Using cyber defense exercises to obtain additional data for attacker profiling

Brynielsson, Joel and Franke, Ulrik and Adnan Tariq, Muhammad and Varga, Stefan (2016) Using cyber defense exercises to obtain additional data for attacker profiling. In: 2016 IEEE Conference on Intelligence and Security Informatics (IEEE ISI 2016), 28-30 Sep 2016, Tucson, Arizona, USA.

Full text not available from this repository.

Official URL:


In order to be able to successfully defend an IT system it is useful to have an accurate appreciation of the cyber threat that goes beyond stereotypes. To effectively counter potentially decisive and skilled attackers it is necessary to understand, or at least model, their behavior. Although the real motives for untraceable anonymous attackers will remain a mystery, a thorough understanding of their observable actions can still help to create well-founded attacker profiles that can be used to design effective countermeasures and in other ways enhance cyber defense efforts. In recent work empirically founded attacker profiles, so-called attacker personas, have been used to assess the overall threat situation for an organization. In this paper we elaborate on 1) the use of attacker personas as a technique for attacker profiling, 2) the design of tailor-made cyber defense exercises for the purpose of obtaining the necessary empirical data for the construction of such attacker personas, and 3) how attacker personas can be used for enhancing the situational awareness within the cyber domain. The paper concludes by discussing the possibilities and limitations of using cyber defense exercises for data gathering, and what can and cannot be studied in such exercises.

Item Type:Conference or Workshop Item (Paper)
ID Code:6097
Deposited By:Ulrik Franke
Deposited On:09 Dec 2016 15:35
Last Modified:09 Dec 2016 15:35

Repository Staff Only: item control page