Recent Developments in Game-Theory Approaches for the Detection and Defense against Advanced Persistent Threats (APTs): A Systematic Review

Cybersecurity has become a prominent issue in regard to ensuring information privacy and integrity in the internet age particularly with the rise of interconnected devices. However, advanced persistent threats (APTs) pose a significant danger to the current contemporary way of life, and effective APT detection and defense are vital. Game theory is one of the most sought-after approaches adopted against APTs, providing a framework for understanding and analyzing the strategic interactions between attackers and defenders. However, what are the most recent developments in game theory frameworks against APTs, and what approaches and contexts are applied in game theory frameworks to address APTs? In this systematic literature review, 48 articles published between 2017 and 2022 in various journals were extracted and analyzed according to PRISMA procedures and our formulated research questions. This review found that game-theory approaches have been optimized for the defensive performance of security measures and implemented to anticipate and prepare for countermeasures. Many have been designed as part of incentive-compatible and welfare-maximizing contracts and then applied to cyber–physical systems, social networks, and transportation systems, among others. The trends indicate that game theory provides the means to analyze and understand complex security scenarios based on technological advances, changes in the threat landscape, and the emergence of new trends in cyber-crime. In this study, new opportunities and challenges against APTs are outlined, such as the ways in which tactics and techniques to bypass defenses are likely to evolve in order to evade detection, and we focused on specific industries and sectors of high interest or value (e.g., healthcare, finance, critical infrastructure, and the government).

[1]  M. Singh,et al.  Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework , 2022, Sensors.

[2]  L. Nicolescu,et al.  Human-Computer Interaction in Customer Service: The Experience with AI Chatbots—A Systematic Literature Review , 2022, Electronics.

[3]  Rajesh Kumar,et al.  APT attacks on industrial control systems: A tale of three incidents , 2022, Int. J. Crit. Infrastructure Prot..

[4]  Jun Wu,et al.  Explainable Intelligence-Driven Defense Mechanism Against Advanced Persistent Threats: A Joint Edge Game and AI Approach , 2022, IEEE Transactions on Dependable and Secure Computing.

[5]  Munindar P. Singh,et al.  Foureye: Defensive Deception Against Advanced Persistent Threats via Hypergame Theory , 2022, IEEE Transactions on Network and Service Management.

[6]  Dohoon Kim,et al.  SOD2G: A Study on a Social-Engineering Organizational Defensive Deception Game Framework through Optimization of Spatiotemporal MTD and Decoy Conflict , 2021, Electronics.

[7]  Rajesh Kumar,et al.  APT: a buzzword and a reality - A bibliometric review of the literature (2010–2020) , 2021, 2021 IEEE 23rd Int Conf on High Performance Computing & Communications; 7th Int Conf on Data Science & Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys).

[8]  Alex Skvortsov,et al.  Game Theory in Defence Applications: A Review , 2021, Sensors.

[9]  Kyungho Lee,et al.  Automatically Attributing Mobile Threat Actors by Vectorized ATT&CK Matrix and Paired Indicator , 2021, Sensors.

[10]  Xiaofeng Tao,et al.  Differential game-based analysis of multi-attacker multi-defender interaction , 2021, Science China Information Sciences.

[11]  Jinglei Tan,et al.  Optimal temporospatial strategy selection approach to moving target defense: A FlipIt differential game model , 2021, Comput. Secur..

[12]  Stefan Rass,et al.  Game-Theoretic Decision Support for Cyber Forensic Investigations , 2021, Sensors.

[13]  Yuewei Dai,et al.  Honeypot Detection Strategy Against Advanced Persistent Threats in Industrial Internet of Things: A Prospect Theoretic Game , 2021, IEEE Internet of Things Journal.

[14]  Quan Xiao,et al.  Understanding the asymmetric perceptions of smartphone security from security feature perspective: A comparative study , 2021, Telematics Informatics.

[15]  Wei Yin,et al.  Quantitative cyber-physical security analysis methodology for industrial control systems based on incomplete information Bayesian game , 2021, Comput. Secur..

