Cyberattacker Profiles, Cyberattack Models and Scenarios, and Cybersecurity Ontology

Abstract

Cyberattacks often dominate today’s headlines. However, what are the odds of industrial, public, and private organizations becoming the next victims of misusing organizations’ computer systems, networks, infrastructure resources, and others? The number and the sophistication of cyberattacks on computer systems, networks, and infrastructure resources is on the rise, and cyberattackers sniffing around for vulnerabilities. Furthermore, cyberattackers easily try to overcome, for example, password authentication rules as one of the several cyberattack scenarios in the cyberattack space. The different types of cyberattack scenarios mainly cause resource disruption, for example, through a Denial of Service (DoS) attack that affects system operation, or disclosure of resources, e.g., by an eavesdropping attack, which alone cannot disrupt the system operation. Thus, cyberattacks cause serious problems because a safe and reliable operation of computer systems, networks, infrastructure resources, and others is a major concern in industrial, public, and private organizations. However, with an increasing understanding of how the industrial, public, and private organizations’ systems work, operation manuals and technical data sheets are often available on the Internet. Thus, cyberattackers become easily skilled at determining the weaknesses of the system(s) they try to exploit to obtain unauthorized access. One international well-known cyberattack was achieved by Stuxnet malware, which supposedly infected industrial control systems and disrupted their operations (Falliere et al., W32 Stuxnet Dossier, 2011; Schenato, IEEE Trans Autom Control, 54(5):1093–1099, 2009). Another big cyberattack was WannaCry that crippled computer systems in more than 150 countries. Furthermore, cyberattackers also use patterns to intrude threat event attacks that are difficult to trace and identify. Therefore, methods and tools are necessary to monitor computer systems, network, infrastructure resources, and others to detect data breaches and respond immediately to the identified threat event attack. Most data breaches exploit well-known cybersecurity weaknesses in the targeted systems. One possible solution to this problem is to study the characteristics of threat event attacks and thereafter extrapolating their characteristics into future possibilities. However, intrusions of threat event attacks are not easy to understand and to define in terms of behavior and/or action(s), but more easily in terms of their effects. Nevertheless, there is intrusion by threat event attacks that can’t be detected alone by statistical methods that must be watched specifically. Collecting essential knowledge about threat event attacks and threat event actors is important to gain deeper understanding of cybersecurity violations’ impact. Against this background, this chapter introduces cyberattack models and scenarios. Section 4.1 focuses on threat event attacks, threat event actors, and threat event impacts in the context of how to defend threat event attacks, and the potential policy of threat event attack raised. This includes answering questions such as “What is the threat event actor’s objective?” “What is the threat event actor’s goal?” or “What may be the threat event actor’s preferred attack method to achieve his attack goal?” and refers to cyberattackers’ profile in Sect. 4.1.1. Section 4.2 introduces cyberattack models, including modeling formalisms in Sect. 4.2.1 and a generic cyberattack model in Sect. 4.2.2. Section 4.3 refers to cyberattackers’ behavior modeling, divided in Sect. 4.3.1 that introduces into generic cyberattackers’ behavior modeling, and Sect. 4.3.2 that refers to simulation of cyberattacks. Section 4.4 considers the topic cybersecurity ontology as a formal specification of a shared conceptualization within a knowledge model. It contains Sect. 4.4.1: introduction in ontology, and Sect. 4.4.2 cybersecurity ontology. Section 4.4.2 is divided into Sect. 4.4.2.1, generic cybersecurity data space ontology framework, and Sect. 4.4.2.2, cyberattack ontology model. Section 4.5 contains comprehensive questions from the chapter topics cyberattackers profile, cyberattack models, and cybersecurity ontology, followed by references for further reading.