Stealthy attacks with insider information: A game theoretic model with asymmetric feedback

  title={Stealthy attacks with insider information: A game theoretic model with asymmetric feedback},
  author={Xiaotao Feng and Zizhan Zheng and Derya H. Cansever and Ananthram Swami and Prasant Mohapatra},
  journal={MILCOM 2016 - 2016 IEEE Military Communications Conference},
Advanced Persistent Threats (APT) are highly motivated and persistent, and they often operate in a stealthy way to avoid detection. Moreover, an advanced attacker may choose to approach insiders within the organization. Insider information can not only reduce the attack cost significantly but also make the attack more covert. Although stealthy attacks and insider threats have been considered separately in previous works, the coupling of the two is not well understood. As both types of threats… 

Figures and Tables from this paper

Security Games with Insider Threats
Some of the attributes of private information are discussed and a three-player game with a partially collaborating insider to illustrate its impact is described.
An Approach on Attack Path Prediction Modeling Based on Game Theory
  • Su Yang
  • Computer Science
    2021 IEEE 5th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC)
  • 2021
The calculated results showed that the model can analyze the attacker and defender from the attack path, and can provide a reasonable defense scheme for organizations that use distributed networks.
Research on APT attack based on game model
  • Yang Su
  • Computer Science
    2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)
  • 2020
The calculated results showed that the model can analyze the attacker and defender from the attack path, and can provide a reasonable defense scheme for organizations that use distributed networks.
Trust exploitation and attention competition: A game theoretical model
This paper proposes an interaction-based social trust model, and forms the maximization of long-term malicious gains of multiple competing nodes as a non-cooperative differential game.
Optimal Defense Strategy against Evasion Attacks
This paper presents the C SP’s optimal strategy for effective and safety operation, in which the CSP decides the size of users that the cloud service will provide and whether enhanced countermeasures will be conducted for discovering the possible evasion attacks, and proposes a two-stage Stackelberg game.
FlipIt Game Model-Based Defense Strategy Against Cyberattacks on SCADA Systems Considering Insider Assistance
The semi-Markov process (SMP) is employed to model and evaluate the cyberattacks against the SCADA systems considering the insider assistance and shows that the insider Assistance will improve the payoff of the attacker and increase the defense action frequency of the system defender.
Effective Repair Strategy Against Advanced Persistent Threat: A Differential Game Approach
The model of the APT repair problem is model as a differential Nash game problem (theAPT repair game) in which the attacker attempts to maximize his potential benefit, and the organization manages to minimize its potential loss.
A Risk Management Approach to Defending Against the Advanced Persistent Threat
This paper addresses the APT response problem by using the risk management approach, and introduces a model characterizing the evolution of the organization's expected state, and presents a greedy algorithm for solving the game.
This paper has studied the various security attacks with reference to the Clouds (as per The Treacherous 12 Cloud Computing Top Threats in 2016, CSA report defeating insider threat survey, Cyber Security Trends Report (2017) and Malicious Insider attacks (in particular).


A Game Theoretic Model for Defending Against Stealthy Attacks with Limited Resources
A game-theoretic model for protecting a system of multiple nodes against stealthy attacks is proposed, and an asymmetric feedback structure where the attacker can fully observe the states of nodes while largely hiding its actions from the defender is considered.
FlipIt: The Game of “Stealthy Takeover”
AbstractRecent targeted attacks have increased significantly in sophistication, undermining the fundamental assumptions on which most cryptographic primitives rely for security. For instance,
Mitigating Covert Compromises - A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks
In a game-theoretic framework, this work studies the economically optimal mitigation strategies in the presence of targeted and non-targeted covert attacks and has practical implications for the definition of security policies, in particular, for password and key renewal schedules.
Advanced Persistent threats and how to monitor and deter them
The Insider Threat in Cloud Computing
This paper identifies the potential problems for each scenario of the insider threat in cloud computing, and proposes the appropriate countermeasures, in an effort to mitigate the problem.
The Big Four - What We Did Wrong in Advanced Persistent Threat Detection?
A technical analysis of Stuxnet, Duqu, Flame, Flame and Red October is performed, highlighting particular characteristics and identifying common patterns and techniques and proposing technical countermeasures for strengthening defenses against similar threats.
The Cousins of Stuxnet: Duqu, Flame, and Gauss
This paper presents the analysis of Duqu, an information-collecting malware sharing striking similarities with Stuxnet, and the newest member of the family, called Gauss, whose unique feature is that one of its modules is encrypted such that it can only be decrypted on its target system.
Stealthy attacks meets insider threats: A three-player game model
This paper proposes the first three-player attacker-defender-insider game to model the strategic interactions among the three parties and describes the subgame perfect equilibria of the game with the defender as the leader and the attacker and the insider as the followers, under two different information trading processes.
Stealthy Attacks with Insider Information: A Game Theoretic Model with Asymmetric Feedback
  • Technical Report, available online at Milcom 2016 Track 3 - Cyber Security and Trusted Computing
  • 2016
2014 US State of Cybercrime Survey increasing-it-effectiveness/publications/us-state-of-cybercrime
  • 2014 US State of Cybercrime Survey increasing-it-effectiveness/publications/us-state-of-cybercrime