ADCaDeM: A Novel Method of Calculating Attack Damage Based on Differential Manifolds

Calculating system damage caused by a cyberattack can help in understanding the impact and destructiveness of the attack to discover system security weaknesses. Thus, system damage calculations is important in the process of network offense-defense confrontation. However, there is little research on attack damage calculation. Current methods are unable to quantitatively evaluate the impact of an attack in a rational and accurate way. The lack of theoretical support and the complexity of both cyber systems and attacks bring tremendous challenges to attack damage calculations. In this paper, we propose a novel method called ADCaDeM to enable quantitative attack damage calculation based on a differential manifold. The damage is a negative utility produced by attack behaviors on an attacked object, which can be characterized and expressed by its attributes. We formally map the attack behaviors into a space constructed by the attributes of the attacked object in a mathematical way. Then, we propose an algorithm to construct these attributes as a differential manifold to represent their algebraic topological structure. According to the theory of tangent vectors and geodesics on the differential manifold, we can calculate attack behavioral utility in a physical way, such as computing the work done in physics. Regardless of the complexity of the dimensional structure of the attributes, the differential manifold structure can reasonably represent and calculate the damage caused by an attack. We simulate a data theft attack and a web penetration attack to test the performance of ADCaDeM and compare it with existing methods. Our experimental results illustrate ADCaDeM's advance in terms of rationality for calculating the damage caused by some typical cyberattacks.