The growth of information and communication technology is constantly revolutionizing various domains, e.g., energy & utility systems, healthcare, the Internet of Things, etc. This

inception of widespread cyber technology enables reliability and first operability of the system,

yet simultaneously imposes a risk of significant impact due to disruption of safe and secure operation. The attack surface is expanding, creating a cyber exposure gap, which indicates a higher

threat landscape and increased risk of compromise. This research is motivated by this increased

threat exposure, seeking an efficient modeling paradigm in order to initiate threat-informed defense. We aim to analyze multistage, multi-host attacks with diverse behavioral artifacts. First,

we describe the different levels of indicators and their effectiveness to understand the adversary

activity. Next, we integrate static network information with dynamic attack strategy by mapping

attack graphs into the attacker’s techniques and tactics. This contextual integration provides

insights into the attacker’s stealthy behavior. Following the enumeration of complexity and effort

for attack progression, we will investigate and explore recent and more updated attacker behavior

through threat report analysis.

Md Sharif Ullah is an Assistant Professor in the Department of Computer Science and Engineering at the University of Central Arkansas, Conway, AR. Before that, he was a research assistant in the Center for Secure and Intelligent Critical Systems at Virginia Modeling Analysis and Simulation Center (VMASC). He received his Ph.D. in Electrical and Computer Engineering (ECE) from Old Dominion University, Norfolk, VA, USA. Dr. Ullah has actively pursued research in the fields of cybersecurity and cyber resiliency with an emphasis on cyber threat analysis with integrated machine learning and attack surface management. He co-authored multiple patents and publications regarding attack surface analysis. He has collaborative research experience with other academics and industry R&D, such as Accenture Technological Lab and the Electric Power Research Institute (EPRI). He was a winner of EPRI’s first cybersecurity research challenge. His research interests include, but are not limited to, cyber-physical system (CPS) security, data driven analytics for cybersecurity, cyber risk estimation and mitigation, adverse attack surface in 5G network, and industrial Internet of Things (IIoT).