1. Background

On cyberspace battlefields, adversaries often lurk in the darkness, but will jump at the throat of victims whenever spotting a chance. Today, extensive collection of huge amounts of data from various dimensions is nothing new. This can be very useful for security defenses, but at the same time brings unprecedented challenges to security operations teams. Every day, security operations personnel are up to their necks in massive alerts, busying themselves analyzing alerts, correlating alerts with incidents, and attributing attacks based on their experience and expertise. To address these problems in security operations, it is urgent to find a method to profile attackers from multiple dimensions and assess their potentials before providing assessment results to security operations personnel, who will then identify most dangerous attackers. Attributed graph modeling is an effective method that allows modeling of attackers from aspects of attributes, structures, and temporal features.