@inproceedings{1dd91d18bf9346c1b33a8569286b424f,
title = "Expert knowledge elicitation for skill level categorization of attack paths",
abstract = "Attack graphs deduce the attack paths based on the identified vulnerabilities, the existing network topology, and the applied network access controls. The exploitation likelihood of the paths derived from the Common Vulnerability Scoring System (CVSS) values of the vulnerabilities provides an important input to risk assessments. This paper focuses on the identification of attacker skill levels required for exploiting the attack paths. First, we elicited expert knowledge for the determination of skill level categories and their detailed descriptions. Second, we systematically applied the elicited knowledge to the attack graphs. This skill level categorization method can provide a significant contribution to the design of hands-on offensive cyber games as it enables to balance the skills of participants and difficulty of game tasks. It also improves the threat analysis capability of organizations by demonstrating the possible infiltration ways of threat actors depending on their skill levels.",
keywords = "Attack Graphs, Attacker Skills, Cyber Threat",
author = "Terezia Mezesova and Hayretdin Bahsi",
note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 5th International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2019 ; Conference date: 03-06-2019 Through 04-06-2019",
year = "2019",
month = jun,
doi = "10.1109/CyberSecPODS.2019.8885192",
language = "English (US)",
series = "2019 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "2019 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2019",
}