Modelling the Impact of Threat Intelligence on Advanced Persistent Threat Using Games

  • Andrew FielderEmail author
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12065)


System administrator time is not dedicated to just cyber security tasks. With a wide variety of activities that need to be undertaken being able to monitor and respond to cyber security incidents is not always possible. Advanced persistent threats to critical systems make this even harder to manage.

The model presented in this paper looks at the Lockheed Martin Cyber Kill Chain as a method of representing advanced persistent threats to a system. The model identifies the impact that using threat intelligence gains over multiple attacks to help better defend a system.

Presented as a game between a persistent attacker and a dedicated defender, findings are established by utilising simulations of repeated attacks. Experimental methods are used to identify the impact that threat intelligence has on the capability for the defender to reduce the likelihood of harm to the system.


  1. 1.
  2. 2.
    Beres, Y., Griffin, J., Shiu, S., Heitman, M., Markle, D., Ventura, P.: Analysing the performance of security solutions to reduce vulnerability exposure window. In: 2008 Annual Computer Security Applications Conference (ACSAC), pp. 33–42. IEEE (2008)Google Scholar
  3. 3.
    Caulfield, T., Fielder, A.: Optimizing time allocation for network defence. J. Cybersecur. 1(1), 37–51 (2015). Scholar
  4. 4.
    Chen, J., Zhu, Q.: Security as a service for cloud-enabled internet of controlled things under advanced persistent threats: a contract design approach. IEEE Trans. Inf. Forensics Secur. 12(11), 2736–2750 (2017)CrossRefGoogle Scholar
  5. 5.
    Feng, X., Zheng, Z., Cansever, D., Swami, A., Mohapatra, P.: Stealthy attacks with insider information: a game theoretic model with asymmetric feedback. In: 2016 IEEE Military Communications Conference, MILCOM 2016, pp. 277–282. IEEE (2016)Google Scholar
  6. 6.
    Fielder, A., Li, T., Hankin, C.: Defense-in-depth vs. critical component defense for industrial control systems (2016)Google Scholar
  7. 7.
    Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Game theory meets information security management. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 15–29. Springer, Heidelberg (2014). Scholar
  8. 8.
    Frei, S., May, M., Fiedler, U., Plattner, B.: Large-scale vulnerability analysis. In: Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense, pp. 131–138. ACM (2006)Google Scholar
  9. 9.
    Hu, P., Li, H., Fu, H., Cansever, D., Mohapatra, P.: Dynamic defense strategy against advanced persistent threat with insiders. In: 2015 IEEE Conference on Computer Communications (INFOCOM), pp. 747–755. IEEE (2015)Google Scholar
  10. 10.
    Lye, K.W., Wing, J.M.: Game strategies in network security. Int. J. Inf. Secur. 4(1–2), 71–86 (2005)CrossRefGoogle Scholar
  11. 11.
    Rass, S., König, S., Schauer, S.: Defending against advanced persistent threats using game-theory. PloS One 12(1), e0168675 (2017)CrossRefGoogle Scholar
  12. 12.
    Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)CrossRefGoogle Scholar
  13. 13.
    Van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: FlipIt: the game of “stealthy takeover". J. Cryptol. 26(4), 655–713 (2013)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Xiao, L., Xu, D., Xie, C., Mandayam, N.B., Poor, H.V.: Cloud storage defense against advanced persistent threats: a prospect theoretic study. IEEE J. Sel. Areas Commun. 35(3), 534–544 (2017)CrossRefGoogle Scholar
  15. 15.
    Zhang, M., Zheng, Z., Shroff, N.B.: A game theoretic model for defending against stealthy attacks with limited resources. In: Khouzani, M.H.R., Panaousis, E., Theodorakopoulos, G. (eds.) GameSec 2015. LNCS, vol. 9406, pp. 93–112. Springer, Cham (2015). Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Institute for Security Science and TechnologyImperial College LondonLondonUK

Personalised recommendations