Network Attack Modeling with and without Context

Analyzing network attacks based on sensor observables has many similarities with other fusion problems where contextual information can benefit tracking and prediction of attack actions. This paper reviews a few existing contextbased network attack modeling works and notes that only context with high fidelity should be used due to the diverse and constantly changing nature of network configurations and attack tactics. From there, this paper discusses the needs to extract critical attack features that can be used to synthesize or simulate attack scenarios comprehensively. Such approach may help reveal critical and rare attack scenarios by extrapolating from extracted attack features.