Rass, Stefan, Konig, Sandra, Wachter, Jasmin, Mayoral-Vilches, Victor and Panaousis, Emmanouil ORCID: 0000-0001-7306-4062 (2023) Game-theoretic APT defense: an experimental study on robotics. Computers and Security, 132:103328. pp. 1-19. ISSN 0167-4048 (Print), 1872-6208 (Online) (doi:https://doi.org/10.1016/j.cose.2023.103328)

Preview

PDF (Publisher VoR) 43405_PANAOUSIS_Game_theoretic_APT_defense_An_experimental_study_on_robotics.pdf - Published Version Download (3MB) | Preview

Abstract

This paper proposes a novel game-theoretic framework for defending against Advanced Persistent Threats (APTs). It applies the original Cut-The-Rope model into an experimental study extending the previously studied attacker movements beyond the Poisson distribution to a realistic set of attack actions. More importantly, it demonstrates the value of this framework on an experimental study of an APT defense game on attack graphs, which lets a security officer establish an optimized defense policy against stealthy intrusions. The security model and algorithm under study is designed for practical use with attack graphs as threat models, possibly including vulnerability information if available. The game-theoretic optimization delivers a proactive defense policy under the following assumptions or requirements: first, we do not need to assume that the system is, or has been, clean from adversaries at any time. At the moment when the defender computes the defense policy, the attacker is assumed to already be in the system (also having penetrated it until an unknown depth). Second, the defender does not rely on any signaling or other indicators of adversarial activity, nor is there a reliable feedback mechanism to tell the defender if its actions were successful or not. Third, the model can use information on exploits, such as Common Vulnerabilities and Exposures (CVE) numbers, to refine the defense game, but can also operate without such information. We corroborate our findings on publicly documented attack graphs from the robotics domain; without and with CVE information. We run experiments against two different types of defense regimes, and compare the results against an intuitive baseline defense heuristic. The results show that the optimized defense strongly outperforms simple heuristics, like taking the shortest or easiest attack paths.

Item Type:	Article
Uncontrolled Keywords:	cCyber security; cyber risk; advanced persistent threats; cyber physical system; attack graph; attack tree; game-theory; stealthy intrusion; attacker-defender games
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science T Technology > TK Electrical engineering. Electronics Nuclear engineering
Faculty / School / Research Centre / Research Group:	Faculty of Engineering & Science Faculty of Engineering & Science > Internet of Things and Security Research Centre (ISEC) Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS)
Last Modified:	24 Jul 2023 08:40
URI:	http://gala.gre.ac.uk/id/eprint/43405

Actions (login required)

View Item

Downloads