An adaptive defense mechanism to prevent advanced persistent threats

Yi xi Xie, Li xin Ji, Ling shu Li, Zehua Guo, Thar Baker

Research output: Contribution to journalArticlepeer-review

Abstract

The expansion of information technology infrastructure is encountered with Advanced Persistent Threats (APTs), which can launch data destruction, disclosure, modification, and/or Denial of Service attacks by drawing upon vulnerabilities of software and hardware. Moving Target Defense (MTD) is a promising risk mitigation technique that replies to APTs via implementing randomisation and dynamic strategies on compromised assets. However, some MTD techniques adopt the blind random mutation, which causes greater performance overhead and worse defense utility. In this paper, we formulate the cyber-attack and defense as a dynamic partially observable Markov process based on dynamic Bayesian inference. Then we develop an Inference-Based Adaptive Attack Tolerance (IBAAT) system, which includes two stages. In the first stage, a forward–backward algorithm with a time window is employed to perform a security risk assessment. To select the defense strategy, in the second stage, the attack and defense process is modelled as a two-player general-sum Markov game and the optimal defense strategy is acquired by quantitative analysis based on the first stage. The evaluation shows that the proposed algorithm has about 10% security utility improvement compared to the state-of-the-art.

Original languageEnglish
Pages (from-to)359-379
Number of pages21
JournalConnection Science
Volume33
Issue number2
DOIs
Publication statusPublished - 16 Oct 2020

Bibliographical note

Funding Information:
This work was supported by National Key Research and Development Program of China (No. 2018YFB0804004) and the National Natural Science Foundation of China (No. 61602509).

Publisher Copyright:
© 2020 Informa UK Limited, trading as Taylor & Francis Group.

Keywords

  • Advanced persistent threats
  • Bayesian network
  • Markov game
  • moving target defense
  • risk assessment

Cite this