This Proposal addresses the tracking and forecasting a cyberthreats future maneuvers in compromised network. Our approach is as follows: Movement in the Network observed by Intrusion Detection System (IDS) Sensor Data = Discrete States (e.g., IP or Port Addressed per IDMEF alert format) Forecast Threat Track Vector using Multiple Hypothesis Method (MHM) Use Probabilistic Relational Model (PRM) framework to Develop Tracking Algorithms. Model Threat Movement using a Dynamic Decision Network (DDN) with Multi-Tactics & Trafficability Extend Bayesian Inference with Second Order Uncertainty (SOU) which Increases the precision of the forecast. Select multiple hypothesis of movement tactics from MITRE ATT&CK framework Apply weights to hypothesis paths based on the value of the target assets, Use data association methods, select and save the top-3 likely threat vectors for further tracking This is different from Todays Technology in that it adds the ability to predict the likely next move in the attack vector using Multi Hypothesis Method (MHM) within a Bayesian representation of the cyber network. The Phase-I validation of the method will be performed using a simplified simulation of a Cyberattack. Namely, a single Intruder with a limited number of maneuver tactics
