Bundesamt für Sicherheit in der Informationstechnik (2016). Cambridge University Press, Cambridge (2010)īSI: IT-Grundschutz International. Īlpcan, T., Başar, T.: Network Security: A Decision and Game Theoretic Approach. KeywordsĪDAPT: Analytical Framework for Actionable Defense against Advanced Persistent Threats-UW Department of Electrical & Computer Engineering (2018). We illustrate the model by a numerical example and open access implementation in R.
The payoff in the game is the attacker’s chance to reach this final stage, while the defender’s goal is minimizing this likelihood (risk). It also has asymmetric information, since the adversary is stealthy at all times, until the damage causing phase of the APT.
The game is thus repeated, i.e., in discrete time, only for the defender, while the second player (adversary) moves in continuous time. While the defender is doing so in fixed intervals governed by working hours/shifts, the attacker is allowed to take any number of moves at any point in time. The defender’s aim is “cutting” this rope by cleaning the system from (even unknown) backdoors, e.g., by patching systems or changing configurations.
In each step, it leaves a backdoor for an easy return to learn how to accomplish the next step.
We model an APT as a game played on an attack graph G, and consider the following interaction pattern: the attacker chooses an attack path in G towards its target \(v_0\), and step-by-step works its way towards the goal by repeated penetrations. A major characteristic of Advanced Persistent Threats (APTs) is their stealthiness over a possibly long period, during which the victim system is being penetrated and prepared for the finishing blow.