Toward Ensemble Characterization and Projection of Multistage Cyber Attacks

With expanding network infrastructures, increasing vulnerabilities and uncertain malicious activities, cyber security research has begun to provide situation assessment beyond Intrusion Detection Systems (IDSs). A key goal of cyber situation assessment is to efficiently and effectively project the likely future targets of ongoing multistage attacks. This work presents two ensemble techniques that combine real-time projection algorithms modeling the behavior, capability, and opportunity of malicious activities in a network. Sugeno fuzzy inference system and Transferable Belief Model are used to combine supporting evidence and resolve conflicts between the algorithm outputs. The two ensemble techniques are analyzed and compared using simulated attack datasets generated for varying network environments and attack parameters. The results are discussed to reveal the benefits and limitations of individual algorithms and ensemble techniques.