Optimal Timing in Dynamic and Robust Attacker Engagement During Advanced Persistent Threats
read the original abstract
Advanced persistent threats (APTs) are stealthy attacks which make use of social engineering and deception to give adversaries insider access to networked systems. Against APTs, active defense technologies aim to create and exploit information asymmetry for defenders. In this paper, we study a scenario in which a powerful defender uses honeynets for active defense in order to observe an attacker who has penetrated the network. Rather than immediately eject the attacker, the defender may elect to gather information. We introduce an undiscounted, infinite-horizon Markov decision process on a continuous state space in order to model the defender's problem. We find a threshold of information that the defender should gather about the attacker before ejecting him. Then we study the robustness of this policy using a Stackelberg game. Finally, we simulate the policy for a conceptual network. Our results provide a quantitative foundation for studying optimal timing for attacker engagement in network defense.
This paper has not been read by Pith yet.
Forward citations
Cited by 1 Pith paper
-
Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense
Introduces three strategic learning schemes for active cyber defenses under parameter, payoff, and environmental uncertainty that share a sensation-estimation-action feedback loop to converge on optimal policies.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.