Adaptive Strategic Cyber Defense for Advanced Persistent Threats in Critical Infrastructure Networks

TL;DR

This paper develops a game-theoretic framework using Bayesian games to model and predict APT behaviors in critical infrastructure networks, enabling strategic defense planning against stealthy and adaptive cyber threats.

Contribution

It introduces a multi-stage Bayesian game model with online belief updates and dynamic programming for defending against sophisticated APTs in critical infrastructure.

Findings

The model predicts attacker behaviors and informs optimal defense strategies.

Online belief updates improve defender's ability to learn and adapt to attacker tactics.

Numerical results demonstrate the tradeoff between immediate rewards and future security outcomes.

Abstract

Advanced Persistent Threats (APTs) have created new security challenges for critical infrastructures due to their stealthy, dynamic, and adaptive natures. In this work, we aim to lay a game-theoretic foundation by establishing a multi-stage Bayesian game framework to capture incomplete information of deceptive APTs and their multi-stage multi-phase movement. The analysis of the perfect Bayesian Nash equilibrium (PBNE) enables a prediction of attacker's behaviors and a design of defensive strategies that can deter the adversaries and mitigate the security risks. A conjugate-prior method allows online computation of the belief and reduces Bayesian update into an iterative parameter update. The forwardly updated parameters are assimilated into the backward dynamic programming computation to characterize a computationally tractable and time-consistent equilibrium solution based on the expanded state space. The Tennessee Eastman (TE) process control problem is used as a case study to demonstrate the dynamic game under the information asymmetry and show that APTs tend to be stealthy and deceptive during their transitions in the cyber layer and behave aggressively when reaching the targeted physical plant. The online update of the belief allows the defender to learn the behavior of the attacker and choose strategic defensive actions that can thwart adversarial behaviors and mitigate APTs. Numerical results illustrate the defender's tradeoff between the immediate reward and the future expectation as well as the attacker's goal to reach an advantageous system state while making the defender form a positive belief.