Impulsive Artificial Defense Against Advanced Persistent Threat

Abstract

Advanced persistent threat (APT) as a new type of cyber espionage poses a severe threat to modern organizations. Artificial APT defense, in which an organization engages experienced cybersecurity experts to artificially check if there exist rootkits implanted by APT actors within the organizational internet and, if so, artificially remove the discovered rootkits, is recognized as an indispensable part of APT defense. There are two different ways of artificial APT defenses: continuous artificial defense (CAD), where the defense work is conducted at all time points, and impulsive artificial defense (IAD), where the defense work is conducted at a scheduled sequence of time points. IAD is superior to CAD in terms of the overall service cost. In the context of IAD, we refer to each sequence of service costs as an IAD policy. This paper addresses the problem of developing a cost-effective IAD policy (the IAD problem). First, by introducing an impulsive state evolutionary model for the organizational intranet, the IAD problem is reduced to an optimal impulsive control model (the IAD model). Second, by deriving the optimality system for the IAD model, an iterative algorithm for solving the IAD model (the IAD algorithm) is presented. Next, the convergence and effectiveness of the IAD algorithm are validated through numerical experiments. Finally, the effect of some factors is inspected. To our knowledge, this is the first time IAD is inspected from the perspective of optimal impulsive control theory.