Abstract
As the world becomes digitized and connected, cyberattacks and security issues have been steadily increasing. In particular, advanced persistent threats (APTs) are actors who perform various complex attacks over the long term to achieve their purpose. These attacks involve more planning and intelligence than typical cyberattacks. Many studies have investigated APT detection and defense methods; however, studies on security requirements that focus on non-technical factors and prevention are relatively few. Therefore, this study aims to provide attack information to users obtained by analyzing attack scenarios as well as security requirements to help the users understand and make decisions. To this end, we propose a method for extracting attack elements by providing users with templates for attack scenarios with different levels of abstraction. In addition, we use a problem domain ontology that is based on the concept of a case to provide users with attack analysis results and recommended security requirements. Our method uses case-based reasoning to retrieve similar cases, recommend reusable security requirements, and propose revision directions. The ontology can be improved by adding the solution to the problem as a new case. We conducted case studies and surveys to evaluate our methods and showed that they help specify security requirements.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
