Security Requirement Recommendation Method Using Case-Based Reasoning to Prevent Advanced Persistent Threats

Abstract

As the world becomes digitized and connected, cyberattacks and security issues have been steadily increasing. In particular, advanced persistent threats (APTs) are actors who perform various complex attacks over the long term to achieve their purpose. These attacks involve more planning and intelligence than typical cyberattacks. Many studies have investigated APT detection and defense methods; however, studies on security requirements that focus on non-technical factors and prevention are relatively few. Therefore, this study aims to provide attack information to users obtained by analyzing attack scenarios as well as security requirements to help the users understand and make decisions. To this end, we propose a method for extracting attack elements by providing users with templates for attack scenarios with different levels of abstraction. In addition, we use a problem domain ontology that is based on the concept of a case to provide users with attack analysis results and recommended security requirements. Our method uses case-based reasoning to retrieve similar cases, recommend reusable security requirements, and propose revision directions. The ontology can be improved by adding the solution to the problem as a new case. We conducted case studies and surveys to evaluate our methods and showed that they help specify security requirements.