Abstract
Since cyberattacks have become sophisticated in the form of advanced persistent threats (APTs), predicting and defending the APT attacks have drawn lots of attention. Although there have been related studies such as attack graphs, Hidden Markov Models, and Bayesian networks, they have four representative limitations; (i) non-standard attack modeling, (ii) lack of data-driven approaches, (iii) absence of real-world APT dataset, and (iv) high system dependability. In this paper, we propose Bayesian ATT&CK Network (BAN) which is based on system-independent data-driven approach. Specifically, BAN is based on Bayesian network, which adopts structure learning and parameter learning to model APT attackers with the MITRE ATT&CK® framework. The trained BAN aims to predict upcoming attack techniques and derives corresponding countermeasures. In addition, we prepare datasets via both automatic and manual labeling to overcome the data insufficiency issues of APT prediction. Experimental results show that BAN successfully contributes to handling APT attacks, given the best parameters extracted from extensive evaluations.
Original language | English |
---|---|
Pages (from-to) | 91949-91968 |
Number of pages | 20 |
Journal | IEEE Access |
Volume | 11 |
DOIs | |
Publication status | Published - 2023 |
Bibliographical note
Publisher Copyright:© 2013 IEEE.
Keywords
- ATT&CK framework
- Attack prediction
- Bayesian network
- advanced persistent threat
- cyber threat intelligence
ASJC Scopus subject areas
- General Computer Science
- General Materials Science
- General Engineering