[16]  Draguna Vrabie,et al.  Metagames and Hypergames for Deception-Robust Control , 2021, ACM Trans. Cyber Phys. Syst..

[17]  Mohammad Zulkernine,et al.  Protecting the Internet of Vehicles Against Advanced Persistent Threats: A Bayesian Stackelberg Game , 2021, IEEE Transactions on Reliability.

[18]  B. Shanmugam,et al.  A review of threat modelling approaches for APT-style attacks , 2021, Heliyon.

[19]  Yong Xiang,et al.  Defense Against Advanced Persistent Threat Through Data Backup and Recovery , 2020, IEEE Transactions on Network Science and Engineering.

[20]  Yuan Yan Tang,et al.  A Risk Management Approach to Defending Against the Advanced Persistent Threat , 2020, IEEE Transactions on Dependable and Secure Computing.

[21]  Thar Baker,et al.  An adaptive defense mechanism to prevent advanced persistent threats , 2020, Connect. Sci..

[22]  E. Mayo-Wilson,et al.  The PRISMA 2020 statement: an updated guideline for reporting systematic reviews , 2020, BMJ.

[23]  Upal Mahbub,et al.  Impact of injection attacks on sensor-based continuous authentication for smartphones , 2020, Comput. Commun..

[24]  Tianqing Zhu,et al.  A Differentially Private Game Theoretic Approach for Deceiving Cyber Adversaries , 2020, IEEE Transactions on Information Forensics and Security.

[25]  Yan Jia,et al.  A Review of APT Attack Detection Methods and Defense Strategies , 2020, 2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC).

[26]  Quanyan Zhu,et al.  Duplicity Games for Deception Design With an Application to Insider Threat Mitigation , 2020, IEEE Transactions on Information Forensics and Security.

[27]  Jin Hui,et al.  Optimal Timing Selection Approach to Moving Target Defense: A FlipIt Attack-Defense Game Model , 2020, Secur. Commun. Networks.

[28]  Chen Chen,et al.  Optimal Decision Making Approach for Cyber Security Defense Using Evolutionary Game , 2020, IEEE Transactions on Network and Service Management.

[29]  Mumbi Chishimba,et al.  Modeling and detection of the multi-stages of Advanced Persistent Threats attacks based on semi-supervised learning and complex networks characteristics , 2020, Future Gener. Comput. Syst..

[30]  Manmeet Mahinderjit Singh,et al.  Sentient-based Access Control model: A mitigation technique for Advanced Persistent Threats in Smartphones , 2020, J. Inf. Secur. Appl..

[31]  Branka Stojanovic,et al.  APT datasets and attack modeling for automated detection methods: A review , 2020, Comput. Secur..

[32]  Anju Sharma,et al.  GTM-CSec: Game theoretic model for cloud security based on IDS and honeypot , 2020, Comput. Secur..

[33]  Zengguang Wang,et al.  Optimal Network Defense Strategy Selection Based on Markov Bayesian Game , 2019, KSII Trans. Internet Inf. Syst..

[34]  David Rios Insua,et al.  Insider Threat Modeling: An Adversarial Risk Analysis Approach , 2019, IEEE Transactions on Information Forensics and Security.

[35]  Quanyan Zhu,et al.  $\mathtt{FlipIn}$ : A Game-Theoretic Cyber Insurance Framework for Incentive-Compatible Cyber Risk Management of Internet of Things , 2019, IEEE Transactions on Information Forensics and Security.

[36]  Karel Horák,et al.  Optimizing honeypot strategies against dynamic lateral movement using partially observable stochastic games , 2019, Comput. Secur..

[37]  Kevin C. Desouza,et al.  Strategically-motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack , 2019, Comput. Secur..

[38]  Wanlei Zhou,et al.  Effective Repair Strategy Against Advanced Persistent Threat: A Differential Game Approach , 2019, IEEE Transactions on Information Forensics and Security.

