BAN: Predicting APT Attack Based on Bayesian Network With MITRE ATT&CK Framework

Youngjoon Kim, Insup Lee, Hyuk Kwon, Kyeongsik Lee, Jiwon Yoon

Research output: Contribution to journalArticlepeer-review

Abstract

Since cyberattacks have become sophisticated in the form of advanced persistent threats (APTs), predicting and defending the APT attacks have drawn lots of attention. Although there have been related studies such as attack graphs, Hidden Markov Models, and Bayesian networks, they have four representative limitations; (i) non-standard attack modeling, (ii) lack of data-driven approaches, (iii) absence of real-world APT dataset, and (iv) high system dependability. In this paper, we propose Bayesian ATT&CK Network (BAN) which is based on system-independent data-driven approach. Specifically, BAN is based on Bayesian network, which adopts structure learning and parameter learning to model APT attackers with the MITRE ATT&CK® framework. The trained BAN aims to predict upcoming attack techniques and derives corresponding countermeasures. In addition, we prepare datasets via both automatic and manual labeling to overcome the data insufficiency issues of APT prediction. Experimental results show that BAN successfully contributes to handling APT attacks, given the best parameters extracted from extensive evaluations.

Original languageEnglish
Pages (from-to)91949-91968
Number of pages20
JournalIEEE Access
Volume11
DOIs
Publication statusPublished - 2023

Bibliographical note

Publisher Copyright:
© 2013 IEEE.

Keywords

  • ATT&CK framework
  • Attack prediction
  • Bayesian network
  • advanced persistent threat
  • cyber threat intelligence

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Fingerprint

Dive into the research topics of 'BAN: Predicting APT Attack Based on Bayesian Network With MITRE ATT&CK Framework'. Together they form a unique fingerprint.

Cite this