A Risk Management Approach to Defending Against the Advanced Persistent Threat

The advanced persistent threat (APT) as a new kind of cyber attack has posed a severe threat to modern organizations. When the APT has been detected, the organization has to deal with the APT response problem, i.e., to allocate the available response resources to fix her insecure hosts so as to mitigate her potential loss. This paper addresses the APT response problem by using the risk management approach. First, we introduce a model characterizing the evolution of the organization's expected state. By analyzing this model, we find the organization's expected state approaches a common limit expected state. Then, we use the organization's expected loss per unit time to measure her potential loss, and we find this measure is determined by the organization's limit expected state. On this basis, we model the APT response problem as a game-theoretic problem (the APT response game) in which the organization seeks a Nash equilibrium. We present a greedy algorithm for solving the game. Comparative experiments show that the algorithm is effective. Therefore, we recommend the response strategy generated by performing the algorithm. These findings contribute to defending against the APT. To our knowledge, this is the first time the APT response problem is addressed.

[1]  Lu-Xing Yang,et al.  The Impact of the Network Topology on the Viral Prevalence: A Node-Based Approach , 2015, PloS one.

[2]  T. Başar,et al.  Dynamic Noncooperative Game Theory, 2nd Edition , 1998 .

[3]  Eric Cole,et al.  Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization , 2012 .

[4]  Dimitris Gritzalis,et al.  Trusted Computing vs. Advanced Persistent Threats: Can a Defender Win This Game? , 2013, 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing.

[5]  Jack Jones,et al.  Measuring and Managing Information Risk: A FAIR Approach , 2014 .

[6]  Yang Xiao,et al.  Game Theory for Network Security , 2013, IEEE Communications Surveys & Tutorials.

[7]  T. Hamid,et al.  Cyber Security Risk Evaluation Research Based on Entropy Weight Method , 2016, 2016 9th International Conference on Developments in eSystems Engineering (DeSE).

[8]  Guozhen Cheng,et al.  The Best Defense Strategy against Session Hijacking Using Security Game in SDN , 2017, 2017 IEEE 19th International Conference on High Performance Computing and Communications; IEEE 15th International Conference on Smart City; IEEE 3rd International Conference on Data Science and Systems (HPCC/SmartCity/DSS).

[9]  Shouhuai Xu,et al.  Push- and pull-based epidemic spreading in networks: Thresholds and deeper insights , 2012, TAAS.

[10]  Francesco Palmieri,et al.  Stackelberg games for modeling defense scenarios against cloud security threats , 2018, J. Netw. Comput. Appl..

[11]  Carlos Cid,et al.  Are We Compromised? Modelling Security Assessment Games , 2012, GameSec.

[12]  Ming Zhang,et al.  A Game Theoretic Model for Defending Against Stealthy Attacks with Limited Resources , 2015, GameSec.

[13]  Michele Colajanni,et al.  Analysis of high volumes of network traffic for Advanced Persistent Threat detection , 2016, Comput. Networks.

[14]  Yuan Yan Tang,et al.  A Bi-Virus Competing Spreading Model with Generic Infection Rates , 2018, IEEE Transactions on Network Science and Engineering.

[15]  Tansu Alpcan,et al.  Network Security , 2010 .

[16]  Haiyan Wang,et al.  Modeling Information Diffusion in Online Social Networks with Partial Differential Equations , 2013, Surveys and Tutorials in the Applied Mathematical Sciences.

[17]  J. Goodman Note on Existence and Uniqueness of Equilibrium Points for Concave N-Person Games , 1965 .

[18]  Liang Xiao,et al.  Evolutionary Game Theoretic Analysis of Advanced Persistent Threats Against Cloud Storage , 2017, IEEE Access.

[19]  P. W. Singer,et al.  Cybersecurity and Cyberwar: What Everyone Needs to Know® , 2013 .

[20]  Kuai Xu,et al.  Partial differential equations with Robin boundary condition in online social networks , 2015 .

[21]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[22]  Ming Zhang,et al.  Stealthy attacks and observable defenses: A game theoretic model under strict resource constraints , 2014, 2014 IEEE Global Conference on Signal and Information Processing (GlobalSIP).

