, B_{AU} for
the attack under consideration, to keep the final score between 0!1 since the value of MF is a
probability and therefore cannot be over 1. e MF of an attack, however, may change over time
according to the availability of security solutions and techniques for executing the attacks. ese
factors are reflected using temporal metrics, computed as MF
uFac
(4.2). MF
uFac
is then added
to (MF
init
) and the final misuse frequency (MF) is computed in (4.3). Similar computations are
done to calculate MI using the impact sub-score under base metrics and environmental metrics
(Table 4.6) [54] and (4.4)–(4.7). Initial MI estimate, MI
init
, is estimated using impact sub-
score of the base metrics in (4.4). is estimate is a vector depicting the effect of an attack on
confidentiality, integrity, and availability of a network. MI
init
is then updated on the basis of the
collateral damage potential (E_CDP) in (4.5). e MI estimates are further updated as per the
security requirements information in (4.6). Finally, the resulting MI estimate, MI, is obtained
in (4.7):