Cyber security is a complex, multifaceted, poorly understood problem domain. As the use of digital technology grows, the threat environment continues to evolve dynamically. Traditional approaches for cyber security focus on understanding and addressing vulnerabilities. While this mindset is necessary, it is not sufficient. A better understanding of the nature of existing and future cyber threats is needed to make informed defensive decisions that optimize the use of limited resources. Here, we address this deficiency by applying Markov Chain methods to descriptions of observed cyber threats. The goal of this effort is to identify previously unknown themes of common vulnerabilities. We present the results of our study and discuss its implications. Then we conclude and provide direction for future work.
BarnumS. Standardizing cyber threat intelligence information with the structured threat information expression (STIX). McLean, VA, USA: MITRE Corporation, 2012, p.11.
2.
HutchinsEMCloppertMJAminRM.
Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Iss Inform Warfare Secur Res2011; 1: 80.
3.
SwansonSAstrichCRobinsonM. Cyber threat indications & warning: predict, identify and counter. Small Wars Journal2012; 26: 59–71.
4.
KumarVSrivastavaJLazarevicA.
Managing cyber threats: issues, approaches, and challenges. Volume 5. Berlin: Springer Science & Business Media, 2006.
5.
GreitzerFLFrinckeDA. Combining traditional cyber security audit data with psychosocial data: towards predictive modeling for insider threat mitigation. In: ProbstCWHunkerJGollmannDBishopM (eds) Insider threats in cyber security. New York: Springer, 2010, pp.85–113.
6.
De VriesJHoogstraatenHvan den BergJ. Systems for detecting advanced persistent threats: a development roadmap using intelligent data analysis. In: ZhanJContractorNMaratheMSmithM (eds) 2012 international conference on cyber security (CyberSecurity), 14–16 December 2012, pp.54–61. Los Alamitos, CA, USA: IEEE.
7.
SoodAKEnbodyRJ.
Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur Priv2013; 1: 54–61.
8.
VirvilisNGritzalisDApostolopoulosT.
Trusted computing vs. advanced persistent threats: can a defender win this game? In: ForestiSMuthukkumarasamyVWongD S (eds) 2013 IEEE 10th international conference on ubiquitous intelligence and computing and 10th international conference on autonomic and trusted computing (UIC/ATC), Washington, DC, 18–21 December 2013, pp.396–403. Los Alamitos, CA, USA: IEEE.
9.
GiuraPWangW. A context-based detection framework for advanced persistent threats. In: ZhanJContractorNMaratheMarc SmithM (eds) 2012 international conference on cyber security (CyberSecurity), Alexandria, Virginia, USA, 14–16 December 2012, pp.69–74. Los Alamitos, CA, USA: IEEE.
10.
SerranoODandurandLBrownS. On the design of a cyber security data sharing system. In: BryantJerry (eds) proceedings of the 2014 ACM workshop on information sharing & collaborative security, 03 November 2014, pp.61–69. New York, NY, USA: ACM.
11.
BarnumS. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIXTM). MITRE Corporation2012; 11: 1–22.
12.
GilksWR.
Markov Chain Monte Carlo. Wiley Online Library, (2005, accessed on 18 January 2017).
13.
ChenPDesmetLHuygensC. A study on advanced persistent threats. In: DeDeckerBZuqueteA (eds) Communications and multimedia security. Berlin: Springer, 2014, pp.63–72.
14.
Le BlondSUritescAGilbertC. A look at targeted attacks through the lens of an NGO. In: proceedings of the 23rd USENIX Security symposium, San Diego, CA, USA, 22–24 August 2014. Berkeley, CA, USA: USENIX Association.
15.
UmaMPadmavathiG.
A survey on various cyber attacks and their classification. IJ Network Secur2013; 15: 390–396.
16.
CookSA. The complexity of theorem-proving procedures. In: StanatD F (ed) proceedings of the third annual ACM symposium on theory of computing, Shaker Heights, Ohio, USA, 3–5 May 1971, pp.151–158. New York, NY, USA: ACM.
17.
ClarkeEMGrumbergOPeledD.
Model checking. Cambridge, MA, USA: MIT Press, 1999.
PatilSRanePMeshramBB.
Ids vs ips. Proc Int J Comput Networks Wireless Commun2012; 2: 86–90.
20.
LeeMLewisD.
Clustering disparate attacks: mapping the activities of the advanced persistent threat. Leading Iss Inform Warfare Secur Res2013; 26: 1–6.
21.
MellPKentKNusbaumJ. Guide to malware incident prevention and handling. US Department of Commerce, Technology Administration, Gaithersburg, MD: National Institute of Standards and Technology, 2005.
22.
SlotTKarglF. Detection of apt malware through external and internal network traffic correlation. Master’s Thesis, University of Twente, Netherlands, 2015.
PatelAQassimQWillsC.
A survey of intrusion detection and prevention systems. Inform Manag Comput Secur2010; 18: 277–290.
25.
ChariSNChengP-C.
Bluebox: a policy-driven, host-based intrusion detection system. ACM Trans Inform Syst Secur2003; 6:173–200.
26.
LamLCChiuehT. Automatic extraction of accurate application-specific sandboxing policy. In: JonssonEValdesAAlmgrenM (eds) international workshop on recent advances in intrusion detection, Sophia Antipolis, France, 15–17 September 2004, pp.1–20. Berlin: Springer.
27.
JimTSwamyNHicksM.
Defeating script injection attacks with browser-enforced embedded policies. In: ShenoyPPeter Patel-SchneiderP (eds) proceedings of the 16th international conference on world wide web, Banff, Alberta, Canada, 8–12 May 2007, pp.601–610. New York: ACM.
28.
KhorshedMTShawkat AliABMWasimiSA.
A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Fut Generat Comput Syst2012; 28: 833–851.
29.
ColbaughRGlassK. Proactive defense for evolving cyber threats. In: YangCC (ed) 2011 IEEE international conference on intelligence and security informatics (ISI), Beijing, China, 10–12 July 2011, pp.125–130. Piscataway, NJ, USA: IEEE.
