Optimal Timing in Dynamic and Robust Attacker Engagement during Advanced Persistent Threats

Jeffrey Pawlick, Thi Thu Hang Nguyen, Edward Colbert, Quanyan Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Advanced persistent threats (APTs) are stealthy attacks which make use of social engineering and deception to give adversaries insider access to networked systems. Against APTs, active defense technologies aim to create and exploit information asymmetry for defenders. In this paper, we study a scenario in which a powerful defender uses honeynets for active defense in order to observe an attacker who has penetrated the network. Rather than immediately eject the attacker, the defender may elect to gather information. We introduce an undiscounted, infinite-horizon Markov decision process on a continuous state space in order to model the defender's problem. We find a threshold of information that the defender should gather about the attacker before ejecting him. Then we study the robustness of this policy using a Stackelberg game. Finally, we simulate the policy for a conceptual network. Our results provide a quantitative foundation for studying optimal timing for attacker engagement in network defense.

Original languageEnglish (US)
Title of host publicationProceedings - 17th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, WiOpt 2019
EditorsFrancesco de Pelligrini, Francesco de Pelligrini, Walid Saad, Chee Wei Tan
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9783903176201
DOIs
StatePublished - Jun 2019
Event17th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, WiOpt 2019 - Avignon, France
Duration: Jun 3 2019Jun 7 2019

Publication series

NameProceedings - 17th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, WiOpt 2019

Conference

Conference17th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, WiOpt 2019
CountryFrance
CityAvignon
Period6/3/196/7/19

Keywords

  • advanced persistent threat
  • attacker engagement
  • Markov decision process
  • Security
  • Stackelberg game

ASJC Scopus subject areas

  • Hardware and Architecture
  • Signal Processing
  • Safety, Risk, Reliability and Quality
  • Control and Optimization
  • Modeling and Simulation
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Optimal Timing in Dynamic and Robust Attacker Engagement during Advanced Persistent Threats'. Together they form a unique fingerprint.

Cite this