Anticipatory cyber defense requires understanding of how cyber adversaries make decisions and adapt as cyberattacks unfold. This paper uses a dataset of qualitative observations conducted at a force on force (“paintball”) exercise held at the 2015 North American International Cyber Summit (NAICS). By creating time series representations of the observed data, a broad range of data mining tools can be utilized to discover valuable verifiable knowledge about adversarial behavior. Two types of such analysis discussed in this work include clustering, which aims to find out what stages show similar temporal patterns, and peak detection for adaptation analysis. Collectively, this mixed methods approach contributes to understanding how adversaries progress through cyberattacks and adapt to any disruptions they encounter.
CITATION STYLE
Rege, A., Obradovic, Z., Asadi, N., Parker, E., Masceri, N., Singer, B., & Pandit, R. (2017). Using a real-time cybersecurity exercise case study to understand temporal characteristics of cyberattacks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10354 LNCS, pp. 127–132). Springer Verlag. https://doi.org/10.1007/978-3-319-60240-0_16
Mendeley helps you to discover research relevant for your work.