File(s) under permanent embargo
A risk management approach to defending against the advanced persistent threat
journal contribution
posted on 2020-11-01, 00:00 authored by Luxing YangLuxing Yang, P Li, X Yang, Y Y TangIEEE The advanced persistent threat (APT) as a new kind of cyber attack has posed a severe threat to modern organizations. When the APT has been detected, the organization has to deal with the APT response problem, i.e., to allocate the available response resources to fix her insecure hosts so as to mitigate her potential loss. This paper addresses the APT response problem by using the risk management approach. First, we introduce a model characterizing the evolution of the organization's expected state. By analyzing this model, we find the organization's expected state approaches a common limit expected state. Then, we use the organization's expected loss per unit time to measure her potential loss, and we find this measure is determined by the organization's limit expected state. On this basis, we model the APT response problem as a game-theoretic problem (the APT response game) in which the organization seeks a Nash equilibrium. We present a greedy algorithm for solving the game. Comparative experiments show that the algorithm is effective. Therefore, we recommend the response strategy generated by performing the algorithm. These findings contribute to defending against the APT. To our knowledge, this is the first time the APT response problem is addressed.
History
Journal
IEEE transactions on dependable and secure computingVolume
17Issue
6Season
November/DecemberPagination
1163 - 1172Publisher
Institute of Electrical and Electronics EngineersLocation
Piscataway, N.J.Publisher DOI
ISSN
1545-5971eISSN
1941-0018Language
engPublication classification
C1 Refereed article in a scholarly journalCopyright notice
2018, IEEEUsage metrics
Categories
Keywords
advanced persistent threatAPT response gameAPT response problemequilibriumgreedy algorithmpotential lossrisk evaluationrisk managementstate evolution modelScience & TechnologyTechnologyComputer Science, Hardware & ArchitectureComputer Science, Information SystemsComputer Science, Software EngineeringComputer ScienceOrganizationsLoss measurementGamesNash equilibriumMathematical modelTime measurementGAME-THEORYVIRUSMODELComputer SoftwareData FormatDistributed Computing
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC