Visible to the public "Dynamic defense strategy against advanced persistent threat with insiders"Conflict Detection Enabled

Title"Dynamic defense strategy against advanced persistent threat with insiders"
Publication TypeConference Paper
Year of Publication2015
AuthorsP. Hu, H. Li, H. Fu, D. Cansever, P. Mohapatra
Conference Name2015 IEEE Conference on Computer Communications (INFOCOM)
Date PublishedApril
PublisherIEEE
ISBN Number978-1-4799-8381-0
Accession Number15385211
Keywordsadvanced persistent threat, APT, attack process, computer security, Computers, Cost function, cyber security, defense/attack game, dynamic defense strategy, game theory, Games, information-trading game, Joints, malicious gain, Nash equilibrium, pubcrawl170101, security of data, two-layer game model
Abstract

The landscape of cyber security has been reformed dramatically by the recently emerging Advanced Persistent Threat (APT). It is uniquely featured by the stealthy, continuous, sophisticated and well-funded attack process for long-term malicious gain, which render the current defense mechanisms inapplicable. A novel design of defense strategy, continuously combating APT in a long time-span with imperfect/incomplete information on attacker's actions, is urgently needed. The challenge is even more escalated when APT is coupled with the insider threat (a major threat in cyber-security), where insiders could trade valuable information to APT attacker for monetary gains. The interplay among the defender, APT attacker and insiders should be judiciously studied to shed insights on a more secure defense system. In this paper, we consider the joint threats from APT attacker and the insiders, and characterize the fore-mentioned interplay as a two-layer game model, i.e., a defense/attack game between defender and APT attacker and an information-trading game among insiders. Through rigorous analysis, we identify the best response strategies for each player and prove the existence of Nash Equilibrium for both games. Extensive numerical study further verifies our analytic results and examines the impact of different system configurations on the achievable security level.

URLhttp://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218444&isnumber=7218353
DOI10.1109/INFOCOM.2015.7218444
Citation Key7218444