Cyber Adversary Characterization: Auditing the Hacker Mind

Intermetric Component Relationships
Over the last five chapters, we ve learned about the adversary model that forms the basis of our characterizations, as well as the component properties of the adversary model and the variables associated with those properties. We examined some of the measures (or metrics) we can utilize to determine the values of certain adversary variables given a set of observable data, such as the data pertaining to an attack or data regarding a potential target for which we are attempting to characterize the threat.
This chapter serves to detail the remaining theory covered by this book, introducing some principles that augment some of the previously documented theories.
As we have seen, when performing the characterization of a cyber adversary, it is often the case that insufficient data is available to satisfy many of the metrics that have been introduced. This situation was exemplified in Chapter 4, where we alluded to several caveats of attack tool and attack technique scoring metrics that stem from a lack of data relating to an attack technique or the specifics of a tool.
We hypothesize that through an understanding of the variables that impact the result of an attack metric, such as the score given to a specific attack technique, just as we can make determinations about an adversary s resources, attack inhibitors with data pertaining to an adversary s environment property (see Chapter 2), we can also project the most likely values...