Skip to main content
SpringerLink
Log in

Red Queen’s Race: APT Win-Win Game

  • Conference paper
  • First Online:
Security Protocols XXII (Security Protocols 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8809))

Included in the following conference series:

Abstract

Advanced persistent threats (APTs) are not only a very prominent buzzword, but often come with a costly impact. A popular approach how to deal with APTs is the kill chain concept. We propose an extension to the kill chain, where the attacker is allowed to continue his attack even after being discovered by defenders. Meanwhile, observing defenders collect valuable intelligence which is to be used to counter future attacks. Benefits and negatives of postponed remediation are presented and related issues are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bhatt, P., Yano. E.T.: Analyzing targeted attacks using hadoop applied to forensic investigation. In: Proceedings of the Eighth International Conference on Forensic Computer Science (2013)

    Google Scholar 

  2. Frei, S., Artes, F.: Cybercrime Kill Chain vs. Defense Effectiveness (2012). https://www.nsslabs.com/reports/cybercrime-kill-chain-vs-defense-effectiveness. Available 29 May 2014

  3. Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, vol. 1 (2011)

    Google Scholar 

  4. Harris, B., Konikoff, E., Petersen, P.: Breaking the DDoS attack chain. Technical report, August 2013

    Google Scholar 

  5. Hewlett-Packard. HP attack life cycle use case methodology, Technical white paper, November 2013. http://h20195.www2.hp.com/v2/GetPDF.aspx. Available 29 May 2014

  6. Ioannou, G., Louvieris, P., Clewley, N., Powell, G.: A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs. In: 2013 16th International Conference on Information Fusion (FUSION), pp. 842–849. IEEE (2013)

    Google Scholar 

  7. Mandiant. M-Trends 2010: The Advanced Persistent Threat, Report (2010). https://www.mandiant.com/resources/m-trends. Available 29 May 2014

  8. RSA. Stalking The Kill Chain, Research note (2012). http://www.emc.com/collateral/hardware/solution-overview/h11154-stalking-the-kill-chain-so.pdf. Available 29 May 2014

  9. Dell SecureWorks. Advanced Threat Protection with Dell SecureWorks Security Services (2013). http://www.secureworks.com/assets/pdf-store/white-papers/wp-advanced-threat-protection.pdf. Available 29 May 2014

Download references

Acknowledgment

Authors would like to express gratitude to the members of Centre for Research on Cryptography and Security of Masaryk University for their valuable ideas and feedback. Special thanks go to Andriy Stetsko, Zdenek Riha and Marek Sys. This work was supported by the GAP202/11/0422 project of the Czech Science Foundation.

Author information

Authors and Affiliations

  1. Faculty of Informatics, Masaryk University, Brno, Czech Republic

    Vit Bukac

  2. Institute of Computer Science, Masaryk University, Brno, Czech Republic

    Vaclav Lorenc

  3. Faculty of Informatics, Masaryk University, Brno, Czech Republic

    Vashek Matyáš

Authors
  1. Vit Bukac
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vaclav Lorenc
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vashek Matyáš
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vit Bukac .

Editor information

Editors and Affiliations

  1. University of Hertfordshire, Hertfordshire, United Kingdom

    Bruce Christianson

  2. University of Hertfordshire, Hertfordshire, United Kingdom

    James Malcolm

  3. Masaryk University Faculty of Informatics, Brno, Czech Republic

    Vashek Matyáš

  4. Masaryk University Faculty of Informatics, Brno, Czech Republic

    Petr Švenda

  5. University of Cambridge, Cambridge, United Kingdom

    Frank Stajano

  6. Memorial University of Newfoundland, St. John's, Newfoundland and Labrador, Canada

    Jonathan Anderson

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Bukac, V., Lorenc, V., Matyáš, V. (2014). Red Queen’s Race: APT Win-Win Game. In: Christianson, B., Malcolm, J., Matyáš, V., Švenda, P., Stajano, F., Anderson, J. (eds) Security Protocols XXII. Security Protocols 2014. Lecture Notes in Computer Science(), vol 8809. Springer, Cham. https://doi.org/10.1007/978-3-319-12400-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12400-1_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12399-8

  • Online ISBN: 978-3-319-12400-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation