IDEAS home Printed from https://ideas.repec.org/a/plo/pone00/0168675.html
   My bibliography  Save this article

Defending Against Advanced Persistent Threats Using Game-Theory

Author

Listed:
  • Stefan Rass
  • Sandra König
  • Stefan Schauer

Abstract

Advanced persistent threats (APT) combine a variety of different attack forms ranging from social engineering to technical exploits. The diversity and usual stealthiness of APT turns them into a central problem of contemporary practical system security, since information on attacks, the current system status or the attacker’s incentives is often vague, uncertain and in many cases even unavailable. Game theory is a natural approach to model the conflict between the attacker and the defender, and this work investigates a generalized class of matrix games as a risk mitigation tool for an advanced persistent threat (APT) defense. Unlike standard game and decision theory, our model is tailored to capture and handle the full uncertainty that is immanent to APTs, such as disagreement among qualitative expert risk assessments, unknown adversarial incentives and uncertainty about the current system state (in terms of how deeply the attacker may have penetrated into the system’s protective shells already). Practically, game-theoretic APT models can be derived straightforwardly from topological vulnerability analysis, together with risk assessments as they are done in common risk management standards like the ISO 31000 family. Theoretically, these models come with different properties than classical game theoretic models, whose technical solution presented in this work may be of independent interest.

Suggested Citation

  • Stefan Rass & Sandra König & Stefan Schauer, 2017. "Defending Against Advanced Persistent Threats Using Game-Theory," PLOS ONE, Public Library of Science, vol. 12(1), pages 1-43, January.
  • Handle: RePEc:plo:pone00:0168675
    DOI: 10.1371/journal.pone.0168675
    as

    Download full text from publisher

    File URL: https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0168675
    Download Restriction: no

    File URL: https://journals.plos.org/plosone/article/file?id=10.1371/journal.pone.0168675&type=printable
    Download Restriction: no

