{"id":5928,"date":"2025-09-04T11:30:04","date_gmt":"2025-09-04T09:30:04","guid":{"rendered":"https:\/\/cyberawareness.sk\/?p=5928"},"modified":"2026-03-27T12:38:05","modified_gmt":"2026-03-27T11:38:05","slug":"evaluation-of-attacker-skill-level-for-multi-stage-attacks","status":"publish","type":"post","link":"https:\/\/cyberawareness.sk\/en\/2025\/09\/04\/evaluation-of-attacker-skill-level-for-multi-stage-attacks\/","title":{"rendered":"Evaluation of Attacker Skill Level for Multi-stage Attacks"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5928\" class=\"elementor elementor-5928\">\n\t\t\t\t<div class=\"elementor-element elementor-element-fa18013 e-flex e-con-boxed e-con e-parent\" data-id=\"fa18013\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-9f6d137 e-con-full e-flex e-con e-child\" data-id=\"9f6d137\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-dd553b0 elementor-widget elementor-widget-ucaddon_square_icon_box\" data-id=\"dd553b0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"ucaddon_square_icon_box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n<!-- start Icon Box -->\n\t\t<link id='font-awesome-css' href='https:\/\/cyberawareness.sk\/wp-content\/plugins\/unlimited-elements-for-elementor\/assets_libraries\/font-awesome6\/fontawesome-all.min.css' type='text\/css' rel='stylesheet' >\n\t\t<link id='font-awesome-4-shim-css' href='https:\/\/cyberawareness.sk\/wp-content\/plugins\/unlimited-elements-for-elementor\/assets_libraries\/font-awesome6\/fontawesome-v4-shims.min.css' type='text\/css' rel='stylesheet' >\n\t\t<link id='uc_ac_assets_file_blox_boxed_small_square_icon_box_css_0-css' href='https:\/\/cyberawareness.sk\/wp-content\/uploads\/ac_assets\/blox-boxed-small-square-icon-box\/blox-boxed-small-square-icon-box.css' type='text\/css' rel='stylesheet' >\n\n<style>\/* widget: Icon Box *\/\n\n#uc_square_icon_box_elementor_dd553b0 * { \n\tbox-sizing: border-box; \n}\n\n#uc_square_icon_box_elementor_dd553b0{\n\tfont-family: inherit;\n    transition:0.3s;\n    position:relative;\n}\n\n#uc_square_icon_box_elementor_dd553b0 .blox-boxed-small-square-icon-box-icon{\n\t\n\tposition:relative;\n    display:flex;\n    justify-content:center;\n    align-items:center;\n    transform:rotate(0deg);\n    z-index:2;\n}\n#uc_square_icon_box_elementor_dd553b0 .ue-icon {\n  display:inline-block;\n}\n#uc_square_icon_box_elementor_dd553b0 .blox-boxed-small-square-icon-box-icon > div{\n\t\n\tposition:relative;\n    display:flex;\n    justify-content:center;\n    align-items:center;\n    transform:rotate(-0deg);\n}\n#uc_square_icon_box_elementor_dd553b0 .ue-icon-inner{\n    line-height:1em;\n\t} \t\n\n\n#uc_square_icon_box_elementor_dd553b0 .ue-icon-inner svg{\n    height:1em;\n    width:1em;\n\t} \t\n\t\n.blox-boxed-small-square-icon-box-heading{\n\tfont-size:21px;\n\t}\n\n\n#uc_square_icon_box_elementor_dd553b0:hover\n{\n  position:relative;\n  z-index:1;\n}\n\n\n#uc_square_icon_box_elementor_dd553b0 .ue_box_button\n{\n  text-align:center;\n  text-decoration:none;\n  display:inline-block;\n  transition:0.3s;\n}\n\n\n#uc_square_icon_box_elementor_dd553b0 span.line\n{\n  display:block;\n  position:absolute;\n  top:0;\n  left:0;\n  width:0px;\n  transition:0.3s;\n}\n\n#uc_square_icon_box_elementor_dd553b0:hover span.line\n{\n  width:100%;\n}\n\n#uc_square_icon_box_elementor_dd553b0 .ue-title-separator span\n{\n  display:inline-block;\n  transition:0.3s;\n}\n\n\n\n\n\n<\/style>\n\n<div class=\"square_icon_box \" id=\"uc_square_icon_box_elementor_dd553b0\">\n  \n  \t\t  \n  \n              <div class=\"ue-icon\">\n       <a style=\"display:inline-block; text-decoration:none;\" href=\"https:\/\/ieeexplore.ieee.org\/stamp\/stamp.jsp?tp=&amp;#038;arnumber=9042153\" >         <div class=\"blox-boxed-small-square-icon-box-icon\" style=\"background-color: ;\">\n           <div class=\"ue-icon-inner\"><i class='fas fa-book'><\/i><\/div>\n         <\/div>\n       <\/a>       <\/div>\n         \n  \t\t        <div class=\"blox-boxed-small-square-icon-box-heading\">\n        \tArticle\n        <\/div>\n          \n  \t\t  \n  \n          \n  \t\t        \n          \n  \t\t  \n<\/div>\n<!