Modelling the Impact of Threat Intelligence on Advanced Persistent Threat Using Games

Fielder, Andrew

doi:10.1007/978-3-030-41103-9_8

Modelling the Impact of Threat Intelligence on Advanced Persistent Threat Using Games

Andrew Fielder¹¹

Chapter
First Online: 15 February 2020

842 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12065))

Abstract

System administrator time is not dedicated to just cyber security tasks. With a wide variety of activities that need to be undertaken being able to monitor and respond to cyber security incidents is not always possible. Advanced persistent threats to critical systems make this even harder to manage.

The model presented in this paper looks at the Lockheed Martin Cyber Kill Chain as a method of representing advanced persistent threats to a system. The model identifies the impact that using threat intelligence gains over multiple attacks to help better defend a system.

Presented as a game between a persistent attacker and a dedicated defender, findings are established by utilising simulations of repeated attacks. Experimental methods are used to identify the impact that threat intelligence has on the capability for the defender to reduce the likelihood of harm to the system.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

Cyber kill chain (2019). https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Beres, Y., Griffin, J., Shiu, S., Heitman, M., Markle, D., Ventura, P.: Analysing the performance of security solutions to reduce vulnerability exposure window. In: 2008 Annual Computer Security Applications Conference (ACSAC), pp. 33–42. IEEE (2008)
Google Scholar
Caulfield, T., Fielder, A.: Optimizing time allocation for network defence. J. Cybersecur. 1(1), 37–51 (2015). https://doi.org/10.1093/cybsec/tyv002
Article Google Scholar
Chen, J., Zhu, Q.: Security as a service for cloud-enabled internet of controlled things under advanced persistent threats: a contract design approach. IEEE Trans. Inf. Forensics Secur. 12(11), 2736–2750 (2017)
Article Google Scholar
Feng, X., Zheng, Z., Cansever, D., Swami, A., Mohapatra, P.: Stealthy attacks with insider information: a game theoretic model with asymmetric feedback. In: 2016 IEEE Military Communications Conference, MILCOM 2016, pp. 277–282. IEEE (2016)
Google Scholar
Fielder, A., Li, T., Hankin, C.: Defense-in-depth vs. critical component defense for industrial control systems (2016)
Google Scholar
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Game theory meets information security management. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 15–29. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_2
Chapter MATH Google Scholar
Frei, S., May, M., Fiedler, U., Plattner, B.: Large-scale vulnerability analysis. In: Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense, pp. 131–138. ACM (2006)
Google Scholar
Hu, P., Li, H., Fu, H., Cansever, D., Mohapatra, P.: Dynamic defense strategy against advanced persistent threat with insiders. In: 2015 IEEE Conference on Computer Communications (INFOCOM), pp. 747–755. IEEE (2015)
Google Scholar
Lye, K.W., Wing, J.M.: Game strategies in network security. Int. J. Inf. Secur. 4(1–2), 71–86 (2005)
Article Google Scholar
Rass, S., König, S., Schauer, S.: Defending against advanced persistent threats using game-theory. PloS One 12(1), e0168675 (2017)
Article Google Scholar
Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)
Article Google Scholar
Van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: FlipIt: the game of “stealthy takeover". J. Cryptol. 26(4), 655–713 (2013)
Article MathSciNet Google Scholar
Xiao, L., Xu, D., Xie, C., Mandayam, N.B., Poor, H.V.: Cloud storage defense against advanced persistent threats: a prospect theoretic study. IEEE J. Sel. Areas Commun. 35(3), 534–544 (2017)
Article Google Scholar
Zhang, M., Zheng, Z., Shroff, N.B.: A game theoretic model for defending against stealthy attacks with limited resources. In: Khouzani, M.H.R., Panaousis, E., Theodorakopoulos, G. (eds.) GameSec 2015. LNCS, vol. 9406, pp. 93–112. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25594-1_6
Chapter MATH Google Scholar

Download references

Author information

Authors and Affiliations

Institute for Security Science and Technology, Imperial College London, London, UK
Andrew Fielder

Authors

Andrew Fielder
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrew Fielder .

Editor information

Editors and Affiliations

University of Verona, Verona, Italy
Alessandra Di Pierro
School of Electronic Engineering and Computer Science, Queen Mary University of London, London, UK
Pasquale Malacaria
Department of Computer Science, Middlesex University, London, UK
Rajagopal Nagarajan

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Fielder, A. (2020). Modelling the Impact of Threat Intelligence on Advanced Persistent Threat Using Games. In: Di Pierro, A., Malacaria, P., Nagarajan, R. (eds) From Lambda Calculus to Cybersecurity Through Program Analysis. Lecture Notes in Computer Science(), vol 12065. Springer, Cham. https://doi.org/10.1007/978-3-030-41103-9_8

Download citation

DOI: https://doi.org/10.1007/978-3-030-41103-9_8
Published: 15 February 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41102-2
Online ISBN: 978-3-030-41103-9
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)

Publish with us

Policies and ethics