Abstract
Advanced persistent threats (APT) combine a variety of different attack forms ranging from social engineering to technical exploits. The diversity and usual stealthiness of APT turns them into a central problem of contemporary practical system security, since information on attacks, the current system status or the attacker’s incentives is often vague, uncertain and in many cases even unavailable. Game theory is a natural approach to model the conflict between the attacker and the defender, and this work investigates a generalized class of matrix games as a risk mitigation tool for an advanced persistent threat (APT) defense. Unlike standard game and decision theory, our model is tailored to capture and handle the full uncertainty that is immanent to APTs, such as disagreement among qualitative expert risk assessments, unknown adversarial incentives and uncertainty about the current system state (in terms of how deeply the attacker may have penetrated into the system’s protective shells already). Practically, game-theoretic APT models can be derived straightforwardly from topological vulnerability analysis, together with risk assessments as they are done in common risk management standards like the ISO 31000 family. Theoretically, these models come with different properties than classical game theoretic models, whose technical solution presented in this work may be of independent interest.
Highlights
The increasing heterogeneity, connectivity and openness of today’s information systems often lets cyber-attackers find ways into a system on a considerably large lot of different paths
An Advanced persistent threats (APT) would in this view be mounted along any of the existing paths from the root of the attack graph down to the goal, with the difference to extensive form games (EFGs) mostly being the fact that the “game” does not clearly define when the players are taking their moves
The stealthiness of APT adds an element of uncertainty that original game theory covers with extended notions like stochastic games or games with incomplete information
Summary
The increasing heterogeneity, connectivity and openness of today’s information systems often lets cyber-attackers find ways into a system on a considerably large lot of different paths. APTs naturally respond to the increasing diversity of security precautions by mounting attacks in a stealthy and diverse fashion, so as to remain “under the radar” for as long as is required until the target system has been penetrated, infected and can be attacked as intended. Countermeasures may come too late to be effective any more, since the damage has already been caused by the time when the attack is detected. Mitigating APTs is in most cases a matter of technical precautions, and some sort of fight against an invisible opponent and external influences on the system (coming from other connected systems but primarily due to the APT remaining hidden). The question of economics becomes difficult and fuzzy, since the return on security investments is almost impossible to quantify in light of many factors that are outside the security officer’s scope of influence
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
