Abstract:Reinforcing weak cyberspace assets is an urgent requirement to defend national cybersecurity. Cyberspace key terrain (CKT) is a theory recently proposed for sensing cyberspace posture. Identifying CKT in the asset layer is essential for supporting cyberspace defense decisions. Existing methods ignore the influence of the multi-attribute correlation of cyberspace nodes and cyber attack mission (CAM) diversity, which restricts the recognition accuracy of CKT. To improve the accuracy of CKT identification and explore the relationship between CKT and CAM, we propose an improved cosine similarity technique for order of preference by similarity to the ideal solution (CosS-TOPSIS) method to model CKT and construct a CAM based on the MITRE adversarial tactics, techniques, and common knowledge (ATT&CK) framework to examine the influence of different weighted CAM on modeling CKT. Based on the vulnerability value calculation method of the cyber system in the common vulnerability scoring system version 3.1 (CVSS 3.1), we evaluated the effectiveness of CosS-TOPSIS in identifying CKT using three metrics: correlation coefficient, root mean square error, and mean absolute error. Our experiments showed that, in comparison with the TOPSIS method, the accuracy of the proposed method for identifying CKT improved by 8.9%, and the root mean square error reduced by 16%; simultaneously, CAM was proven to be an essential factor in identifying CKT. The feasibility and reliability of CosS-TOPSIS in identifying CKT and the close relationship between CAM and CKT identification were demonstrated experimentally. In our work, we utilized cosine similarity and FAHP to improve the baseline method. We also introduced three indicators to evaluate the method's reliability. Drawing from ATT&CK, we recommend CAM as a tool for sensing changes in the cyberspace environment and explore its relationship with CKT. Our work has great application potential for identifying cyberspace vulnerabilities, supporting cyberspace defense, and securing national cyberspace facilities.

Improved technique for order of preference by similarity to ideal solution method for identifying key terrain in cyberspace asset layer

Understanding and Assessment of Mission-Centric Key Cyber Terrains for joint Military Operations

A Comprehensive Dynamic Quality Assessment Method for Cyber Threat Intelligence

Cooperative Threat Assessment of Multi-Aircrafts Based on Synthetic Fuzzy Cognitive Map

Linking Common Vulnerabilities and Exposures to the MITRE ATT&CK Framework: A Self-Distillation Approach

Byzantine Attacker Identification in Collaborative Spectrum Sensing: A Robust Defense Framework

An Automated Dynamic Quality Assessment Method for Cyber Threat Intelligence

Quantitative Assessment of General Cyber-Attack and Optimal Strategy-Selection Modelling in CPPS

Cyber Situation Comprehension For Iot Systems Based On Apt Alerts And Logs Correlation

How hard can it be? Quantifying MITRE attack campaigns with attack trees and cATM logic

Optimal Attack Path Planning Based on Reinforcement Learning and Cyber Threat Knowledge Graph Combining the ATT&CK for Air Traffic Management System

A Hierarchical Method for Assessing Cyber Security Situation Based on Ontology and Fuzzy Cognitive Maps.

Correlate the Advanced Persistent Threat Alerts and Logs for Cyber Situation Comprehension.

A Characterization of Cybersecurity Posture from Network Telescope Data

Cyber Key Terrain Identification Using Adjusted PageRank Centrality

Asset criticality and risk prediction for an effective cybersecurity risk management of cyber-physical system

Multi-Dimension Threat Situation Assessment Based on Network Security Attributes

FSM-Based Cyber Security Status Analysis Method.

Assessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework

Target Threat Assessment Method based on RCS Feature Classifier and TOPSIS

An Improved Integrated Prediction Method of Cyber Security Situation Based on Spatial-time Analysis