Optimal Repair Strategy Against Advanced Persistent Threats Under Time-Varying Networks

Zixuan Wang,Jiliang Li,Yuntao Wang,Zhou Su,Shui Yu,Weizhi Meng
2023-09-01
Abstract:Advanced persistent threat (APT) is a kind of stealthy, sophisticated, and long-term cyberattack that has brought severe financial losses and critical infrastructure damages. Existing works mainly focus on APT defense under stable network topologies, while the problem under time-varying dynamic networks (e.g., vehicular networks) remains unexplored, which motivates our work. Besides, the spatiotemporal dynamics in defense resources, complex attackers' lateral movement behaviors, and lack of timely defense make APT defense a challenging issue under time-varying networks. In this paper, we propose a novel game-theoretical APT defense approach to promote real-time and optimal defense strategy-making under both periodic time-varying and general time-varying environments. Specifically, we first model the interactions between attackers and defenders in an APT process as a dynamic APT repair game, and then formulate the APT damage minimization problem as the precise prevention and control (PPAC) problem. To derive the optimal defense strategy under both latency and defense resource constraints, we further devise an online optimal control-based mechanism integrated with two backtracking-forward algorithms to fastly derive the near-optimal solution of the PPAC problem in real time. Extensive experiments are carried out, and the results demonstrate that our proposed scheme can efficiently obtain optimal defense strategy in 54481 ms under seven attack-defense interactions with 9.64$\%$ resource occupancy in stimulated periodic time-varying and general time-varying networks. Besides, even under static networks, our proposed scheme still outperforms existing representative APT defense approaches in terms of service stability and defense resource utilization.
Computer Science and Game Theory
What problem does this paper attempt to address?
### Problems Addressed by the Paper The paper primarily focuses on how to effectively defend against Advanced Persistent Threats (APT) in time-varying networks (such as vehicular networks). Existing research mostly concentrates on APT defense strategies under stable network topologies, while APT defense strategies in dynamic network environments remain to be explored. Specifically, the paper proposes a new game-theoretic approach for real-time generation of optimal defense strategies in periodic and general time-varying environments. #### Main Contributions 1. **Modeling the Dynamic APT Remediation Problem**: - Models the interaction between APT attackers and defenders as a dynamic APT remediation game. - Further formalizes this serialized APT remediation game as a Precise Prevention and Control (PPAC) optimization problem to find the optimal defense strategy under resource and delay constraints. 2. **Efficient and Practical Solution Methods**: - Proposes an online fast search mechanism, combining two backtracking-forward algorithms (Threat Rate Grading algorithm TRG and Recovery Rate Grading algorithm RRG), and an optimal system to solve the PPAC problem, thereby achieving real-time approximate optimal solutions. 3. **Extensive Experimental Validation**: - Conducts experiments in three scenarios: static, periodic time-varying, and general time-varying networks, demonstrating the effectiveness and feasibility of the proposed scheme. Experimental results show that the scheme can significantly reduce the impact of APT attacks on system utility and save defense resources. Particularly in time-varying network environments, service stability increased to 100%, and defense resource utilization improved to 75.50%. Through these efforts, the paper fills the gap in existing research on APT defense strategies in time-varying network environments, providing new directions and technical support for future research.