[39]  Quanyan Zhu,et al.  A Dynamic Games Approach to Proactive Defense Strategies against Advanced Persistent Threats in Cyber-Physical Systems , 2019, Comput. Secur..

[40]  Kyungho Lee,et al.  Threat Assessment for Android Environment with Connectivity to IoT Devices from the Perspective of Situational Awareness , 2019, Wirel. Commun. Mob. Comput..

[41]  Yun Chen,et al.  Dynamic defense strategy against advanced persistent threat under heterogeneous networks , 2019, Inf. Fusion.

[42]  Dusit Niyato,et al.  Dynamic Resource Management to Defend Against Advanced Persistent Threats in Fog Computing: A Game Theoretic Approach , 2019, IEEE Transactions on Cloud Computing.

[43]  Dijiang Huang,et al.  A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities , 2019, IEEE Communications Surveys & Tutorials.

[44]  Radha Poovendran,et al.  A Game-Theoretic Approach for Dynamic Information Flow Tracking to Detect Multistage Advanced Persistent Threats , 2018, IEEE Transactions on Automatic Control.

[45]  H. Vincent Poor,et al.  Attacker-Centric View of a Detection Game against Advanced Persistent Threats , 2018, IEEE Transactions on Mobile Computing.

[46]  Branislav Bosanský,et al.  An Initial Study of Targeted Personality Models in the FlipIt Game , 2018, GameSec.

[47]  Draguna Vrabie,et al.  Hypergames and Cyber-Physical Security for Control Systems , 2018, ACM Trans. Cyber Phys. Syst..

[48]  Yevgeniy Vorobeychik,et al.  Detection and Mitigation of Attacks on Transportation Networks as a Multi-Stage Security Game , 2018, Comput. Secur..

[49]  Quanyan Zhu,et al.  iSTRICT: An Interdependent Strategic Trust Mechanism for the Cloud-Enabled Internet of Controlled Things , 2018, IEEE Transactions on Information Forensics and Security.

[50]  Quanyan Zhu,et al.  Modeling and Analysis of Leaky Deception Using Signaling Games With Evidence , 2018, IEEE Transactions on Information Forensics and Security.

[51]  Quanyan Zhu,et al.  On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats , 2018, IEEE Access.

[52]  Liang Xiao,et al.  Defense Against Advanced Persistent Threats in Dynamic Cloud Storage: A Colonel Blotto Game Approach , 2018, IEEE Internet of Things Journal.

[53]  Ken Choi,et al.  Game theory-based Security Vulnerability Quantification for Social Internet of Things , 2017, Future Gener. Comput. Syst..

[54]  Ikerionwu Charles,et al.  Game Theory Basics and Its Application in Cyber Security , 2017 .

[55]  Quanyan Zhu,et al.  Strategic Trust in Cloud-Enabled Cyber-Physical Systems With an Application to Glucose Control , 2017, IEEE Transactions on Information Forensics and Security.

[56]  Quanyan Zhu,et al.  Security as a Service for Cloud-Enabled Internet of Controlled Things Under Advanced Persistent Threats: A Contract Design Approach , 2017, IEEE Transactions on Information Forensics and Security.

[57]  Shaolei Ren,et al.  Game Theory for Cyber Security and Privacy , 2017, ACM Comput. Surv..

[58]  Quanyan Zhu,et al.  Physical Intrusion Games—Optimizing Surveillance by Simulation and Game Theory , 2017, IEEE Access.

[59]  H. Vincent Poor,et al.  Cloud Storage Defense Against Advanced Persistent Threats: A Prospect Theoretic Study , 2017, IEEE Journal on Selected Areas in Communications.

[60]  Stefan Rass,et al.  Defending Against Advanced Persistent Threats Using Game-Theory , 2017, PloS one.

[61]  Quanyan Zhu,et al.  GADAPT: A Sequential Game-Theoretic Framework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats , 2016, GameSec.

[62]  Recep Benzer,et al.  Advanced persistent threats , 2016, 2016 24th Signal Processing and Communication Application Conference (SIU).

