Defense for Advanced Persistent Threat with Inadvertent and Malicious Insider Threats

Abstract

In this paper, we propose a game theory framework to solve advanced persistent threat problems, especially considering two types of insider threats: malicious and inadvertent. Within this framework, we establish a unified three-player game model and derive Nash equilibria in response to different types of insider threats. By analyzing these Nash equilibria, we provide quantitative solutions to advanced persistent threat problems pertaining to insider threats. Furthermore, we have conducted a comparative assessment of the optimal defense strategy and corresponding defender’s costs between two types of insider threats. Interestingly, our findings advocate a more proactive defense strategy against inadvertent insider threats in contrast to malicious ones, despite the latter imposing a higher burden on the defender. Our theoretical results are substantiated by numerical results, which additionally include a detailed exploration of the conditions under which different insiders adopt risky strategies. These conditions can serve as guiding indicators for the defender when calibrating their monitoring intensities and devising defensive strategies.