Accession Number:



A Study of Gaps in Attack Analysis

Descriptive Note:

Technical Report

Corporate Author:

MIT Lincoln Laboratory Lexington United States

Report Date:


Pagination or Media Count:



The ability of the defender to detect and identify cyber attacks reflects the arms race nature of the cyber domain. While defenders develop new and improved techniques to detect known attacks, attackers resort to more sophisticated and stealthy techniques to perform their intrusions and evade detection. In this study, we identify the major gaps that exist in todays attack detection systems and infrastructures that impede more efficient and effective attack analysis. Attack analysis in this study refers to activities related to identification and understanding of attack methods and techniques, the capability to detect such attacks in USG, DoD, and general enterprise systems, the ability to attribute such attacks to adversaries, and the ability to predict them before they happen. Since the latter two capabilities are significantly underdeveloped, most of the focus of this study is on the identification and detection of attacks. We have reviewed recent literature to identify major gaps in attack analysis. We have then ranked these gaps based on their likelihood of impacting current systems, the extent of their impact, and the cost of developing new and improved techniques to enhance current attack analysis capabilities.

Subject Categories:

  • Computer Systems Management and Standards
  • Computer Programming and Software

Distribution Statement: