Stealthy attacks with insider information: A game theoretic model with asymmetric feedback

@article{Feng2016StealthyAW,
  title={Stealthy attacks with insider information: A game theoretic model with asymmetric feedback},
  author={Xiaotao Feng and Zizhan Zheng and Derya H. Cansever and Ananthram Swami and Prasant Mohapatra},
  journal={MILCOM 2016 - 2016 IEEE Military Communications Conference},
  year={2016},
  pages={277-282}
}
Advanced Persistent Threats (APT) are highly motivated and persistent, and they often operate in a stealthy way to avoid detection. Moreover, an advanced attacker may choose to approach insiders within the organization. Insider information can not only reduce the attack cost significantly but also make the attack more covert. Although stealthy attacks and insider threats have been considered separately in previous works, the coupling of the two is not well understood. As both types of threats… 

Figures and Tables from this paper

Security Games with Insider Threats
TLDR
Some of the attributes of private information are discussed and a three-player game with a partially collaborating insider to illustrate its impact is described.
Simulation Games Platform for Unintentional Perpetrator Attack Vector Identification
TLDR
This paper focuses on the identification of the attack vector of unintentional perpetrators, and proposes to employ specialized games that simulate the working period, while the player faces multiple dangers that might cause harm in their company.
A Game Model of APT Attack for Distributed Network
TLDR
The calculated results showed that the model can rational analyze the attacker and defender from the attack path, and can provide a reasonable defense scheme for organizations that use distributed networks.
An Approach on Attack Path Prediction Modeling Based on Game Theory
  • Su Yang
  • Computer Science
    2021 IEEE 5th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC)
  • 2021
TLDR
The calculated results showed that the model can analyze the attacker and defender from the attack path, and can provide a reasonable defense scheme for organizations that use distributed networks.
Research on APT attack based on game model
  • Yang Su
  • Computer Science
    2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)
  • 2020
TLDR
The calculated results showed that the model can analyze the attacker and defender from the attack path, and can provide a reasonable defense scheme for organizations that use distributed networks.
Trust exploitation and attention competition: A game theoretical model
TLDR
This paper proposes an interaction-based social trust model, and forms the maximization of long-term malicious gains of multiple competing nodes as a non-cooperative differential game.
Optimal Defense Strategy against Evasion Attacks
TLDR
This paper presents the C SP’s optimal strategy for effective and safety operation, in which the CSP decides the size of users that the cloud service will provide and whether enhanced countermeasures will be conducted for discovering the possible evasion attacks, and proposes a two-stage Stackelberg game.
FlipIt Game Model-Based Defense Strategy Against Cyberattacks on SCADA Systems Considering Insider Assistance
TLDR
The semi-Markov process (SMP) is employed to model and evaluate the cyberattacks against the SCADA systems considering the insider assistance and shows that the insider Assistance will improve the payoff of the attacker and increase the defense action frequency of the system defender.
Effective Repair Strategy Against Advanced Persistent Threat: A Differential Game Approach
TLDR
The model of the APT repair problem is model as a differential Nash game problem (theAPT repair game) in which the attacker attempts to maximize his potential benefit, and the organization manages to minimize its potential loss.
A Risk Management Approach to Defending Against the Advanced Persistent Threat
TLDR
This paper addresses the APT response problem by using the risk management approach, and introduces a model characterizing the evolution of the organization's expected state, and presents a greedy algorithm for solving the game.
...
...

References

SHOWING 1-10 OF 10 REFERENCES
Stealthy attacks meets insider threats: A three-player game model
TLDR
This paper proposes the first three-player attacker-defender-insider game to model the strategic interactions among the three parties and describes the subgame perfect equilibria of the game with the defender as the leader and the attacker and the insider as the followers, under two different information trading processes.
A Game Theoretic Model for Defending Against Stealthy Attacks with Limited Resources
TLDR
A game-theoretic model for protecting a system of multiple nodes against stealthy attacks is proposed, and an asymmetric feedback structure where the attacker can fully observe the states of nodes while largely hiding its actions from the defender is considered.
FlipIt: The Game of “Stealthy Takeover”
AbstractRecent targeted attacks have increased significantly in sophistication, undermining the fundamental assumptions on which most cryptographic primitives rely for security. For instance,
Mitigating Covert Compromises - A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks
TLDR
In a game-theoretic framework, this work studies the economically optimal mitigation strategies in the presence of targeted and non-targeted covert attacks and has practical implications for the definition of security policies, in particular, for password and key renewal schedules.
Advanced Persistent threats and how to monitor and deter them
The Insider Threat in Cloud Computing
TLDR
This paper identifies the potential problems for each scenario of the insider threat in cloud computing, and proposes the appropriate countermeasures, in an effort to mitigate the problem.
The Big Four - What We Did Wrong in Advanced Persistent Threat Detection?
TLDR
A technical analysis of Stuxnet, Duqu, Flame, Flame and Red October is performed, highlighting particular characteristics and identifying common patterns and techniques and proposing technical countermeasures for strengthening defenses against similar threats.
The Cousins of Stuxnet: Duqu, Flame, and Gauss
TLDR
This paper presents the analysis of Duqu, an information-collecting malware sharing striking similarities with Stuxnet, and the newest member of the family, called Gauss, whose unique feature is that one of its modules is encrypted such that it can only be decrypted on its target system.
Stealthy Attacks with Insider Information: A Game Theoretic Model with Asymmetric Feedback
  • Technical Report, available online at http://spirit.cs.ucdavis.edu/pubs/tr/mil16.pdf. Milcom 2016 Track 3 - Cyber Security and Trusted Computing
  • 2016
2014 US State of Cybercrime Survey http://www.pwc.com/us/en/ increasing-it-effectiveness/publications/us-state-of-cybercrime
  • 2014 US State of Cybercrime Survey http://www.pwc.com/us/en/ increasing-it-effectiveness/publications/us-state-of-cybercrime