A quantitative approach to design special purpose systems to measure hacking skills

Accurate measure of hacking skills level of a person allows to develop a response plan, whether it is for a cyber security learners or facing an adversary. Numerous attempts have been made to rank hackers, qualitatively. We introduce a quantitative approach that calculates the probability of performing certain cyber security actions and match them to well-known hackers ranks. The calculated probabilities are used to design a special-purpose system that measures the hackers' skills level and rank them. Our system uses a machine-learning approach - it starts with statistically calculated or observed initial values, then it can be trained using data generated either by calculating a weighted sum using a neural networks or by further statistics-based estimation and observation. The initial values were gathered and calculated against the participants of a number of hacking competitions. The probabilistic system is controlled in a manner that it allows the admin/owner to design tasks and challenges with a specific difficulty to examine the systems users skills. Alternatively, it can be designed in an open-end manner which can rank the user's skill based on the level reached. To demonstrate our system, we analysed the hacking skills for 8 university students based on their training results.