An adaptive defense mechanism to prevent advanced persistent threats
The expansion of information technology infrastructure is encountered with Advanced Persistent Threats (APTs), which can launch data destruction, disclosure, modification, and/or Denial of Service attacks by drawing upon vulnerabilities of software and hardware. Moving Target Defense (MTD) is a prom...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Taylor & Francis Group
2021-04-01
|
| Series: | Connection Science |
| Subjects: | |
| Online Access: | http://dx.doi.org/10.1080/09540091.2020.1832960 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849435433278111744 |
|---|---|
| author | Yi-xi Xie Li-xin Ji Ling-shu Li Zehua Guo Thar Baker |
| author_facet | Yi-xi Xie Li-xin Ji Ling-shu Li Zehua Guo Thar Baker |
| author_sort | Yi-xi Xie |
| collection | DOAJ |
| description | The expansion of information technology infrastructure is encountered with Advanced Persistent Threats (APTs), which can launch data destruction, disclosure, modification, and/or Denial of Service attacks by drawing upon vulnerabilities of software and hardware. Moving Target Defense (MTD) is a promising risk mitigation technique that replies to APTs via implementing randomisation and dynamic strategies on compromised assets. However, some MTD techniques adopt the blind random mutation, which causes greater performance overhead and worse defense utility. In this paper, we formulate the cyber-attack and defense as a dynamic partially observable Markov process based on dynamic Bayesian inference. Then we develop an Inference-Based Adaptive Attack Tolerance (IBAAT) system , which includes two stages. In the first stage, a forward–backward algorithm with a time window is employed to perform a security risk assessment. To select the defense strategy, in the second stage, the attack and defense process is modelled as a two-player general-sum Markov game and the optimal defense strategy is acquired by quantitative analysis based on the first stage. The evaluation shows that the proposed algorithm has about 10% security utility improvement compared to the state-of-the-art. |
| format | Article |
| id | doaj-art-e5b8d98159ee49b9bbd71b6422f95252 |
| institution | Kabale University |
| issn | 0954-0091 1360-0494 |
| language | English |
| publishDate | 2021-04-01 |
| publisher | Taylor & Francis Group |
| record_format | Article |
| series | Connection Science |
| spelling | doaj-art-e5b8d98159ee49b9bbd71b6422f952522025-08-20T03:26:17ZengTaylor & Francis GroupConnection Science0954-00911360-04942021-04-0133235937910.1080/09540091.2020.18329601832960An adaptive defense mechanism to prevent advanced persistent threatsYi-xi Xie0Li-xin Ji1Ling-shu Li2Zehua Guo3Thar Baker4PLA Strategic Support Force Information Engineering UniversityPLA Strategic Support Force Information Engineering UniversityPLA Strategic Support Force Information Engineering UniversityBeijing Institute of Technology, Fort CollinsDepartment of Computer Science, College of Computing and Informatics, University of SharjahThe expansion of information technology infrastructure is encountered with Advanced Persistent Threats (APTs), which can launch data destruction, disclosure, modification, and/or Denial of Service attacks by drawing upon vulnerabilities of software and hardware. Moving Target Defense (MTD) is a promising risk mitigation technique that replies to APTs via implementing randomisation and dynamic strategies on compromised assets. However, some MTD techniques adopt the blind random mutation, which causes greater performance overhead and worse defense utility. In this paper, we formulate the cyber-attack and defense as a dynamic partially observable Markov process based on dynamic Bayesian inference. Then we develop an Inference-Based Adaptive Attack Tolerance (IBAAT) system , which includes two stages. In the first stage, a forward–backward algorithm with a time window is employed to perform a security risk assessment. To select the defense strategy, in the second stage, the attack and defense process is modelled as a two-player general-sum Markov game and the optimal defense strategy is acquired by quantitative analysis based on the first stage. The evaluation shows that the proposed algorithm has about 10% security utility improvement compared to the state-of-the-art.http://dx.doi.org/10.1080/09540091.2020.1832960advanced persistent threatsmoving target defenserisk assessmentbayesian networkmarkov game |
| spellingShingle | Yi-xi Xie Li-xin Ji Ling-shu Li Zehua Guo Thar Baker An adaptive defense mechanism to prevent advanced persistent threats Connection Science advanced persistent threats moving target defense risk assessment bayesian network markov game |
| title | An adaptive defense mechanism to prevent advanced persistent threats |
| title_full | An adaptive defense mechanism to prevent advanced persistent threats |
| title_fullStr | An adaptive defense mechanism to prevent advanced persistent threats |
| title_full_unstemmed | An adaptive defense mechanism to prevent advanced persistent threats |
| title_short | An adaptive defense mechanism to prevent advanced persistent threats |
| title_sort | adaptive defense mechanism to prevent advanced persistent threats |
| topic | advanced persistent threats moving target defense risk assessment bayesian network markov game |
| url | http://dx.doi.org/10.1080/09540091.2020.1832960 |
| work_keys_str_mv | AT yixixie anadaptivedefensemechanismtopreventadvancedpersistentthreats AT lixinji anadaptivedefensemechanismtopreventadvancedpersistentthreats AT lingshuli anadaptivedefensemechanismtopreventadvancedpersistentthreats AT zehuaguo anadaptivedefensemechanismtopreventadvancedpersistentthreats AT tharbaker anadaptivedefensemechanismtopreventadvancedpersistentthreats AT yixixie adaptivedefensemechanismtopreventadvancedpersistentthreats AT lixinji adaptivedefensemechanismtopreventadvancedpersistentthreats AT lingshuli adaptivedefensemechanismtopreventadvancedpersistentthreats AT zehuaguo adaptivedefensemechanismtopreventadvancedpersistentthreats AT tharbaker adaptivedefensemechanismtopreventadvancedpersistentthreats |