TY - GEN
T1 - Comparing Attack Models for IT Systems
T2 - 8th IEEE International Symposium on Systems Engineering, ISSE 2022
AU - Naik, Nitin
AU - Jenkins, Paul
AU - Grace, Paul
AU - Song, Jingping
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2023/1/10
Y1 - 2023/1/10
N2 - Cyberattacks are a serious challenge for any IT system, which motivates cybersecurity professionals and developers to constantly explore various attack models to analyse the cyberattack lifecycle used by attackers to mount their attacks. Several attack models have been proposed and successfully utilised to analyse the various types of cyberattacks and their mitigations. All the models offer different characteristics, advantages and disadvantages. Therefore, it is important to examine the most popular attack models to understand their characteristics and suitability for modelling specific types of attacks. This paper will examine characteristics, advantages and disadvantages of the three most popular attack models: The Lockheed Martin's Cyber Kill Chain, the MITRE ATT&CK Framework and the Diamond Model. Finally, it will provide a comparative study of these three attack models to present a relative summary for selecting the most suitable attack model for a specific application.
AB - Cyberattacks are a serious challenge for any IT system, which motivates cybersecurity professionals and developers to constantly explore various attack models to analyse the cyberattack lifecycle used by attackers to mount their attacks. Several attack models have been proposed and successfully utilised to analyse the various types of cyberattacks and their mitigations. All the models offer different characteristics, advantages and disadvantages. Therefore, it is important to examine the most popular attack models to understand their characteristics and suitability for modelling specific types of attacks. This paper will examine characteristics, advantages and disadvantages of the three most popular attack models: The Lockheed Martin's Cyber Kill Chain, the MITRE ATT&CK Framework and the Diamond Model. Finally, it will provide a comparative study of these three attack models to present a relative summary for selecting the most suitable attack model for a specific application.
KW - Attack Models
KW - Cyberattack
KW - Diamond Model
KW - Lockheed Martin's Cyber Kill Chain
KW - MITRE ATT&CK Framework
UR - http://www.scopus.com/inward/record.url?scp=85146954365&partnerID=8YFLogxK
U2 - 10.1109/ISSE54508.2022.10005490
DO - 10.1109/ISSE54508.2022.10005490
M3 - Conference contribution
AN - SCOPUS:85146954365
T3 - ISSE 2022 - 2022 8th IEEE International Symposium on Systems Engineering, Conference Proceedings
BT - ISSE 2022 - 2022 8th IEEE International Symposium on Systems Engineering, Conference Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 24 October 2022 through 26 October 2022
ER -