Patent attributes
Implementations of the present disclosure include providing a state graph representative of a set of action states within a network, each action state representing an attack that can be performed by an adversary within the network, determining a path stealthiness value for each attack path of a set of attack paths within the network, path stealthiness values being determined based on a mapping that maps each action state to one or more technique-tactic pairs and one or more security controls, determining a path hardness value for each attack path of the set of attack paths within the network, path hardness values being determined based on a state correlation matrix that correlates action states relative to each other, and a decay factor that represents a reduction in effort required to repeatedly perform an action of an action state, and selectively generating one or more alerts based on one or more of path stealthiness values and path hardness values.