-- end Icon Box -->\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ad5fbe9 elementor-widget elementor-widget-ucaddon_square_icon_box\" data-id=\"ad5fbe9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"ucaddon_square_icon_box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n<!-- start Icon Box -->\n\n<style>\/* widget: Icon Box *\/\n\n#uc_square_icon_box_elementor_ad5fbe9 * { \n\tbox-sizing: border-box; \n}\n\n#uc_square_icon_box_elementor_ad5fbe9{\n\tfont-family: inherit;\n    transition:0.3s;\n    position:relative;\n}\n\n#uc_square_icon_box_elementor_ad5fbe9 .blox-boxed-small-square-icon-box-icon{\n\t\n\tposition:relative;\n    display:flex;\n    justify-content:center;\n    align-items:center;\n    transform:rotate(0deg);\n    z-index:2;\n}\n#uc_square_icon_box_elementor_ad5fbe9 .ue-icon {\n  display:inline-block;\n}\n#uc_square_icon_box_elementor_ad5fbe9 .blox-boxed-small-square-icon-box-icon > div{\n\t\n\tposition:relative;\n    display:flex;\n    justify-content:center;\n    align-items:center;\n    transform:rotate(-0deg);\n}\n#uc_square_icon_box_elementor_ad5fbe9 .ue-icon-inner{\n    line-height:1em;\n\t} \t\n\n\n#uc_square_icon_box_elementor_ad5fbe9 .ue-icon-inner svg{\n    height:1em;\n    width:1em;\n\t} \t\n\t\n.blox-boxed-small-square-icon-box-heading{\n\tfont-size:21px;\n\t}\n\n\n#uc_square_icon_box_elementor_ad5fbe9:hover\n{\n  position:relative;\n  z-index:1;\n}\n\n\n#uc_square_icon_box_elementor_ad5fbe9 .ue_box_button\n{\n  text-align:center;\n  text-decoration:none;\n  display:inline-block;\n  transition:0.3s;\n}\n\n\n#uc_square_icon_box_elementor_ad5fbe9 span.line\n{\n  display:block;\n  position:absolute;\n  top:0;\n  left:0;\n  width:0px;\n  transition:0.3s;\n}\n\n#uc_square_icon_box_elementor_ad5fbe9:hover span.line\n{\n  width:100%;\n}\n\n#uc_square_icon_box_elementor_ad5fbe9 .ue-title-separator span\n{\n  display:inline-block;\n  transition:0.3s;\n}\n\n\n\n\n\n<\/style>\n\n<div class=\"square_icon_box \" id=\"uc_square_icon_box_elementor_ad5fbe9\">\n  \n  \t\t  \n  \n              <div class=\"ue-icon\">\n       <a style=\"display:inline-block; text-decoration:none;\" href=\"https:\/\/ieeexplore.ieee.org\/document\/9042153\" >         <div class=\"blox-boxed-small-square-icon-box-icon\" style=\"background-color: ;\">\n           <div class=\"ue-icon-inner\"><i class='fas fa-link'><\/i><\/div>\n         <\/div>\n       <\/a>       <\/div>\n         \n  \t\t        <div class=\"blox-boxed-small-square-icon-box-heading\">\n        \tLink to IEEE\n        <\/div>\n          \n  \t\t  \n  \n          \n  \t\t        \n          \n  \t\t  \n<\/div>\n<!-- end Icon Box -->\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8e851db elementor-widget elementor-widget-text-editor\" data-id=\"8e851db\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><b>Authors: <\/b>Tom\u00e1\u0161 Bajto\u0161, Pavol Sokol, Ter\u00e9zia M\u00e9ze\u0161ov\u00e1\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e5a0a23 elementor-widget elementor-widget-heading\" data-id=\"e5a0a23\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Abstract<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b77c4c2 elementor-widget elementor-widget-text-editor\" data-id=\"b77c4c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Information security risks caused by difficult to exploit vulnerabilities are often treated with countermeasures as last due to their low likelihood of occurrence and should be given a high priority in security monitoring. In this paper, we propose an evaluation of detected attacks in terms of their difficulty &#8211; by assigning them an attacker&#8217;s skill level. We draw similarities between vulnerability&#8217;s exploitability score and aim to evaluate intrusion detection system alerts within the same framework. We also present the methodology on attacks from a dataset intended for evaluation of intrusion detection systems.