    File URL: https://libkey.io/10.1371/journal.pone.0168675?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Stefan Rass, 2015. "On Game-Theoretic Risk Management (Part Two) -- Algorithms to Compute Nash-Equilibria in Games with Distributions as Payoffs," Papers 1511.08591, arXiv.org, revised Apr 2020.
    2. Casey Rothschild & Laura McLay & Seth Guikema, 2012. "Adversarial Risk Analysis with Incomplete Information: A Level‐k Approach," Risk Analysis, John Wiley & Sons, vol. 32(7), pages 1219-1231, July.
    3. Jesus Rios & David Rios Insua, 2012. "Adversarial Risk Analysis for Counterterrorism Modeling," Risk Analysis, John Wiley & Sons, vol. 32(5), pages 894-915, May.
    4. Cameron A. MacKenzie, 2014. "Summarizing Risk Using Risk Measures and Risk Indices," Risk Analysis, John Wiley & Sons, vol. 34(12), pages 2143-2162, December.
    5. Insua, Insua Rios & Rios, Jesus & Banks, David, 2009. "Adversarial Risk Analysis," Journal of the American Statistical Association, American Statistical Association, vol. 104(486), pages 841-854.
    6. Berger, Ulrich, 2007. "Brown's original fictitious play," Journal of Economic Theory, Elsevier, vol. 135(1), pages 572-578, July.
    7. M. Voorneveld, 1999. "Pareto-Optimal Security Strategies as Minimax Strategies of a Standard Matrix Game," Journal of Optimization Theory and Applications, Springer, vol. 102(1), pages 203-210, July.
    8. Laura McLay & Casey Rothschild & Seth Guikema, 2012. "Robust Adversarial Risk Analysis: A Level- k Approach," Decision Analysis, INFORMS, vol. 9(1), pages 41-54, March.
    9. Chen, Mei-huan & Wang, Li & Wang, Juan & Sun, Shi-wen & Xia, Cheng-yi, 2015. "Impact of individual response strategy on the spatial public goods game within mobile agents," Applied Mathematics and Computation, Elsevier, vol. 251(C), pages 192-202.
    10. Busby, J.S. & Onggo, B.S.S. & Liu, Y., 2016. "Agent-based computational modelling of social risk responses," European Journal of Operational Research, Elsevier, vol. 251(3), pages 1029-1042.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Roponen, Juho & Ríos Insua, David & Salo, Ahti, 2020. "Adversarial risk analysis under partial information," European Journal of Operational Research, Elsevier, vol. 287(1), pages 306-316.
    2. Yevgeny Tsodikovich & Xavier Venel & Anna Zseleva, 2022. "Folk Theorems in Repeated Games with Switching Costs," Working Papers hal-03888188, HAL.
    3. Stefan Rass, 2017. "On Game-Theoretic Risk Management (Part Three) - Modeling and Applications," Papers 1711.00708, arXiv.org.
    4. Yevgeny Tsodikovich & Xavier Venel & Anna Zseleva, 2021. "Repeated Games with Switching Costs: Stationary vs History-Independent Strategies," AMSE Working Papers 2129, Aix-Marseille School of Economics, France.
    5. Yevgeny Tsodikovich & Xavier Venel & Anna Zseleva, 2021. "Repeated Games with Switching Costs: Stationary vs History-Independent Strategies," Working Papers halshs-03223279, HAL.
    6. Yevgeny Tsodikovich & Xavier Venel & Anna Zseleva, 2021. "Repeated Games with Switching Costs: Stationary vs History Independent Strategies," Papers 2103.00045, arXiv.org, revised Oct 2021.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Hunt, Kyle & Zhuang, Jun, 2024. "A review of attacker-defender games: Current state and paths forward," European Journal of Operational Research, Elsevier, vol. 313(2), pages 401-417.
    2. Roponen, Juho & Ríos Insua, David & Salo, Ahti, 2020. "Adversarial risk analysis under partial information," European Journal of Operational Research, Elsevier, vol. 287(1), pages 306-316.
    3. Mohammad E. Nikoofal & Mehmet Gümüs, 2015. "On the value of terrorist’s private information in a government’s defensive resource allocation problem," IISE Transactions, Taylor & Francis Journals, vol. 47(6), pages 533-555, June.
    4. Michael Macgregor Perry & Hadi El-Amine, 2021. "Computational Efficiency in Multivariate Adversarial Risk Analysis Models," Papers 2110.12572, arXiv.org.
    5. William M. Kroshl & Shahram Sarkani & Thomas A Mazzuchi, 2015. "Efficient Allocation of Resources for Defense of Spatially Distributed Networks Using Agent‐Based Simulation," Risk Analysis, John Wiley & Sons, vol. 35(9), pages 1690-1705, September.
    6. Wei Wang & Francesco Di Maio & Enrico Zio, 2019. "Adversarial Risk Analysis to Allocate Optimal Defense Resources for Protecting Cyber–Physical Systems from Cyber Attacks," Risk Analysis, John Wiley & Sons, vol. 39(12), pages 2766-2785, December.
    7. César Gil & David Rios Insua & Jesus Rios, 2016. "Adversarial Risk Analysis for Urban Security Resource Allocation," Risk Analysis, John Wiley & Sons, vol. 36(4), pages 727-741, April.
    8. David Rios Insua & Roi Naveiro & Victor Gallego, 2020. "Perspectives on Adversarial Classification," Mathematics, MDPI, vol. 8(11), pages 1-21, November.
    9. William N. Caballero & Ethan Gharst & David Banks & Jeffery D. Weir, 2023. "Multipolar Security Cooperation Planning: A Multiobjective, Adversarial-Risk-Analysis Approach," Decision Analysis, INFORMS, vol. 20(1), pages 16-39, March.
    10. Yanling Chang & Alan Erera & Chelsea White, 2015. "A leader–follower partially observed, multiobjective Markov game," Annals of Operations Research, Springer, vol. 235(1), pages 103-128, December.
    11. Michael Greenberg & Anthony Cox & Vicki Bier & Jim Lambert & Karen Lowrie & Warner North & Michael Siegrist & Felicia Wu, 2020. "Risk Analysis: Celebrating the Accomplishments and Embracing Ongoing Challenges," Risk Analysis, John Wiley & Sons, vol. 40(S1), pages 2113-2127, November.
    12. David Rios Insua & David Banks & Jesus Rios, 2016. "Modeling Opponents in Adversarial Risk Analysis," Risk Analysis, John Wiley & Sons, vol. 36(4), pages 742-755, April.
    13. Christoph Werner & Tim Bedford & John Quigley, 2018. "Sequential Refined Partitioning for Probabilistic Dependence Assessment," Risk Analysis, John Wiley & Sons, vol. 38(12), pages 2683-2702, December.
    14. G. Quijano, Eduardo & Ríos Insua, David & Cano, Javier, 2018. "Critical networked infrastructure protection from adversaries," Reliability Engineering and System Safety, Elsevier, vol. 179(C), pages 27-36.
    15. J. S. Busby & B. Green & D. Hutchison, 2017. "Analysis of Affordance, Time, and Adaptation in the Assessment of Industrial Control System Cybersecurity Risk," Risk Analysis, John Wiley & Sons, vol. 37(7), pages 1298-1314, July.
    16. Misuri, Alessio & Khakzad, Nima & Reniers, Genserik & Cozzani, Valerio, 2019. "A Bayesian network methodology for optimal security management of critical infrastructures," Reliability Engineering and System Safety, Elsevier, vol. 191(C).
    17. Vineet M. Payyappalli & Jun Zhuang & Victor Richmond R. Jose, 2017. "Deterrence and Risk Preferences in Sequential Attacker–Defender Games with Continuous Efforts," Risk Analysis, John Wiley & Sons, vol. 37(11), pages 2229-2245, November.
    18. Stefan Rass & Sandra König & Stefan Schauer, 2016. "Decisions with Uncertain Consequences—A Total Ordering on Loss-Distributions," PLOS ONE, Public Library of Science, vol. 11(12), pages 1-23, December.
    19. Michael Perry & Hadi El-Amine, 2019. "Computational Efficiency in Multivariate Adversarial Risk Analysis Models," Decision Analysis, INFORMS, vol. 16(4), pages 314-332, December.
    20. Busby, J.S., 2019. "The co-evolution of competition and parasitism in the resource-based view: A risk model of product counterfeiting," European Journal of Operational Research, Elsevier, vol. 276(1), pages 300-313.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:plo:pone00:0168675. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: plosone (email available below). General contact details of provider: https://journals.plos.org/plosone/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.