On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats

Quanyan Zhu, Stefan Rass

Research output: Contribution to journalArticle

Abstract

Advanced persistent threats (APT) are considered as a significant security threat today. Despite their diversity in nature and details, a common skeleton and sequence of phases can be identified that these attacks follow (in similar ways), which admits a game-theoretic description and analysis. This work describes a general framework that divides a general APT into three major temporal phases, and fits an individual game model to each phase, connecting the games at the transition points between the phases (similarly to “milestones” accomplished during the launch of an APT). The theoretical description is derived from a running example. The benefit of this game-theoretic perspective is at least threefold, as it 1) helps to systematize the threat and respective mitigation actions (by turning them into pure strategies for the gameplay), 2) provides optimized actions for defense and attack, where the latter can be taken as a (non-unique) indication of neuralgic points, and 3) provides quantitative measures of resilience against an APT, in terms that can be defined freely by a security officer. We illustrate this approach with a numerical example.

Original languageEnglish (US)
JournalIEEE Access
DOIs
StateAccepted/In press - Mar 9 2018

Keywords

  • Command and control systems
  • Game theory
  • Games
  • Malware
  • Physical layer
  • Security
  • Weapons

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Cite this

On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats. / Zhu, Quanyan; Rass, Stefan.

In: IEEE Access, 09.03.2018.

Research output: Contribution to journalArticle

@article{2875a99eeff64ec2bff1f793c796ce5a,
title = "On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats",
abstract = "Advanced persistent threats (APT) are considered as a significant security threat today. Despite their diversity in nature and details, a common skeleton and sequence of phases can be identified that these attacks follow (in similar ways), which admits a game-theoretic description and analysis. This work describes a general framework that divides a general APT into three major temporal phases, and fits an individual game model to each phase, connecting the games at the transition points between the phases (similarly to “milestones” accomplished during the launch of an APT). The theoretical description is derived from a running example. The benefit of this game-theoretic perspective is at least threefold, as it 1) helps to systematize the threat and respective mitigation actions (by turning them into pure strategies for the gameplay), 2) provides optimized actions for defense and attack, where the latter can be taken as a (non-unique) indication of neuralgic points, and 3) provides quantitative measures of resilience against an APT, in terms that can be defined freely by a security officer. We illustrate this approach with a numerical example.",
keywords = "Command and control systems, Game theory, Games, Malware, Physical layer, Security, Weapons",
author = "Quanyan Zhu and Stefan Rass",
year = "2018",
month = "3",
day = "9",
doi = "10.1109/ACCESS.2018.2814481",
language = "English (US)",
journal = "IEEE Access",
issn = "2169-3536",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats

AU - Zhu, Quanyan

AU - Rass, Stefan

PY - 2018/3/9

Y1 - 2018/3/9

N2 - Advanced persistent threats (APT) are considered as a significant security threat today. Despite their diversity in nature and details, a common skeleton and sequence of phases can be identified that these attacks follow (in similar ways), which admits a game-theoretic description and analysis. This work describes a general framework that divides a general APT into three major temporal phases, and fits an individual game model to each phase, connecting the games at the transition points between the phases (similarly to “milestones” accomplished during the launch of an APT). The theoretical description is derived from a running example. The benefit of this game-theoretic perspective is at least threefold, as it 1) helps to systematize the threat and respective mitigation actions (by turning them into pure strategies for the gameplay), 2) provides optimized actions for defense and attack, where the latter can be taken as a (non-unique) indication of neuralgic points, and 3) provides quantitative measures of resilience against an APT, in terms that can be defined freely by a security officer. We illustrate this approach with a numerical example.

AB - Advanced persistent threats (APT) are considered as a significant security threat today. Despite their diversity in nature and details, a common skeleton and sequence of phases can be identified that these attacks follow (in similar ways), which admits a game-theoretic description and analysis. This work describes a general framework that divides a general APT into three major temporal phases, and fits an individual game model to each phase, connecting the games at the transition points between the phases (similarly to “milestones” accomplished during the launch of an APT). The theoretical description is derived from a running example. The benefit of this game-theoretic perspective is at least threefold, as it 1) helps to systematize the threat and respective mitigation actions (by turning them into pure strategies for the gameplay), 2) provides optimized actions for defense and attack, where the latter can be taken as a (non-unique) indication of neuralgic points, and 3) provides quantitative measures of resilience against an APT, in terms that can be defined freely by a security officer. We illustrate this approach with a numerical example.

KW - Command and control systems

KW - Game theory

KW - Games

KW - Malware

KW - Physical layer

KW - Security

KW - Weapons

UR - http://www.scopus.com/inward/record.url?scp=85043486803&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85043486803&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2018.2814481

DO - 10.1109/ACCESS.2018.2814481

M3 - Article

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

ER -