Defense Against Advanced Persistent Threat Through Data Backup and Recovery

Abstract

Advanced persistent threat (APT) as a generic highly sophisticated cyber attack poses a severe threat to organizational data security. Since the conventional detection and repair (DAR)-based APT defense mechanism has several conspicuous drawbacks, it is imperative to develop a more effective and efficient APT defense mechanism. Based on the data backup and recovery (DBAR) techniques developed in the field of disaster recovery, we propose a novel APT defense mechanism referred to as DBAR-based APT defense mechanism, which can overcome the main drawbacks of the DAR-based APT defense mechanism and is expected to be implementable efficiently in the software-defined networking (SDN) paradigm. Under the new mechanism, we study the problem of finding a cost-effective DBAR strategy. Based on a novel dynamic model characterizing the evolution of the expected security status of the organizational network, we reduce the problem to a differential game-theoretic problem, which is aimed to seek a cost-effective DBAR strategy in terms of the Nash equilibrium solution concept. Next, we derive the optimality system of the problem. Extensive comparative experiments show that the DBAR strategy obtained from the optimality system is cost-effective in the sense of Nash equilibrium solution concept.