Defense for Advanced Persistent Threat with Inadvertent or Malicious Insider Threats

TL;DR

This paper introduces a game-theoretical model to analyze and optimize defense strategies against malicious and inadvertent insider threats in cybersecurity, providing quantitative solutions and strategic insights.

Contribution

It develops a unified three-player game framework to analyze insider threats and derives optimal defense strategies with cost comparisons, advancing understanding of insider threat mitigation.

Findings

Active defenses are more effective against inadvertent insiders.

Malicious insiders incur higher costs despite less aggressive defense.

Numerical validation supports strategic recommendations.

Abstract

In this paper, we propose a game-theoretical framework to investigate advanced persistent threat problems with two types of insider threats: malicious and inadvertent. Within this framework, a unified three-player game is established and Nash equilibria are obtained in response to different insiders. By analyzing Nash equilibria, we provide quantitative solutions to the advanced persistent threat problems with insider threats. Furthermore, optimal defense strategy and defender's cost comparisons between two insider threats have been performed. The findings suggest that the defender should employ more active defense strategies against inadvertent insider threats than against malicious insider threats, despite the fact that malicious insider threats cost the defender more. Our theoretical analysis is validated by numerical results, including an additional examination of the conditions of the risky strategies adopted by different insiders. This may help the defender in determining monitoring intensities and defensive strategies.