A Markov Multi-Phase Transferable Belief Model for Cyber Situational Awareness

A Markov Multi-Phase Transferable Belief Model for Cyber Situational Awareness

eXfiltration Advanced Persistent Threats (XAPTs) increasingly account for incidents concerned with critical information exfiltration from High Valued Targets (HVTs). Existing Cyber Defence frameworks and data fusion models cannot cope with XAPTs due to a lack of provision for multi-phase attacks cha...

Full description

Bibliographic Details
Main Authors: Georgios Ioannou, Panos Louvieris, Natalie Clewley
Format: Article
Language:English
Published: IEEE 2019-01-01
Series:IEEE Access
Subjects:
APT
combination rule
conflict
cyberspace
kill-chain
Markov processes
Online Access:https://ieeexplore.ieee.org/document/8636494/
Description
Summary:eXfiltration Advanced Persistent Threats (XAPTs) increasingly account for incidents concerned with critical information exfiltration from High Valued Targets (HVTs). Existing Cyber Defence frameworks and data fusion models cannot cope with XAPTs due to a lack of provision for multi-phase attacks characterized by uncertainty and conflicting information. The Markov Multi-phase Transferable Belief Model (MM-TBM) extends the Transferable Belief Model to address the multi-phase nature of cyber-attacks and to obtain previously indeterminable Cyber SA. As a data fusion technique, MM-TBM constitutes a novel approach for performing hypothesis assessment and evidence combination across phases, by means of a new combination rule, called the Multi-phase Combination Rule with conflict Reset (MCR<sup>2</sup>). The impact of MM-TBM as a Cyber Situational Awareness capability and its implications as a multi-phase data fusion theory have been empirically validated through a series of scenario-based Cyber SA experiments for detecting, tracking, and predicting XAPTs.
ISSN:2169-3536

Similar Items