Title :
Global adversarial capability modeling
Author :
Spring, Jonathan ; Kern, Sarah ; Summers, Alec
Author_Institution :
CERT® Program, Software Eng. Inst., Carnegie Mellon Univ., Pittsburgh, PA, USA
Abstract :
Intro: Computer network defense has models for attacks and incidents comprised of multiple attacks after the fact. However, we lack an evidence-based model the likelihood and intensity of attacks and incidents. Purpose: We propose a model of global capability advancement, the adversarial capability chain (ACC), to fit this need. The model enables cyber risk analysis to better understand the costs for an adversary to attack a system, which directly influences the cost to defend it. Method: The model is based on four historical studies of adversarial capabilities: capability to exploit Windows XP, to exploit the Android API, to exploit Apache, and to administer compromised industrial control systems. Result: We propose the ACC with five phases: Discovery, Validation, Escalation, Democratization, and Ubiquity. We use the four case studies as examples as to how the ACC can be applied and used to predict attack likelihood and intensity.
Keywords :
Android (operating system); application program interfaces; computer network security; risk analysis; ACC; Android API; Apache; Windows XP; adversarial capability chain; attack likelihood prediction; compromised industrial control systems; computer network defense; cyber risk analysis; evidence-based model; global adversarial capability modeling; Analytical models; Androids; Biological system modeling; Computational modeling; Humanoid robots; Integrated circuit modeling; Software systems; CND; computer network defense; cybersecurity; incident response; intelligence; intrusion detection; modeling; security;
Conference_Titel :
Electronic Crime Research (eCrime), 2015 APWG Symposium on
Conference_Location :
Barcelona
DOI :
10.1109/ECRIME.2015.7120797
