Effective Repair Strategy Against Advanced Persistent Threat: A Differential Game Approach

Yang, LX; Li, P; Zhang, Y; Yang, X; Xiang, Y; Zhou, W

Effective Repair Strategy Against Advanced Persistent Threat: A Differential Game Approach

Yang, LX Li, P Zhang, Y Yang, X Xiang, Y Zhou, W

Permalink

Publication Type:: Journal Article
Citation:: IEEE Transactions on Information Forensics and Security, 2019, 14 (7), pp. 1713 - 1728
Issue Date:: 2019-07-01

Closed Access

	Filename	Description	Size
	08565986.pdf	Published Version	4.53 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Yang, LX	en_US
dc.contributor.author	Li, P	en_US
dc.contributor.author	Zhang, Y	en_US
dc.contributor.author	Yang, X	en_US
dc.contributor.author	Xiang, Y	en_US
dc.contributor.author	Zhou, W https://orcid.org/0000-0002-1680-2521	en_US
dc.date.issued	2019-07-01	en_US
dc.identifier.citation	IEEE Transactions on Information Forensics and Security, 2019, 14 (7), pp. 1713 - 1728	en_US
dc.identifier.issn	1556-6013	en_US
dc.identifier.uri	http://hdl.handle.net/10453/133049
dc.description.abstract	© 2005-2012 IEEE. Advanced persistent threat (APT) is a new kind of cyberattack that poses a serious threat to modern society. When an APT campaign on an organization has been identified, the available repair resources must be reasonably allocated to the potentially insecure hosts to mitigate the potential loss of the organization. We refer to the feasible repair resource allocation strategies as repair strategies. This paper focuses on the APT repair problem, i.e., the problem of developing effective repair strategies for organizations. First, for an organization with time-varying communication relationship, we establish an evolution model of the organization's expected state, in which the impact of lateral movement of APT is accommodated. On this basis, we model the APT repair problem as a differential Nash game problem (the APT repair game) in which the attacker attempts to maximize his potential benefit, and the organization manages to minimize its potential loss. Second, we derive a system (the potential system) for calculating a potential Nash equilibrium of an APT repair game, and we examine the structure of the potential attack and repair strategies in a potential Nash equilibrium. Next, we solve some potential systems to get the corresponding potential Nash equilibria. Finally, by comparison with a large number of randomly generated attack and repair strategies, we conclude that the potential Nash equilibrium of each APT repair game is a Nash equilibrium of the game. Therefore, we recommend to organizations their respective potential repair strategies. Our findings help to better understand and effectively defend against APT.	en_US
dc.relation	http://purl.org/au-research/grants/arc/LP170100458
dc.relation.ispartof	IEEE Transactions on Information Forensics and Security	en_US
dc.relation.isbasedon	10.1109/TIFS.2018.2885251	en_US
dc.subject.classification	Strategic, Defence & Security Studies	en_US
dc.title	Effective Repair Strategy Against Advanced Persistent Threat: A Differential Game Approach	en_US
dc.type	Journal Article
utslib.citation.volume	7	en_US
utslib.citation.volume	14	en_US
utslib.for	0806 Information Systems	en_US
utslib.for	0102 Applied Mathematics	en_US
utslib.for	08 Information and Computing Sciences	en_US
utslib.for	09 Engineering	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	closed_access
pubs.issue	7	en_US
pubs.publication-status	Published	en_US
pubs.volume	14	en_US

Abstract:

© 2005-2012 IEEE. Advanced persistent threat (APT) is a new kind of cyberattack that poses a serious threat to modern society. When an APT campaign on an organization has been identified, the available repair resources must be reasonably allocated to the potentially insecure hosts to mitigate the potential loss of the organization. We refer to the feasible repair resource allocation strategies as repair strategies. This paper focuses on the APT repair problem, i.e., the problem of developing effective repair strategies for organizations. First, for an organization with time-varying communication relationship, we establish an evolution model of the organization's expected state, in which the impact of lateral movement of APT is accommodated. On this basis, we model the APT repair problem as a differential Nash game problem (the APT repair game) in which the attacker attempts to maximize his potential benefit, and the organization manages to minimize its potential loss. Second, we derive a system (the potential system) for calculating a potential Nash equilibrium of an APT repair game, and we examine the structure of the potential attack and repair strategies in a potential Nash equilibrium. Next, we solve some potential systems to get the corresponding potential Nash equilibria. Finally, by comparison with a large number of randomly generated attack and repair strategies, we conclude that the potential Nash equilibrium of each APT repair game is a Nash equilibrium of the game. Therefore, we recommend to organizations their respective potential repair strategies. Our findings help to better understand and effectively defend against APT.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/133049