Adaptive strategic cyber defense for advanced persistent threats in critical infrastructure networks

Linan Huang, Quanyan Zhu

Research output: Contribution to journalConference articlepeer-review


Advanced Persistent Threats (APTs) have created new security challenges for critical infrastructures due to their stealthy, dynamic, and adaptive natures. In this work, we aim to lay a game-theoretic foundation by establishing a multi-stage Bayesian game framework to capture incomplete information of deceptive APTs and their multistage multi-phase movement. The analysis of the perfect Bayesian Nash equilibrium (PBNE) enables a prediction of attacker's behaviors and a design of defensive strategies that can deter the adversaries and mitigate the security risks. A conjugate-prior method allows online computation of the belief and reduces Bayesian update into an iterative parameter update. The forwardly updated parameters are assimilated into the backward dynamic programming computation to characterize a computationally tractable and time-consistent equilibrium solution based on the expanded state space. The Tennessee Eastman (TE) process control problem is used as a case study to demonstrate the dynamic game under the information asymmetry and show that APTs tend to be stealthy and deceptive during their transitions in the cyber layer and behave aggressively when reaching the targeted physical plant. The online update of the belief allows the defender to learn the behavior of the attacker and choose strategic defensive actions that can thwart adversarial behaviors and mitigate APTs. Numerical results illustrate the defender's tradeoff between the immediate reward and the future expectation as well as the attacker's goal to reach an advantageous system state while making the defender form a positive belief.

Original languageEnglish (US)
Pages (from-to)52-56
Number of pages5
JournalPerformance Evaluation Review
Issue number2
StatePublished - Jan 17 2019
Event2018 Workshop on MAthematical Performance Modeling and Analysis, MAMA 2018 and Workshop on Critical Infrastructure Network Security, CINS 2018 - Irvine, United States
Duration: Jun 1 2018 → …

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications


Dive into the research topics of 'Adaptive strategic cyber defense for advanced persistent threats in critical infrastructure networks'. Together they form a unique fingerprint.

Cite this