[63]  Chitu Okoli,et al.  A Guide to Conducting a Standalone Systematic Literature Review , 2015, Commun. Assoc. Inf. Syst..

[64]  N. Shroff,et al.  Defending Against Stealthy Attacks on Multiple Nodes With Limited Resources: A Game-Theoretic Analysis , 2015, IEEE Transactions on Control of Network Systems.

[65]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[66]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[67]  Roberto Di Pietro,et al.  Smart health: A context-aware health paradigm within smart cities , 2014, IEEE Communications Magazine.

[68]  Levente Buttyán,et al.  The Cousins of Stuxnet: Duqu, Flame, and Gauss , 2012, Future Internet.

[69]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[70]  Kate Munro,et al.  Deconstructing Flame: the limitations of traditional defences , 2012 .

[71]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[72]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[73]  Pearl Brereton,et al.  Performing systematic literature reviews in software engineering , 2006, ICSE.

[74]  M. Petticrew,et al.  Systematic Reviews in the Social Sciences: A Practical Guide , 2005 .

[75]  Larry Press,et al.  Personal computing: the post-PC era , 1999, CACM.

[76]  Eman J. Khaleefa,et al.  Concept and difficulties of advanced persistent threats (APT): Survey , 2022 .

[77]  Jinglei Tan,et al.  Optimal Network Defense Strategy Selection Method: A Stochastic Differential Game Model , 2021, Secur. Commun. Networks.

[78]  Rajesh Kumar,et al.  Analyzing Advanced Persistent Threats Using Game Theory: A Critical Literature Review , 2021, Critical Infrastructure Protection.

[79]  Quanyan Zhu,et al.  Game Theory for Cyber Deception , 2021, Static & Dynamic Game Theory: Foundations & Applications.

[80]  Tom Holvoet,et al.  Exponential discounting in security games of timing , 2021, J. Cybersecur..

[81]  Trent Jaeger,et al.  SolarWinds and the Challenges of Patching: Can We Ever Stop Dancing With the Devil? , 2021, IEEE Secur. Priv..

[82]  Yussuf Ahmed,et al.  A Cyber Kill Chain Approach for Detecting Advanced Persistent Threats , 2021, Computers, Materials & Continua.

[83]  Qinglei Kong,et al.  Anti-Honeypot Enabled Optimal Attack Strategy for Industrial Cyber-Physical Systems , 2020, IEEE Open Journal of the Computer Society.

[84]  Yuewei Dai,et al.  Prospect Theoretic Study of Honeypot Defense Against Advanced Persistent Threats in Power Grid , 2020, IEEE Access.

[85]  Timo Steffens,et al.  Attribution of Advanced Persistent Threats: How to Identify the Actors Behind Cyber-Espionage , 2020 .

[86]  Xiaofan Yang,et al.  On Dynamic Recovery of Cloud Storage System Under Advanced Persistent Threats , 2019, IEEE Access.

[87]  Ruzanna Chitchyan,et al.  Data exfiltration: A review of external attack vectors and countermeasures , 2018, J. Netw. Comput. Appl..

[88]  Jindong Wang,et al.  Markov Differential Game for Network Defense Decision-Making Method , 2018, IEEE Access.

[89]  Liang Xiao,et al.  Evolutionary Game Theoretic Analysis of Advanced Persistent Threats Against Cloud Storage , 2017, IEEE Access.

[90]  Гарнаева Мария Александровна,et al.  Kaspersky security Bulletin 2013 , 2014 .

[91]  Richard J. Enbody,et al.  Targeted Cyberattacks: A Superset of Advanced Persistent Threats , 2013, IEEE Security & Privacy.

[92]  Common Attack Pattern Enumeration and Classification — CAPEC TM A Community Knowledge Resource for Building Secure Software , 2013 .

[93]  Eric van Damme,et al.  Non-Cooperative Games , 2000 .

[94]  Roger B. Myerson,et al.  Game theory - Analysis of Conflict , 1991 .