Global adversarial capability modeling

Jonathan Spring, Sarah Kern, Alec Summers
2015 2015 APWG Symposium on Electronic Crime Research (eCrime)  
Intro: Computer network defense has models for attacks and incidents comprised of multiple attacks after the fact. However, we lack an evidence-based model the likelihood and intensity of attacks and incidents. Purpose: We propose a model of global capability advancement, the adversarial capability chain (ACC), to fit this need. The model enables cyber risk analysis to better understand the costs for an adversary to attack a system, which directly influences the cost to defend it. Method: The
more » ... del is based on four historical studies of adversarial capabilities: capability to exploit Windows XP, to exploit the Android API, to exploit Apache, and to administer compromised industrial control systems. Result: We propose the ACC with five phases: Discovery, Validation, Escalation, Democratization, and Ubiquity. We use the four case studies as examples as to how the ACC can be applied and used to predict attack likelihood and intensity.
doi:10.1109/ecrime.2015.7120797 dblp:conf/ecrime/SpringKS15 fatcat:zghpmhyhsveu5dnzggk66jpvde