Evaluating threat assessment for multi-stage cyber attacks

Shanchieh Jay Yang; Jared Holsopple; Moises Sudit

doi:10.1109/MILCOM.2006.302216

Evaluating threat assessment for multi-stage cyber attacks

Shanchieh Jay Yang
, Jared Holsopple
, Moises Sudit

Department of Industrial and Systems Engineering

Rochester Institute of Technology
CUBRC

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

21 Scopus citations

Abstract

Current practices to defend against cyber attacks are typically reactive yet passive. Recent research work has been proposed to proactively predict hacker's target entities in the early stage of the attack. With prediction, there comes false alarms and missed attacks. Very little has been reported on how to evaluate a threat assessment algorithm, especially for cyber security. Because of the variety and the constantly changing nature of hacker behavior and network vulnerabilities, a cyber threat assessment algorithm is, perhaps more susceptible that for other application domains. This work sets forth the issues on evaluating cyber threat assessment algorithms, and discusses the validity of various statistical measures. Simulation examples are provided to illustrate the pros and cons of using different metrics under various cyber attack scenarios. Our results show that commonly used false positives and false negatives are necessary but not sufficient to evaluate cyber threat assessment.

Original language	English
Title of host publication	Military Communications Conference 2006, MILCOM 2006
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Print)	1424406188, 9781424406180
DOIs	https://doi.org/10.1109/MILCOM.2006.302216
State	Published - 2006
Event	Military Communications Conference 2006, MILCOM 2006 - Washington, D.C., United States Duration: Oct 23 2006 → Oct 25 2006

Publication series

Name	Proceedings - IEEE Military Communications Conference MILCOM

Conference

Conference	Military Communications Conference 2006, MILCOM 2006
Country/Territory	United States
City	Washington, D.C.
Period	10/23/06 → 10/25/06

Access to Document

10.1109/MILCOM.2006.302216

Cite this

@inproceedings{c1ceb836762b472caaa2250679a638d8,

title = "Evaluating threat assessment for multi-stage cyber attacks",

abstract = "Current practices to defend against cyber attacks are typically reactive yet passive. Recent research work has been proposed to proactively predict hacker's target entities in the early stage of the attack. With prediction, there comes false alarms and missed attacks. Very little has been reported on how to evaluate a threat assessment algorithm, especially for cyber security. Because of the variety and the constantly changing nature of hacker behavior and network vulnerabilities, a cyber threat assessment algorithm is, perhaps more susceptible that for other application domains. This work sets forth the issues on evaluating cyber threat assessment algorithms, and discusses the validity of various statistical measures. Simulation examples are provided to illustrate the pros and cons of using different metrics under various cyber attack scenarios. Our results show that commonly used false positives and false negatives are necessary but not sufficient to evaluate cyber threat assessment.",

author = "Yang, \{Shanchieh Jay\} and Jared Holsopple and Moises Sudit",

year = "2006",

doi = "10.1109/MILCOM.2006.302216",

language = "English",

isbn = "1424406188",

series = "Proceedings - IEEE Military Communications Conference MILCOM",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "Military Communications Conference 2006, MILCOM 2006",

address = "United States",

note = "Military Communications Conference 2006, MILCOM 2006 ; Conference date: 23-10-2006 Through 25-10-2006",

}

Yang, SJ, Holsopple, J & Sudit, M 2006, Evaluating threat assessment for multi-stage cyber attacks. in Military Communications Conference 2006, MILCOM 2006., 4086822, Proceedings - IEEE Military Communications Conference MILCOM, Institute of Electrical and Electronics Engineers Inc., Military Communications Conference 2006, MILCOM 2006, Washington, D.C., United States, 10/23/06. https://doi.org/10.1109/MILCOM.2006.302216

Evaluating threat assessment for multi-stage cyber attacks. / Yang, Shanchieh Jay; Holsopple, Jared; Sudit, Moises.
Military Communications Conference 2006, MILCOM 2006. Institute of Electrical and Electronics Engineers Inc., 2006. 4086822 (Proceedings - IEEE Military Communications Conference MILCOM).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Evaluating threat assessment for multi-stage cyber attacks

AU - Yang, Shanchieh Jay

AU - Holsopple, Jared

AU - Sudit, Moises

PY - 2006

Y1 - 2006

N2 - Current practices to defend against cyber attacks are typically reactive yet passive. Recent research work has been proposed to proactively predict hacker's target entities in the early stage of the attack. With prediction, there comes false alarms and missed attacks. Very little has been reported on how to evaluate a threat assessment algorithm, especially for cyber security. Because of the variety and the constantly changing nature of hacker behavior and network vulnerabilities, a cyber threat assessment algorithm is, perhaps more susceptible that for other application domains. This work sets forth the issues on evaluating cyber threat assessment algorithms, and discusses the validity of various statistical measures. Simulation examples are provided to illustrate the pros and cons of using different metrics under various cyber attack scenarios. Our results show that commonly used false positives and false negatives are necessary but not sufficient to evaluate cyber threat assessment.

AB - Current practices to defend against cyber attacks are typically reactive yet passive. Recent research work has been proposed to proactively predict hacker's target entities in the early stage of the attack. With prediction, there comes false alarms and missed attacks. Very little has been reported on how to evaluate a threat assessment algorithm, especially for cyber security. Because of the variety and the constantly changing nature of hacker behavior and network vulnerabilities, a cyber threat assessment algorithm is, perhaps more susceptible that for other application domains. This work sets forth the issues on evaluating cyber threat assessment algorithms, and discusses the validity of various statistical measures. Simulation examples are provided to illustrate the pros and cons of using different metrics under various cyber attack scenarios. Our results show that commonly used false positives and false negatives are necessary but not sufficient to evaluate cyber threat assessment.

UR - https://www.scopus.com/pages/publications/35148868136

U2 - 10.1109/MILCOM.2006.302216

DO - 10.1109/MILCOM.2006.302216

M3 - Conference contribution

AN - SCOPUS:35148868136

SN - 1424406188

SN - 9781424406180

T3 - Proceedings - IEEE Military Communications Conference MILCOM

BT - Military Communications Conference 2006, MILCOM 2006

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - Military Communications Conference 2006, MILCOM 2006

Y2 - 23 October 2006 through 25 October 2006

ER -

Evaluating threat assessment for multi-stage cyber attacks

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this