DEFIA: Evaluate defense effectiveness by fusing behavior information of cyberattacks

Zhen Liu, Changzhen Hu, Chun Shan*, Zheheng Peng

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

The existing researches point to a lack of studies addressing the quantitative evaluation of the effectiveness of cyber defense. This difficult matter has been plaguing cyber security researchers and managers. This paper provides a quantitative method to evaluate defense effectiveness, called DEFIA. DEFIA records information about attack behavior in a formatted way and evaluates the defense effectiveness based on the utility of attack behaviors. By calculating the probability features of the attack behavior in the attack sample, the physical space structure of the attack behavior information is constructed. In particular, we define the utility calculation principle of attack behaviors and regard it as the benchmark for evaluating defensive capabilities. DEFIA can quantitatively assess the defense effectiveness of defense methods deployed in computer systems. We explain how the method works by simulating some real attack scenarios and based on the information provided by Virustotal to prove that DEFIA is reasonable and feasible.

Original languageEnglish
Article number119375
JournalInformation Sciences
Volume646
DOIs
Publication statusPublished - Oct 2023

Keywords

  • Attack sample
  • Attack utility
  • Behavior information
  • Defense effectiveness evaluation
  • Virustotal

Fingerprint

Dive into the research topics of 'DEFIA: Evaluate defense effectiveness by fusing behavior information of cyberattacks'. Together they form a unique fingerprint.

Cite this