Red Queen’s Race: APT Win-Win Game

  • Vit BukacEmail author
  • Vaclav Lorenc
  • Vashek Matyáš
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8809)


Advanced persistent threats (APTs) are not only a very prominent buzzword, but often come with a costly impact. A popular approach how to deal with APTs is the kill chain concept. We propose an extension to the kill chain, where the attacker is allowed to continue his attack even after being discovered by defenders. Meanwhile, observing defenders collect valuable intelligence which is to be used to counter future attacks. Benefits and negatives of postponed remediation are presented and related issues are discussed.


Advanced persistant threats APT Kill chain Honeypot 



Authors would like to express gratitude to the members of Centre for Research on Cryptography and Security of Masaryk University for their valuable ideas and feedback. Special thanks go to Andriy Stetsko, Zdenek Riha and Marek Sys. This work was supported by the GAP202/11/0422 project of the Czech Science Foundation.


  1. [BY13]
    Bhatt, P., Yano. E.T.: Analyzing targeted attacks using hadoop applied to forensic investigation. In: Proceedings of the Eighth International Conference on Forensic Computer Science (2013)Google Scholar
  2. [FA12]
    Frei, S., Artes, F.: Cybercrime Kill Chain vs. Defense Effectiveness (2012). Available 29 May 2014
  3. [HCJA11]
    Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, vol. 1 (2011)Google Scholar
  4. [HKP13]
    Harris, B., Konikoff, E., Petersen, P.: Breaking the DDoS attack chain. Technical report, August 2013Google Scholar
  5. [HP13]
    Hewlett-Packard. HP attack life cycle use case methodology, Technical white paper, November 2013. Available 29 May 2014
  6. [ILCP13]
    Ioannou, G., Louvieris, P., Clewley, N., Powell, G.: A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs. In: 2013 16th International Conference on Information Fusion (FUSION), pp. 842–849. IEEE (2013)Google Scholar
  7. [Man10]
    Mandiant. M-Trends 2010: The Advanced Persistent Threat, Report (2010). Available 29 May 2014
  8. [RSA12]
    RSA. Stalking The Kill Chain, Research note (2012). Available 29 May 2014
  9. [Sec13]
    Dell SecureWorks. Advanced Threat Protection with Dell SecureWorks Security Services (2013). Available 29 May 2014

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Faculty of InformaticsMasaryk UniversityBrnoCzech Republic
  2. 2.Institute of Computer ScienceMasaryk UniversityBrnoCzech Republic
  3. 3.Faculty of InformaticsMasaryk UniversityBrnoCzech Republic

Personalised recommendations