Improved technique for order of preference by similarity to ideal solution method for identifying key terrain in cyberspace asset layer.

Abstract

Reinforcing weak cyberspace assets is an urgent requirement to defend national cybersecurity. Cyberspace key terrain (CKT) is a theory recently proposed for sensing cyberspace posture. Identifying CKT in the asset layer is essential for supporting cyberspace defense decisions. Existing methods ignore the influence of the multi-attribute correlation of cyberspace nodes and cyber attack mission (CAM) diversity, which restricts the recognition accuracy of CKT. To improve the accuracy of CKT identification and explore the relationship between CKT and CAM, we propose an improved cosine similarity technique for order of preference by similarity to the ideal solution (CosS-TOPSIS) method to model CKT and construct a CAM based on the MITRE adversarial tactics, techniques, and common knowledge (ATT&CK) framework to examine the influence of different weighted CAM on modeling CKT. Based on the vulnerability value calculation method of the cyber system in the common vulnerability scoring system version 3.1 (CVSS 3.1), we evaluated the effectiveness of CosS-TOPSIS in identifying CKT using three metrics: correlation coefficient, root mean square error, and mean absolute error. Our experiments showed that, in comparison with the TOPSIS method, the accuracy of the proposed method for identifying CKT improved by 8.9%, and the root mean square error reduced by 16%; simultaneously, CAM was proven to be an essential factor in identifying CKT. The feasibility and reliability of CosS-TOPSIS in identifying CKT and the close relationship between CAM and CKT identification were demonstrated experimentally. In our work, we utilized cosine similarity and FAHP to improve the baseline method. We also introduced three indicators to evaluate the method's reliability. Drawing from ATT&CK, we recommend CAM as a tool for sensing changes in the cyberspace environment and explore its relationship with CKT. Our work has great application potential for identifying cyberspace vulnerabilities, supporting cyberspace defense, and securing national cyberspace facilities.