Global Adversarial Capability Modeling
• Conference Paper
Publisher
Software Engineering Institute
Topic or Tag
Abstract
Computer network defense has models for attacks and incidents comprised of multiple attacks after the fact. However, we lack an evidence-based model of the likelihood and intensity of attacks and incidents. We propose a model of global capability advancement, the adversarial capability chain (ACC), to fit this need. The model enables cyber risk analysis to better understand the costs for an adversary to attack a system, which directly influences the cost to defend it. The model is based on four historical studies of adversarial capabilities: the capability to exploit Windows XP, to exploit the Android API, to exploit Apache, and to administer compromised industrial control systems. We propose the ACC with five phases: Discovery, Validation, Escalation, Democratization, and Ubiquity. We use the four case studies as examples as to how the ACC can be applied and used to predict attack likelihood and intensity.