Cyber-attack scoring model based on the offensive cybersecurity framework

Kyounggon Kim, Faisal Abdulaziz Alfouzan, Huykang Kim

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

Cyber-attacks have become commonplace in the world of the Internet. The nature of cyber-attacks is gradually changing. Early cyber-attacks were usually conducted by curious personal hackers who used simple techniques to hack homepages and steal personal information. Lately, cyber attackers have started using sophisticated cyber-attack techniques that enable them to retrieve national confidential information beyond the theft of personal information or defacing websites. These sophisticated and advanced cyber-attacks can disrupt the critical infrastructures of a nation. Much research regarding cyber-attacks has been conducted; however, there has been a lack of research related to measuring cyber-attacks from the perspective of offensive cybersecurity. This motivated us to propose a methodology for quantifying cyber-attacks such that they are measurable rather than abstract. For this purpose, we identified each element of offensive cybersecurity used in cyber-attacks. We also investigated the extent to which the detailed techniques identified in the offensive cyber-security framework were used, by analyzing cyber-attacks. Based on these investigations, the complexity and intensity of cyber-attacks can be measured and quantified. We evaluated advanced persistent threats (APT) and fileless cyber-attacks that occurred between 2010 and 2020 based on the methodology we developed. Based on our research methodology, we expect that researchers will be able to measure future cyber-attacks.

Original languageEnglish
Article number7738
JournalApplied Sciences (Switzerland)
Volume11
Issue number16
DOIs
Publication statusPublished - 2021 Aug 2

Keywords

  • Cyber-attacks
  • Offensive cybersecurity
  • Offensive cybersecurity framework
  • Scoring model

ASJC Scopus subject areas

  • Materials Science(all)
  • Instrumentation
  • Engineering(all)
  • Process Chemistry and Technology
  • Computer Science Applications
  • Fluid Flow and Transfer Processes

Fingerprint

Dive into the research topics of 'Cyber-attack scoring model based on the offensive cybersecurity framework'. Together they form a unique fingerprint.

Cite this