Authors:
Luan Huy Pham
1
;
Massimiliano Albanese
1
and
Benjamin W. Priest
2
Affiliations:
1
Center for Secure Information Systems, George Mason University, 4400 University Drive, Fairfax, VA 22030 and U.S.A.
;
2
Thayer School of Engineering, Dartmouth College, 14 Engineering Drive, Hanover, NH 03755 and U.S.A.
Keyword(s):
Advanced Persistent Threats, Threat Modeling, Steiner Tree.
Related
Ontology
Subjects/Areas/Topics:
Information and Systems Security
;
Network Security
;
Security in Information Systems
;
Security Metrics and Measurement
;
Wireless Network Security
Abstract:
In recent years, Advanced Persistent Threats (APTs) have emerged as increasingly sophisticated cyber attacks, often waged by state actors or other hostile organizations against high-profile targets. APT actors employ a diversified set of sophisticated tools and advanced capabilities to penetrate target systems, evade detection, and maintain a foothold within compromised systems for extended periods of time. Stealth and persistence enable APT actors to conduct long-term espionage and sabotage operations. Despite significant efforts to develop APT detection and mitigation capabilities, the stealthy nature of APTs poses significant challenges, and defending from such threats is still an open research problem. In particular, quantitative models to capture how APTs may create and maintain a foothold within a target system are lacking. To address this gap, we propose a quantitative framework to (i) assess the cost incurred by APT actors to compromise and persist within a target system; (ii
) estimate the value they gain over time by persisting in the system; (iii) simulate how the footprint of an APT evolves over time when, to maintain stealth, attackers have constraints on the volume of potentially detectable activity they can engage in. We also propose a preliminary defender model, and results from the evaluation show that our approach is promising, thus encouraging further research in this direction.
(More)