TY - JOUR
T1 - On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats
AU - Zhu, Quanyan
AU - Rass, Stefan
N1 - Publisher Copyright:
© 2018 IEEE.
Copyright:
Copyright 2018 Elsevier B.V., All rights reserved.
PY - 2018/3/9
Y1 - 2018/3/9
N2 - Advanced persistent threats (APT) are considered as a significant security threat today. Despite their diversity in nature and details, a common skeleton and sequence of phases can be identified that these attacks follow (in similar ways), which admits a game-theoretic description and analysis. This paper describes a general framework that divides a general APT into three major temporal phases, and fits an individual game model to each phase, connecting the games at the transition points between the phases (similarly to "milestones" accomplished during the launch of an APT). The theoretical description is derived from a running example. The benefit of this game-theoretic perspective is at least threefold, as it 1) helps to systematize the threat and respective mitigation actions (by turning them into pure strategies for the gameplay); 2) provides optimized actions for defense and attack, where the latter can be taken as a (non-unique) indication of neuralgic points; and 3) provides quantitative measures of resilience against an APT, in terms that can be defined freely by a security officer. We illustrate this approach with a numerical example.
AB - Advanced persistent threats (APT) are considered as a significant security threat today. Despite their diversity in nature and details, a common skeleton and sequence of phases can be identified that these attacks follow (in similar ways), which admits a game-theoretic description and analysis. This paper describes a general framework that divides a general APT into three major temporal phases, and fits an individual game model to each phase, connecting the games at the transition points between the phases (similarly to "milestones" accomplished during the launch of an APT). The theoretical description is derived from a running example. The benefit of this game-theoretic perspective is at least threefold, as it 1) helps to systematize the threat and respective mitigation actions (by turning them into pure strategies for the gameplay); 2) provides optimized actions for defense and attack, where the latter can be taken as a (non-unique) indication of neuralgic points; and 3) provides quantitative measures of resilience against an APT, in terms that can be defined freely by a security officer. We illustrate this approach with a numerical example.
KW - H.4.2.a decision support
KW - I.2.1 applications and expert knowledge-intensive systems
KW - K.6.5 security and protection
UR - http://www.scopus.com/inward/record.url?scp=85043486803&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85043486803&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2018.2814481
DO - 10.1109/ACCESS.2018.2814481
M3 - Article
AN - SCOPUS:85043486803
VL - 6
SP - 13958
EP - 13971
JO - IEEE Access
JF - IEEE Access
SN - 2169-3536
ER -