Defend against advanced persistent threats: An optimal control approach

TL;DR

This paper models advanced persistent threat (APT) defense as an optimal control problem, providing a systematic method to determine the most effective defense strategies against cyber attacks.

Contribution

It introduces a novel APT attack-defense model and formulates the defense problem as an optimal control problem, proving the existence of an optimal strategy and deriving the optimality system.

Findings

Optimal control strategies can be computed for APT defense.

Factors influencing defense effectiveness are analyzed through experiments.

The approach aids organizations in policy formulation against APTs.

Abstract

The new cyber attack pattern of advanced persistent threat (APT) has posed a serious threat to modern society. This paper addresses the APT defense problem, i.e., the problem of how to effectively defend against an APT campaign. Based on a novel APT attack-defense model, the effectiveness of an APT defense strategy is quantified. Thereby, the APT defense problem is modeled as an optimal control problem, in which an optimal control stands for a most effective APT defense strategy. The existence of an optimal control is proved, and an optimality system is derived. Consequently, an optimal control can be figured out by solving the optimality system. Some examples of the optimal control are given. Finally, the influence of some factors on the effectiveness of an optimal control is examined through computer experiments. These findings help organizations to work out policies of defending against APTs.