DEFIA: Evaluate defense effectiveness by fusing behavior information of cyberattacks

The existing researches point to a lack of studies addressing the quantitative evaluation of the effectiveness of cyber defense. This difficult matter has been plaguing cyber security researchers and managers. This paper provides a quantitative method to evaluate defense effectiveness, called DEFIA. DEFIA records information about attack behavior in a formatted way and evaluates the defense effectiveness based on the utility of attack behaviors. By calculating the probability features of the attack behavior in the attack sample, the physical space structure of the attack behavior information is constructed. In particular, we define the utility calculation principle of attack behaviors and regard it as the benchmark for evaluating defensive capabilities. DEFIA can quantitatively assess the defense effectiveness of defense methods deployed in computer systems. We explain how the method works by simulating some real attack scenarios and based on the information provided by Virustotal to prove that DEFIA is reasonable and feasible.