Determination of features of cyber-attack goals based on analysis of data in open security data sources

Abstract

The paper analyzes security databases including attack patterns database, vulnerability database and weaknesses database. Special attention is given to the schema that underlies the attack patterns database and specifies its objects and relations between them. This scheme is used for selection of features that characterize different classes of cyber-attack goals. The paper outlines metrics of security related objects, such as attacks, weaknesses and vulnerabilities provided by different schemas, the classes of cyber-attack goals, and analyzes relations between different goals and features of cyber-attacks. The experiments demonstrated dependency between the values of selected features and their applicability for determination of different classes of cyber-attack goals.