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e39a89a elementor-widget elementor-widget-heading\" data-id=\"e39a89a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Introduction<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0aa2729 elementor-widget elementor-widget-text-editor\" data-id=\"0aa2729\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The increasing number of systems connected to the Internet presents a new set of risks for organizations as they become an interesting target not only for opportunistic attacks but targeted multi -stage attacks as well. Security operation centres monitor the activity within an organization&#8217;s network for various threats and employ a wide range of tools to provide situational awareness to responsible asset owners. One of the most common practices is to correlate events from intrusion detection systems (IDS) into an attack path, a so-called multi -stage attack. These attacks are further prioritized, and the aim is to minimize the number of attacks that analysts must investigate.<br \/><br \/>In threat and risk analysis, often risks associated with vulnerabilities considered difficult to exploit are given a low priority for treatment. Therefore, analysts should be able to evaluate how difficult a detected attack is and treat it with high priority. This information can be forwarded to risk management and the appropriate countermeasures should be given a higher priority. To foster feedback between operations and security monitoring, there should be a common understanding of the two terms: the difficulty of an attack and the difficulty of vulnerability exploitation. In this paper, we focus on one of the attacker&#8217;s attributes, their ability to perform an attack &#8211; their skills, and divide attackers into 3 skill levels.<br \/><br \/>To formalize the scope of this paper, we state the research objective of determining the skill level an attacker needs to create a detected multi-stage attack. The question of determining how difficult it is to exploit an individual vulnerability and subsequently an attack path generated from host vulnerability data was the scope of one of our previous work [1]. Skill levels are determined and as each vulnerability is scored upon being published, the score metrics are mapped to the skill levels. The idea presented in this paper creates a relationship between what kind of properties those metrics represent and how IDS alerts can be evaluated with regards to those properties. The contribution of this paper is that we can determine the skill level for detected attacks.<br \/><br \/>This paper contains 5 sections. In section 2 we discuss the related work on evaluating an attacker&#8217;s capabilities or difficulty of an attack. Section 3 presents how to adapt the methodology for evaluating skill level based on the vulnerability score to the multi-stage attacks. Finally, we present example cases on data from a public dataset in section 4.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Authors: Tom\u00e1\u0161 Bajto\u0161, Pavol Sokol, Ter\u00e9zia M\u00e9ze\u0161ov\u00e1 <\/p>","protected":false},"author":8,"featured_media":5713,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"full-width","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[15],"tags":[],"class_list":["post-5928","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-clanky","entry","has-media"],"_links":{"self":[{"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/posts\/5928","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/comments?post=5928"}],"version-history":[{"count":8,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/posts\/5928\/revisions"}],"predecessor-version":[{"id":8874,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/posts\/5928\/revisions\/8874"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/media\/5713"}],"wp:attachment":[{"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/media?parent=5928"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/categories?post=5928"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/tags?post=5928"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}