Modelling the Impact of Threat Intelligence on Advanced Persistent Threat Using Games
- 39 Downloads
System administrator time is not dedicated to just cyber security tasks. With a wide variety of activities that need to be undertaken being able to monitor and respond to cyber security incidents is not always possible. Advanced persistent threats to critical systems make this even harder to manage.
The model presented in this paper looks at the Lockheed Martin Cyber Kill Chain as a method of representing advanced persistent threats to a system. The model identifies the impact that using threat intelligence gains over multiple attacks to help better defend a system.
Presented as a game between a persistent attacker and a dedicated defender, findings are established by utilising simulations of repeated attacks. Experimental methods are used to identify the impact that threat intelligence has on the capability for the defender to reduce the likelihood of harm to the system.
- 1.Cyber kill chain (2019). https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
- 2.Beres, Y., Griffin, J., Shiu, S., Heitman, M., Markle, D., Ventura, P.: Analysing the performance of security solutions to reduce vulnerability exposure window. In: 2008 Annual Computer Security Applications Conference (ACSAC), pp. 33–42. IEEE (2008)Google Scholar
- 5.Feng, X., Zheng, Z., Cansever, D., Swami, A., Mohapatra, P.: Stealthy attacks with insider information: a game theoretic model with asymmetric feedback. In: 2016 IEEE Military Communications Conference, MILCOM 2016, pp. 277–282. IEEE (2016)Google Scholar
- 6.Fielder, A., Li, T., Hankin, C.: Defense-in-depth vs. critical component defense for industrial control systems (2016)Google Scholar
- 7.Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Game theory meets information security management. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 15–29. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_2CrossRefzbMATHGoogle Scholar
- 8.Frei, S., May, M., Fiedler, U., Plattner, B.: Large-scale vulnerability analysis. In: Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense, pp. 131–138. ACM (2006)Google Scholar
- 9.Hu, P., Li, H., Fu, H., Cansever, D., Mohapatra, P.: Dynamic defense strategy against advanced persistent threat with insiders. In: 2015 IEEE Conference on Computer Communications (INFOCOM), pp. 747–755. IEEE (2015)Google Scholar
- 15.Zhang, M., Zheng, Z., Shroff, N.B.: A game theoretic model for defending against stealthy attacks with limited resources. In: Khouzani, M.H.R., Panaousis, E., Theodorakopoulos, G. (eds.) GameSec 2015. LNCS, vol. 9406, pp. 93–112. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25594-1_6CrossRefzbMATHGoogle Scholar