期刊
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
卷 17, 期 6, 页码 1163-1172出版社
IEEE COMPUTER SOC
DOI: 10.1109/TDSC.2018.2858786
关键词
Organizations; Loss measurement; Games; Nash equilibrium; Mathematical model; Time measurement; Risk management; Advanced persistent threat; potential loss; APT response problem; risk management; state evolution model; equilibrium; risk evaluation; APT response game; greedy algorithm
类别
资金
- National Natural Science Foundation of China [61572006]
The advanced persistent threat (APT) as a new kind of cyber attack has posed a severe threat to modern organizations. When the APT has been detected, the organization has to deal with the APT response problem, i.e., to allocate the available response resources to fix her insecure hosts so as to mitigate her potential loss. This paper addresses the APT response problem by using the risk management approach. First, we introduce a model characterizing the evolution of the organization's expected state. By analyzing this model, we find the organization's expected state approaches a common limit expected state. Then, we use the organization's expected loss per unit time to measure her potential loss, and we find this measure is determined by the organization's limit expected state. On this basis, we model the APT response problem as a game-theoretic problem (the APT response game) in which the organization seeks a Nash equilibrium. We present a greedy algorithm for solving the game. Comparative experiments show that the algorithm is effective. Therefore, we recommend the response strategy generated by performing the algorithm. These findings contribute to defending against the APT. To our knowledge, this is the first time the APT response problem is addressed.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据