Improved technique for order of preference by similarity to ideal solution method for identifying key terrain in cyberspace asset layer

Reinforcing weak cyberspace assets is an urgent requirement to defend national cybersecurity. Cyberspace key terrain (CKT) is a theory recently proposed for sensing cyberspace posture. Identifying CKT in the asset layer is essential for supporting cyberspace defense decisions. Existing methods ignor...

Descripción completa

Detalles Bibliográficos
Autores principales: Liu, Longhui, Zhou, Yang, Xu, Qing, Shi, Qunshan, Hu, Xiaofei
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Public Library of Science 2023
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10343075/
https://www.ncbi.nlm.nih.gov/pubmed/37440510
http://dx.doi.org/10.1371/journal.pone.0288293
_version_ 1785072651730944000
author Liu, Longhui
Zhou, Yang
Xu, Qing
Shi, Qunshan
Hu, Xiaofei
author_facet Liu, Longhui
Zhou, Yang
Xu, Qing
Shi, Qunshan
Hu, Xiaofei
author_sort Liu, Longhui
collection PubMed
description Reinforcing weak cyberspace assets is an urgent requirement to defend national cybersecurity. Cyberspace key terrain (CKT) is a theory recently proposed for sensing cyberspace posture. Identifying CKT in the asset layer is essential for supporting cyberspace defense decisions. Existing methods ignore the influence of the multi-attribute correlation of cyberspace nodes and cyber attack mission (CAM) diversity, which restricts the recognition accuracy of CKT. To improve the accuracy of CKT identification and explore the relationship between CKT and CAM, we propose an improved cosine similarity technique for order of preference by similarity to the ideal solution (CosS-TOPSIS) method to model CKT and construct a CAM based on the MITRE adversarial tactics, techniques, and common knowledge (ATT&CK) framework to examine the influence of different weighted CAM on modeling CKT. Based on the vulnerability value calculation method of the cyber system in the common vulnerability scoring system version 3.1 (CVSS 3.1), we evaluated the effectiveness of CosS-TOPSIS in identifying CKT using three metrics: correlation coefficient, root mean square error, and mean absolute error. Our experiments showed that, in comparison with the TOPSIS method, the accuracy of the proposed method for identifying CKT improved by 8.9%, and the root mean square error reduced by 16%; simultaneously, CAM was proven to be an essential factor in identifying CKT. The feasibility and reliability of CosS-TOPSIS in identifying CKT and the close relationship between CAM and CKT identification were demonstrated experimentally. In our work, we utilized cosine similarity and FAHP to improve the baseline method. We also introduced three indicators to evaluate the method’s reliability. Drawing from ATT&CK, we recommend CAM as a tool for sensing changes in the cyberspace environment and explore its relationship with CKT. Our work has great application potential for identifying cyberspace vulnerabilities, supporting cyberspace defense, and securing national cyberspace facilities.
format Online
Article
Text
id pubmed-10343075
institution National Center for Biotechnology Information
language English
publishDate 2023
publisher Public Library of Science
record_format MEDLINE/PubMed
spelling pubmed-103430752023-07-14 Improved technique for order of preference by similarity to ideal solution method for identifying key terrain in cyberspace asset layer Liu, Longhui Zhou, Yang Xu, Qing Shi, Qunshan Hu, Xiaofei PLoS One Research Article Reinforcing weak cyberspace assets is an urgent requirement to defend national cybersecurity. Cyberspace key terrain (CKT) is a theory recently proposed for sensing cyberspace posture. Identifying CKT in the asset layer is essential for supporting cyberspace defense decisions. Existing methods ignore the influence of the multi-attribute correlation of cyberspace nodes and cyber attack mission (CAM) diversity, which restricts the recognition accuracy of CKT. To improve the accuracy of CKT identification and explore the relationship between CKT and CAM, we propose an improved cosine similarity technique for order of preference by similarity to the ideal solution (CosS-TOPSIS) method to model CKT and construct a CAM based on the MITRE adversarial tactics, techniques, and common knowledge (ATT&CK) framework to examine the influence of different weighted CAM on modeling CKT. Based on the vulnerability value calculation method of the cyber system in the common vulnerability scoring system version 3.1 (CVSS 3.1), we evaluated the effectiveness of CosS-TOPSIS in identifying CKT using three metrics: correlation coefficient, root mean square error, and mean absolute error. Our experiments showed that, in comparison with the TOPSIS method, the accuracy of the proposed method for identifying CKT improved by 8.9%, and the root mean square error reduced by 16%; simultaneously, CAM was proven to be an essential factor in identifying CKT. The feasibility and reliability of CosS-TOPSIS in identifying CKT and the close relationship between CAM and CKT identification were demonstrated experimentally. In our work, we utilized cosine similarity and FAHP to improve the baseline method. We also introduced three indicators to evaluate the method’s reliability. Drawing from ATT&CK, we recommend CAM as a tool for sensing changes in the cyberspace environment and explore its relationship with CKT. Our work has great application potential for identifying cyberspace vulnerabilities, supporting cyberspace defense, and securing national cyberspace facilities. Public Library of Science 2023-07-13 /pmc/articles/PMC10343075/ /pubmed/37440510 http://dx.doi.org/10.1371/journal.pone.0288293 Text en © 2023 Liu et al https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
spellingShingle Research Article
Liu, Longhui
Zhou, Yang
Xu, Qing
Shi, Qunshan
Hu, Xiaofei
Improved technique for order of preference by similarity to ideal solution method for identifying key terrain in cyberspace asset layer
title Improved technique for order of preference by similarity to ideal solution method for identifying key terrain in cyberspace asset layer
title_full Improved technique for order of preference by similarity to ideal solution method for identifying key terrain in cyberspace asset layer
title_fullStr Improved technique for order of preference by similarity to ideal solution method for identifying key terrain in cyberspace asset layer
title_full_unstemmed Improved technique for order of preference by similarity to ideal solution method for identifying key terrain in cyberspace asset layer
title_short Improved technique for order of preference by similarity to ideal solution method for identifying key terrain in cyberspace asset layer
title_sort improved technique for order of preference by similarity to ideal solution method for identifying key terrain in cyberspace asset layer
topic Research Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10343075/
https://www.ncbi.nlm.nih.gov/pubmed/37440510
http://dx.doi.org/10.1371/journal.pone.0288293
work_keys_str_mv AT liulonghui improvedtechniquefororderofpreferencebysimilaritytoidealsolutionmethodforidentifyingkeyterrainincyberspaceassetlayer
AT zhouyang improvedtechniquefororderofpreferencebysimilaritytoidealsolutionmethodforidentifyingkeyterrainincyberspaceassetlayer
AT xuqing improvedtechniquefororderofpreferencebysimilaritytoidealsolutionmethodforidentifyingkeyterrainincyberspaceassetlayer
AT shiqunshan improvedtechniquefororderofpreferencebysimilaritytoidealsolutionmethodforidentifyingkeyterrainincyberspaceassetlayer
AT huxiaofei improvedtechniquefororderofpreferencebysimilaritytoidealsolutionmethodforidentifyingkeyterrainincyberspaceassetlayer

Ejemplares similares