Applying System Dynamics to Model Advanced Persistent Threats

System dynamics (SD) concept has been successfully applied to analyze issues that are non-linear, complex, and dynamic in disciplines namely social sciences and technology. However, its application to cyber security issues especially threats that involves multiple variables interacting with the technical as well as the organizational domain is lacking. In this respect, Advanced Persistent Threat (APT) is regarded as a highly targeted and sophisticated attack using zero-day malware, stealth, and multiple advanced techniques to gain entry and maintain its presence inside organizational network unnoticed. Being a threat that exploits technical as well as organizational vulnerabilities, preventing it at the security perimeter and, detecting it once it enters the system is a challenge till date. To demonstrate the application of SD in identifying and analyzing the effect of each of the variables, we took the Equinox data breach as a case study. The variables leading to the breach were identified, entered into Vensim software and simulated to get the results. Through this exercise, we could identify seven key independent management variables for the technical security and three key independent variables for records breach. This research being the foremost study to apply SD to APT, we presume that by modelling APT attacks using SD through a case study this paper, thus provides insights into the dynamics of the threat. Furthermore, it suggests 'what if' strategies to minimize APT risks thereby reduce the extent of damages should an APT attack occur.

[1]  Jose J. Gonzalez,et al.  A system dynamics model of an insider attack on an information system , 2003 .

[2]  Bilal Gonen,et al.  A Theoretical Model for Detection of Advanced Persistent Threat in Networks and Systems Using a Finite Angular State Velocity Machine (FAST-VM) , 2014 .

[3]  Ping Chen,et al.  A Study on Advanced Persistent Threats , 2014, Communications and Multimedia Security.

[4]  Jae Choi,et al.  A system dynamics model for information security management , 2015, Inf. Manag..

[5]  Qing Hu,et al.  A System Dynamics Model of Information Security Investments , 2007, ECIS.

[6]  John D. Sterman,et al.  Business dynamics : systems thinking and modelling for acomplex world , 2002 .

[7]  Denis Trček Using systems dynamics for human resources management in information systems security , 2006 .

[8]  Jing Liu,et al.  A Network Gene-Based Framework for Detecting Advanced Persistent Threats , 2014, 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[9]  Sangarapillai Lambotharan,et al.  Multi-Stage Attack Detection Using Contextual Information , 2018, MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM).

[10]  Evangelos Katsamakas,et al.  Information systems research with system dynamics , 2008 .

[11]  Stephen H. Conrad,et al.  A behavioral theory of insider-threat risks: A system dynamics approach , 2008, TOMC.

[12]  Dawn M. Cappelli,et al.  Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers’ Information, Systems, or Networks , 2007 .

[13]  David F. Andersen,et al.  Preliminary System Dynamics Maps of the Insider Cyber-threat Problem , 2004 .

[14]  Dong Hoon Lee,et al.  Compliance risk assessment measures of financial information security using system dynamics , 2012 .

[15]  Sang Chin Yang,et al.  System Dynamics Based Insider Threats Modeling , 2011 .

[16]  Dawn M. Cappelli,et al.  Combating the Insider Cyber Threat , 2008, IEEE Security & Privacy.

[17]  Christian W. Probst,et al.  Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[18]  Rahul Roy,et al.  Dynamics of organizational information security , 2003 .