This paper is devoted to measuring the security of cyber networks under advanced persistent threats (APTs). First, an APT-based cyber attack-defense process is modeled as an individual-level dynamical system. Second, the dynamic model is shown to exhibit the global stability. On this basis, a new security metric of cyber networks, which is known as the limit security, is defined as the limit expected fraction of compromised nodes in the networks. Next, the influence of different factors on the limit security is illuminated through theoretical analysis and computer simulation.This work helps understand the security of cyber networks under APTs.Advanced persistent threats (APTs) are a newly emerging class of cyber attacks. With a clear goal, an APT attack is highly targeted, well-organized, well-resourced, covert and long-term [9][10][11]. APTs pose a severe threat to cyberspace, because they invalidate conventional cyber defense mechanisms. In the last decade, the number of APTs increased rapidly and numerous security incidents were reported all over the world [12]. For the purpose of resisting APTs, it is vital to evaluate the security of cyber networks under APTs. However, due to the persistence of APTs, existing security evaluation methods are not applicable to APTs [13][14][15][16][17]. Recently, Pendleton et al. [18] considered the expected fraction of compromised nodes in a cyber network as a security metric of the network. As the fraction is varying over time, its availability is questionable.To measure the security of a cyber network under APTs, an APT-based cyber attack-defense process must be modeled as a continuous-time dynamical system. The individual-level dynamical modeling technique, which has been applied to areas such as epidemic spreading [19][20][21], malware spreading [22][23][24][25][26][27][28][29], rumor spreading [30, 31] and viral marketing [32], is especially suited to the modeling of APT-based cyber attack-defense processes, because the topological structure of the targeted cyber network can be accommodated [33]. Towards this direction, a number of APT-based cyber attack-defense models have been proposed [34][35][36]. In particular, Zheng et al. [37] found that a special APT-based cyber attack-defense model exhibits a global stability. This paper focuses on estimating security of cyber networks under APTs. First, an APT-based cyber attackdefense process is modeled as an individual-level dynamical system. Second, the dynamic model is shown to exhibit the global stability. On this basis, a new security metric of cyber networks, which is known as the limit security, is defined as the limit expected fraction of compromised nodes in the networks. Next, the influence of different factors on the limit security is illuminated through theoretical analysis and computer simulation. This work helps understand the security of cyber networks under APTs.The remaining materials are organized this way. Section 2 derives an APT-based cyber attack-defense model. Section 3 shows the global stability of the...
