Defending Against Advanced Persistent Threats Using Game-Theory.
Advanced persistent threats (APT) combine a variety of different attack forms ranging from social engineering to technical exploits. The diversity and usual stealthiness of APT turns them into a central problem of contemporary practical system security, since information on attacks, the current syst...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Public Library of Science (PLoS)
2017-01-01
|
| Series: | PLoS ONE |
| Online Access: | https://journals.plos.org/plosone/article/file?id=10.1371/journal.pone.0168675&type=printable |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832592734672650240 |
|---|---|
| author | Stefan Rass Sandra König Stefan Schauer |
| author_facet | Stefan Rass Sandra König Stefan Schauer |
| author_sort | Stefan Rass |
| collection | DOAJ |
| description | Advanced persistent threats (APT) combine a variety of different attack forms ranging from social engineering to technical exploits. The diversity and usual stealthiness of APT turns them into a central problem of contemporary practical system security, since information on attacks, the current system status or the attacker's incentives is often vague, uncertain and in many cases even unavailable. Game theory is a natural approach to model the conflict between the attacker and the defender, and this work investigates a generalized class of matrix games as a risk mitigation tool for an advanced persistent threat (APT) defense. Unlike standard game and decision theory, our model is tailored to capture and handle the full uncertainty that is immanent to APTs, such as disagreement among qualitative expert risk assessments, unknown adversarial incentives and uncertainty about the current system state (in terms of how deeply the attacker may have penetrated into the system's protective shells already). Practically, game-theoretic APT models can be derived straightforwardly from topological vulnerability analysis, together with risk assessments as they are done in common risk management standards like the ISO 31000 family. Theoretically, these models come with different properties than classical game theoretic models, whose technical solution presented in this work may be of independent interest. |
| format | Article |
| id | doaj-art-a2ab803ce5a9402bbb618971f0ca4ecb |
| institution | Kabale University |
| issn | 1932-6203 |
| language | English |
| publishDate | 2017-01-01 |
| publisher | Public Library of Science (PLoS) |
| record_format | Article |
| series | PLoS ONE |
| spelling | doaj-art-a2ab803ce5a9402bbb618971f0ca4ecb2025-01-21T05:31:25ZengPublic Library of Science (PLoS)PLoS ONE1932-62032017-01-01121e016867510.1371/journal.pone.0168675Defending Against Advanced Persistent Threats Using Game-Theory.Stefan RassSandra KönigStefan SchauerAdvanced persistent threats (APT) combine a variety of different attack forms ranging from social engineering to technical exploits. The diversity and usual stealthiness of APT turns them into a central problem of contemporary practical system security, since information on attacks, the current system status or the attacker's incentives is often vague, uncertain and in many cases even unavailable. Game theory is a natural approach to model the conflict between the attacker and the defender, and this work investigates a generalized class of matrix games as a risk mitigation tool for an advanced persistent threat (APT) defense. Unlike standard game and decision theory, our model is tailored to capture and handle the full uncertainty that is immanent to APTs, such as disagreement among qualitative expert risk assessments, unknown adversarial incentives and uncertainty about the current system state (in terms of how deeply the attacker may have penetrated into the system's protective shells already). Practically, game-theoretic APT models can be derived straightforwardly from topological vulnerability analysis, together with risk assessments as they are done in common risk management standards like the ISO 31000 family. Theoretically, these models come with different properties than classical game theoretic models, whose technical solution presented in this work may be of independent interest.https://journals.plos.org/plosone/article/file?id=10.1371/journal.pone.0168675&type=printable |
| spellingShingle | Stefan Rass Sandra König Stefan Schauer Defending Against Advanced Persistent Threats Using Game-Theory. PLoS ONE |
| title | Defending Against Advanced Persistent Threats Using Game-Theory. |
| title_full | Defending Against Advanced Persistent Threats Using Game-Theory. |
| title_fullStr | Defending Against Advanced Persistent Threats Using Game-Theory. |
| title_full_unstemmed | Defending Against Advanced Persistent Threats Using Game-Theory. |
| title_short | Defending Against Advanced Persistent Threats Using Game-Theory. |
| title_sort | defending against advanced persistent threats using game theory |
| url | https://journals.plos.org/plosone/article/file?id=10.1371/journal.pone.0168675&type=printable |
| work_keys_str_mv | AT stefanrass defendingagainstadvancedpersistentthreatsusinggametheory AT sandrakonig defendingagainstadvancedpersistentthreatsusinggametheory AT stefanschauer defendingagainstadvancedpersistentthreatsusinggametheory |