A Quantitative Framework to Model Advanced Persistent Threats

Luan Huy Pham, Massimiliano Albanese, Benjamin W. Priest

2018

Abstract

In recent years, Advanced Persistent Threats (APTs) have emerged as increasingly sophisticated cyber attacks, often waged by state actors or other hostile organizations against high-profile targets. APT actors employ a diversified set of sophisticated tools and advanced capabilities to penetrate target systems, evade detection, and maintain a foothold within compromised systems for extended periods of time. Stealth and persistence enable APT actors to conduct long-term espionage and sabotage operations. Despite significant efforts to develop APT detection and mitigation capabilities, the stealthy nature of APTs poses significant challenges, and defending from such threats is still an open research problem. In particular, quantitative models to capture how APTs may create and maintain a foothold within a target system are lacking. To address this gap, we propose a quantitative framework to (i) assess the cost incurred by APT actors to compromise and persist within a target system; (ii) estimate the value they gain over time by persisting in the system; (iii) simulate how the footprint of an APT evolves over time when, to maintain stealth, attackers have constraints on the volume of potentially detectable activity they can engage in. We also propose a preliminary defender model, and results from the evaluation show that our approach is promising, thus encouraging further research in this direction.

Download


Paper Citation


in Harvard Style

Huy Pham L., Albanese M. and W. Priest B. (2018). A Quantitative Framework to Model Advanced Persistent Threats.In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT, ISBN 978-989-758-319-3, pages 282-293. DOI: 10.5220/0006872602820293


in Bibtex Style

@conference{secrypt18,
author={Luan Huy Pham and Massimiliano Albanese and Benjamin W. Priest},
title={A Quantitative Framework to Model Advanced Persistent Threats},
booktitle={Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT,},
year={2018},
pages={282-293},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006872602820293},
isbn={978-989-758-319-3},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT,
TI - A Quantitative Framework to Model Advanced Persistent Threats
SN - 978-989-758-319-3
AU - Huy Pham L.
AU - Albanese M.
AU - W. Priest B.
PY - 2018
SP - 282
EP - 293
DO - 10.5220/0006872602820293