A Study on Advanced Persistent Threats

Chen, Ping; Desmet, Lieven; Huygens, Christophe

doi:10.1007/978-3-662-44885-4_5

Cited by 237 publications

(153 citation statements)

References 7 publications

(6 reference statements)

Supporting

Mentioning

124

Contrasting

Unclassified

Order By: Relevance

“…1) PBNE: To this end, given a sequence of beliefs, we can obtain the corresponding DBNE via C k in a backward fashion. However, given a sequence of policies, both players forwardly update their beliefs at each stage by (2). Thus, we need to find a consistent pair of belief and policy sequences.…”

Section: B Multistage Bayesian Game and Pbnementioning

confidence: 99%

“…Then, they compute the DBNE strategy pair σ * ,0:K i , ∀i ∈ {1, 2}, under the given belief sequence at each stage by solving program C k from stage K to stage 0 in sequence. Next, they update their beliefs at each stage according to the strategy pair σ * ,0:K−1 i , ∀i ∈ {1, 2}, via the Bayesian update (2). If the strategy pair σ * ,0:K−1 i , ∀i ∈ {1, 2}, satisfies (5) under the updated belief, we find the ε-PBNE and terminate the iteration.…”

Section: B Multistage Bayesian Game and Pbnementioning

confidence: 99%

See 1 more Smart Citation

A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

Huang

Zhu

2020

Computers & Security

111

View full text Add to dashboard Cite

Advanced Persistent Threats (APTs) have recently emerged as a significant security challenge for Cyber-Physical Systems (CPSs) due to APTs' stealthy, dynamic and adaptive nature. The proactive dynamic defense provides a strategic and holistic security mechanism to increase costs of attacks and mitigate risks. This work proposes a dynamic game framework to model the long-term interaction between the stealthy attacker and the proactive defender. The stealthy and deceptive behaviors are captured by the multistage game of incomplete information, where each player has his own private information unknown to the other. Both players act strategically according to their beliefs which are formed by multistage observation and learning. The solution concept of Perfect Bayesian Nash Equilibrium (PBNE) provides a useful prediction of both players' policies because no players benefit from unilateral deviations from the equilibrium. We propose an iterative algorithm to compute the PBNE and use Tennessee Eastman process as a benchmark case study. Our numerical experiment corroborates the analytical results and provides further insights into the design of proactive defense-in-depth strategies.

show abstract

Section: B Multistage Bayesian Game and Pbnementioning

confidence: 99%

Section: B Multistage Bayesian Game and Pbnementioning

confidence: 99%

A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

Huang

Zhu

2020

Computers & Security

111

View full text Add to dashboard Cite

show abstract

“…Advanced Persistent Threat (APT) refers to a long-term attack method employed by a group of attackers targeting specific organisations, governmental institutions, commercial enterprises in order to infiltrate the system for monetary or espionage purposes [27,37,38]. This is unlike other traditional attack methods where an attack is launched on a one-time basis.…”

Section: Advanced Persistent Threatmentioning

confidence: 99%

Modelling Cyber Attacks

Chowdhury¹,

Ferdous²

2017

IJNSA

View full text Add to dashboard Cite

show abstract

“…Nowadays, attacks on the network are becoming more and more complex, and, among them, APT attacks are increasingly frequent [1]. Unlike traditional attacks, APT attacks are not launched to interrupt services, but to steal intellectual property rights and sensitive data [2].…”

Section: Introductionmentioning

confidence: 99%

Constructing APT Attack Scenarios Based on Intrusion Kill Chain and Fuzzy Clustering

Zhang

Huo

Liu

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

The APT attack on the Internet is becoming more serious, and most of intrusion detection systems can only generate alarms to some steps of APT attack and cannot identify the pattern of the APT attack. To detect APT attack, many researchers established attack models and then correlated IDS logs with the attack models. However, the accuracy of detection deeply relied on the integrity of models. In this paper, we propose a new method to construct APT attack scenarios by mining IDS security logs. These APT attack scenarios can be further used for the APT detection. First, we classify all the attack events by purpose of phase of the intrusion kill chain. Then we add the attack event dimension to fuzzy clustering, correlate IDS alarm logs with fuzzy clustering, and generate the attack sequence set. Next, we delete the bug attack sequences to clean the set. Finally, we use the nonaftereffect property of probability transfer matrix to construct attack scenarios by mining the attack sequence set. Experiments show that the proposed method can construct the APT attack scenarios by mining IDS alarm logs, and the constructed scenarios match the actual situation so that they can be used for APT attack detection.

show abstract

A Study on Advanced Persistent Threats

Cited by 237 publications

References 7 publications

A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

Modelling Cyber Attacks

Constructing APT Attack Scenarios Based on Intrusion Kill Chain and Fuzzy Clustering

Contact Info

Product

Resources

About