Tracking Advanced Persistent Threats in Critical Infrastructures Through Opinion Dynamics

  • Juan E. RubioEmail author
  • Rodrigo Roman
  • Cristina Alcaraz
  • Yan Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11098)


Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.


Advanced persistent threat Detection Traceability Opinion dynamics 



This work has been partially supported by the research project SADCIP (RTC-2016-4847-8), financed by the Ministerio de Economía y Competitividad, and DISS-IIoT, financed by the University of Malaga (UMA) trough the “I Plan Propio de Investigación y Transferencia” of UMA. Likewise, the work of the first author has been partially financed by the Spanish Ministry of Education under the FPU program (FPU15/03213). The authors also thank J. Rodriguez (NICS Lab.) for his valuable comments, support, ideas, and incredible help. You rock.


  1. 1.
    Cazorla, L., Alcaraz, C., Lopez, J.: Cyber stealth attacks in critical information infrastructures. IEEE Syst. J. 12(2), 1778–1792 (2018)CrossRefGoogle Scholar
  2. 2.
    Singh, S., Sharma, P.K., Moon, S.Y., Moon, D., Park, J.H.: A comprehensive study on apt attacks countermeasures for future networks communications: challenges solutions. J. Supercomput. 1–32 (2016).
  3. 3.
    Rubio, J.E., Alcaraz, C., Lopez, J.: Preventing advanced persistent threats in complex control networks. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 402–418. Springer, Cham (2017). Scholar
  4. 4.
    Lin, C.-T.: Structural controllability. IEEE Trans. Autom. Control 19(3), 201–208 (1974)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Haynes, T.W., Hedetniemi, S.M., Hedetniemi, S.T., Henning, M.A.: Domination in graphs applied to electric power networks. SIAM J. Discret. Math. 15(4), 519–529 (2002)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Kneis, J., Mölle, D., Richter, S., Rossmanith, P.: Parameterized power domination complexity. Inf. Process. Lett. 98(4), 145–149 (2006)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Pagani, G.A., Aiello, M.: The power grid as a complex network: a survey. Phys. A: Stat. Mech. Appl. 392(11), 2688–2700 (2013)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Watts, D.J., Strogatz, S.H.: Collective dynamics of ‘small-world’ networks. Nature 393(6684), 440 (1998)CrossRefGoogle Scholar
  9. 9.
    Hegselmann, R., Krause, U., et al.: Opinion dynamics and bounded confidence models, analysis, and simulation. J. Artif. Soc. Soc. Simul. 5(3), 1–33 (2002)Google Scholar
  10. 10.
    Lemay, A., Calvet, J., Menet, F., Fernandez, J.M.: Survey of publicly available reports on advanced persistent threat actors. Comput. Secur. 72, 26–59 (2018)CrossRefGoogle Scholar
  11. 11.
    Falliere, N., Murchu, L.O., Chien, E.: W32.stuxnet dossier, version 1.4, February 2011. Accessed Apr 2018
  12. 12.
    Symantec Security Response Attack Investigation Team. Dragonfly: Western energy sector targeted by sophisticated attack group (2017). Accessed Apr 2018
  13. 13.
    SANS Industrial Control Systems. Analysis of the cyber attack on the Ukrainian power grid (2016). Accessed Apr 2018
  14. 14.
    Cherepanov, A.: Telebots are back - supply-chain attacks against Ukraine (2017). Accessed Apr 2018
  15. 15.
    MITRE Corporation. MITRE ATT&CK (2018). Accessed Apr 2018
  16. 16.
    Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: De Decker, B., Zúquete, A. (eds.) CMS 2014. LNCS, vol. 8735, pp. 63–72. Springer, Heidelberg (2014). Scholar
  17. 17.
    Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inf. Warf. Secur. Res. 1(1), 80 (2011)Google Scholar
  18. 18.
    Rubio, J.E., Alcaraz, C., Roman, R., Lopez, J.: Analysis of intrusion detection systems in industrial ecosystems. In: 14th International Conference on Security and Cryptography, pp. 116–128 (2017)Google Scholar
  19. 19.
    S2Grupo. Emas SOM - Monitoring System for Industrial Environments (2018). Accessed Apr 2018

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Juan E. Rubio
    • 1
    Email author
  • Rodrigo Roman
    • 1
  • Cristina Alcaraz
    • 1
  • Yan Zhang
    • 2
  1. 1.Department of Computer ScienceUniversity of MalagaMalagaSpain
  2. 2.Department of InformaticsUniversity of OsloOsloNorway

Personalised recommendations