[23]  Ananthram Swami,et al.  Stealthy attacks with insider information: A game theoretic model with asymmetric feedback , 2016, MILCOM 2016 - 2016 IEEE Military Communications Conference.

[24]  Lu-Xing Yang,et al.  Heterogeneous virus propagation in networks: a theoretical study , 2017 .

[25]  Douglas W. Hubbard,et al.  How to Measure Anything in Cybersecurity Risk , 2016 .

[26]  Gábor Horváth,et al.  FlipThem: Modeling Targeted Attacks with FlipIt for Multiple Resources , 2014, GameSec.

[27]  Xiang-Sheng Wang,et al.  Traveling Wave Phenomena in a Kermack–McKendrick SIR Model , 2015, Journal of Dynamics and Differential Equations.

[28]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[29]  George Kostopoulos Cyberspace and Cybersecurity , 2012 .

[30]  Prasant Mohapatra,et al.  Dynamic defense strategy against advanced persistent threat with insiders , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[31]  Alberto Bressan,et al.  Noncooperative Differential Games , 2011 .

[32]  Bruce Bueno de Mesquita,et al.  An Introduction to Game Theory , 2014 .

[33]  Albert-László Barabási,et al.  Statistical mechanics of complex networks , 2001, ArXiv.

[34]  Liang Xiao,et al.  Defense against advanced persistent threats: A Colonel Blotto game approach , 2017, 2017 IEEE International Conference on Communications (ICC).

[35]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[36]  Aron Laszka,et al.  Games of Timing for Security in Dynamic Environments , 2015, GameSec.

[37]  Nigel P. Smart,et al.  Threshold FlipThem: When the Winner Does Not Need to Take All , 2015, GameSec.

[38]  H. Vincent Poor,et al.  Cloud Storage Defense Against Advanced Persistent Threats: A Prospect Theoretic Study , 2017, IEEE Journal on Selected Areas in Communications.

[39]  Shouhuai Xu,et al.  Adaptive Epidemic Dynamics in Networks , 2013, ACM Trans. Auton. Adapt. Syst..

[40]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[41]  Shouhuai Xu,et al.  A Stochastic Model of Active Cyber Defense Dynamics , 2015, Internet Math..

[42]  Xiaofan Yang,et al.  The impact of patch forwarding on the prevalence of computer virus: A theoretical assessment approach , 2017 .

[43]  P. Van Mieghem,et al.  Virus Spread in Networks , 2009, IEEE/ACM Transactions on Networking.

[44]  Yuan Yan Tang,et al.  Security Evaluation of the Cyber Networks Under Advanced Persistent Threats , 2017, IEEE Access.

[45]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[46]  Stefan Rass,et al.  Defending Against Advanced Persistent Threats Using Game-Theory , 2017, PloS one.

[47]  R. Kitchin,et al.  Cyberspace: The World in the Wires , 1998 .

[48]  Vladimir Batagelj,et al.  Exploratory Social Network Analysis with Pajek , 2005 .

[49]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[50]  Shouhuai Xu,et al.  A Stochastic Model of Multivirus Dynamics , 2012, IEEE Transactions on Dependable and Secure Computing.

[51]  Shouhuai Xu,et al.  Preventive and Reactive Cyber Defense Dynamics Is Globally Stable , 2016, IEEE Transactions on Network Science and Engineering.

[52]  Yuan Yan Tang,et al.  On the competition of two conflicting messages , 2018 .

[53]  C. Scoglio,et al.  On the existence of a threshold for preventive behavioral responses to suppress epidemic spreading , 2012, Scientific Reports.

[54]  Jens Grossklags,et al.  FlipLeakage: A Game-Theoretic Approach to Protect Against Stealthy Attackers in the Presence of Information Leakage , 2016, GameSec.

[55]  Prasant Mohapatra,et al.  Stealthy attacks meets insider threats: A three-player game model , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[56]  Florian Skopik,et al.  Combating advanced persistent threats: From network event correlation to incident detection , 2015, Comput. Secur..

[57]  Duncan J. Watts,et al.  Collective dynamics of ‘small-world’ networks , 1998, Nature.

[58]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.