Projection of Cyber Attacks using Damage Estimation and Combination of Attacker’s Capability and Opportunity based on Transferable Belief Model

Document Type : Original Article

Authors

Abstract

"Nowadays there are so many tools available for capturing the events and alerts within networks. The need for a system that could aggregate the information generated by these tools and combine them to make    better decisions is strongly acknowledged. If we could predict cyber attacks and estimate their effects     before they actually occur, we would be able to apply a better defense strategy and reduce the damage to our critical assets. The projection of cyber attacks is to predict them based on a certain framework using mathematical methods. One of these methods is the Transferable Belief Model (TBM). In this paper, we used the TBM to combine capability and opportunity of attackers - which are cyber attacks' projection  components- to project the future situation of attacks. We have also tested our results against our  customized high-level attack tracks dataset. The result of comparison between our algorithm and the  previously presented algorithm at the Information Fusion Centre of Malek-Ahstar University of Technology shows an average improvement of 7%.
 

Keywords


[1]     A. J. Rashidi, K. Dadashtabar Ahmadi, and F. Samsami Khodad, “Projection of Muli Stage Cyber Attack Based on Transferable Belief Model and FuzzyInference,” Journal of Electronical & Cyber Defence,vol. 3, no. 2, Serial No. 10, 2015 (In Persian).##
[2]     M. R. Endsley, “Design and Evaluation for Situation Awareness Enhancement,” Proceedings of the 32nd Annual Meeting of the Human Factors Society, pp. 97–101, 1998##.
[3]     J. J. Salerno, M. Sudit, S. J. Yang, G. P. Tadda, I. Kadar, and J. Holsopple, “Issues and Challenges in Higher Level Fusion: Threat/Impact Assessment and Intent Modeling (A Panel Summary),” IEEE Information Fusion (FUSION )13th Conference, July 2010.##
 
[4]     D. Fava, S. R. Byers, and S. J. Yang, “Projecting Cyber Attacks through Variable Length Markov Models,” IEEE Transactions on Information Forensics and Security, vol. 3, Issue 3, September 2008##.
[5]     J. Holsopple, M. Nusinov, D. Liu, H. Du, S. J. Yang, and M. Sudit, “Enhancing Situation Awareness via Automated Situation Assessment,” IEEE Communication Magazine, March 2010.##
[6]     A. D’Amico, L. Buchanan, and J. Goodall, “Mission Impact of Cyber Events: Scenarios and Ontology to Express the Relationships between Cyber Assets, Missions, and Users,” fifth International Conference on Information Warfare and Security, 8-9 Apr. 2010.##
[7]     J. Holsopple and S. J. Yang, “FuSIA: Future Situation and Impact Awareness,” inProceedings of the 11th ISIF/IEEE InternationalConference on Information Fusion, Cologne, Germany, July1-3, 2008.##
[8]     J. Kipp, L. Grau, K. Prinslow, and D. Smith, “The Human Terrain System: A CORDS for the 21st Century,” Military Review, September 2006##.
[9]     R. J. Gonzalez, “Human Terrain, Past, Present, and Future Applications,” Anthropology Today, vol. 24, no 1, February 2008##.
[10]  J. Holsopple, B. Argauer, and S. J. Yang, “Virtual terrain: a common representation of acomputer network,” in Proceedings of SPIE Security and Defense Symposium, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security Conference, Orlando, FL, March     16-20, 2008##.
[11]  A. E. Khalili, B. Michalk, L. Gilbert, and L. Alford, “Situational Awareness and mission Risk in computer networks,” Proceedings of SPIE Security and Defense Symposium, Cyber Security, Situation Management, and Impact Assessment II Conference (7709A), Orlando FL, 5-9 April 2010##.
[12]  E. Bosse, J. Roy, and S. Wark, “Concepts, Models, and Tools for Information Fusion,” Artech House, Inc, ISBN-13: 978-1- 59693-081-0, p. 4, 2007.##
[13]  A. Steinberg, C. Bowman, and F. White, “Revisions to the JDL Data Fusion Model,” presented at the Joint NATO/IRIS Conference, Quebec, October 1998##.
[14]  J. Salerno, M. Hinman, and D. Boulware, “A Situation Awareness Model Applied to Multiple Domains,” Proceedings of the Defense and Security Conference, Orlando FL, March 2005##.
[15]  S. J. Yang, S. Byers, J. Holsopple, B. Argauer, and D. Fava, “Intrusion Activity Projection for Cyber Situational Awareness,” in Proceedings of IEEE International Conferences on Intelligence and Security Informatics, Taipei, Taiwan, June 17-20, 2008##.
[16]  H. Du, D. F. Liu, J. Holsopple, and S. J Yang, “Toward Ensemble Characterization and Projection of Multistage Cyber Attacks,” IEEE ICCCN, Zürich, Switzerland, August 2-5, pp. 1-8, 2010.##
[17]  M. R. Grimaila, R. F. Mills, and L. W. Fortson, “An Automated Information Asset Tracking Methodology to Enable Timely Cyber Incident Mission Impact Assessment,” 13th International Command and Control Research and Technology Symposia (ICCRTS 2008), Seattle, WA, 17-19 Jun, 2008.##