Assessing the risk of advanced persistent threats

TL;DR

This paper develops a dynamic model and optimization framework to quantitatively assess the risk of advanced persistent threats (APTs), revealing how attack strategies influence potential losses and identifying key risk factors.

Contribution

It introduces a novel dynamic risk assessment model for APTs and demonstrates that the hill-climbing attack strategy maximizes expected loss compared to heuristics.

Findings

HC strategy leads to maximum expected loss

HC strategy causes higher risk than heuristic strategies

Factors influencing attacker's cost profit are quantified

Abstract

As a new type of cyber attacks, advanced persistent threats (APTs) pose a severe threat to modern society. This paper focuses on the assessment of the risk of APTs. Based on a dynamic model characterizing the time evolution of the state of an organization, the organization's risk is defined as its maximum possible expected loss, and the risk assessment problem is modeled as a constrained optimization problem. The influence of different factors on an organization's risk is uncovered through theoretical analysis. Based on extensive experiments, we speculate that the attack strategy obtained by applying the hill-climbing method to the proposed optimization problem, which we call the HC strategy, always leads to the maximum possible expected loss. We then present a set of five heuristic attack strategies and, through comparative experiments, show that the HC strategy causes a higher risk than all these heuristic strategies do, which supports our conjecture. Finally, the impact of two factors on the attacker's HC cost profit is determined through computer simulations. These findings help understand the risk of APTs in a quantitative manner.