Biblio

An advanced persistent threat (APT) attack is a powerful cyber-weapon aimed at the specific targets in cyberspace. The sophisticated attack techniques, long dwell time and specific objectives make the traditional defense mechanism ineffective. However, most existing studies fail to consider the theoretical modeling of the whole APT attack. In this paper, we mainly establish a theoretical framework to characterize an information-based APT attack on the internal network. In particular, our mathematical framework includes the initial entry model for selecting the entry points and the targeted attack model for studying the intelligence gathering, strategy decision-making, weaponization and lateral movement. Through a series of simulations, we find the optimal candidate nodes in the initial entry model, observe the dynamic change of the targeted attack model and verify the characteristics of the APT attack.

In this paper, the mathematical framework of behavioral system will be applied to detect the cyber-attack on the networked control system which is used to control the remotely operated underwater vehicle ROV. The Intelligent Generalized Predictive Controller IGPC is used to control the ROV. The IGPC is designed with fault-tolerant ability. In consequence of the used fault accommodation technique, the proposed cyber-attacks detector is able to clearly detect the presence of attacker control signal and to distinguish between the effects of the attacker signal and fault on the plant side. The test result of the suggested method demonstrates that it can be considerably used for detection of the cyber-attack.