Background: Predicting attacker’s behavior plays an important role in network security assessment.
Attack graphs systematically classify the possible intrusion paths against a system. For our purpose,
we assume the attack graph structure comprised of states and transitions between them. Each state represents
an attack phase (or adversarial action) and each transition indicates a possible action of attacker.
Objective: In this paper, we use the attack graph structure to propose a new method for predicting the
behavior of attackers. The goal of this method is to measure how attackers with different level of capabilities,
access and budget prefer to select their path to conduct an attack.
Method: In the proposed method, attackers are considered as active agents with different levels of skill,
access and budget. All possible attack scenarios are modeled by using the attack graph structure. The
attack graph model is parameterized by appropriate data such as the access complexity, the required
skill and the required budget as the inputs of the model.
Results: The outputs of the proposed method are the desired security metrics such as the selection probabilities
of different attack scenarios and the attractiveness degree of attack paths from the attacker’s point of view.
Conclusion: One of the main preferences of attackers is due to the lack of the experience and security
education of the users. The local and physical attacks have not high priority for attackers to launch an
attack. The user’s systems and workstations are more vulnerable than the data server.