Go to DBLP homepageOPTIMA-DEM: An Optimized Threat Behavior Prediction Method using DEMATEL-ISM
Abstract: With the continuous development of information technology, the methods of network attacks have been constantly evolving. Advanced Persistent Threat (APT) attacks are are very dangerous network activities. Enterprise assets must be safeguarded by early APT threat detection. Many researchers are now using the MITRE ATT&CK matrix as external data to direct defensive deployments or are using machine learning approaches to identify the patterns of activity of attackers and anticipate upcoming attack behaviours, but these methods still have some limitations.A method called OPTIMA-DEM is proposed to optimize existing methods for predicting attack behavior. The methodology uses MITRE ATT&CK matrix data to analyse co-occurrence patterns across TTPs (Tactics, Techniques, and Procedures). It also introduces the Decision-Making Trial and Evaluation Laboratory (DEMATEL) analysis method and the Interpretive Structural Modelling (ISM) analysis method to categorise attacks’ causes hierarchically. This improves the explainability and confidence of the analysis results by showing how TTPs are related in a more logical way. Experimental findings show that OPTIMA-DEM can help researchers find possible connections and uncover underlying elements that are often missed.
Loading