Abstract
Advanced persistent threats present significant security challenges due to their customized, stealthy and adaptive nature. Since no generic solution exists to combat advanced persistent threats, the recommended option is to employ information security best practices. While practitioner-oriented security guidelines have been published by the International Organization for Standardization and the U.S. National Institute of Standards and Technology, they cannot be employed in rigorous quantitative analyses required for objective decision making such as choosing countermeasures that balance security, cost and usability. In contrast, game-theoretic approaches, which express the behavior of rational agents that maximize their utility, provide appropriate models for objective decision making.
This chapter conducts a critical analysis of several game-theoretic approaches for analyzing advanced persistent threats. Eleven highly-cited, peer-reviewed articles from the research literature are examined in terms of their objectives, features, game models and solutions. The models provide valuable insights into advanced persistent threat behavior, support resource-optimal decision making and can be mapped to the various risk management stages. However, they have some delicate modeling and analysis limitations. The critical analysis exposes the omissions in the literature and points to future research focused on integrating practitioner perspectives in game-theoretic approaches to advance information security risk management.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
M. Ahmadian and D. Marinescu, Information leakage in cloud data warehouses, IEEE Transactions on Sustainable Computing, vol. 5(2), pp. 192–203, 2020.
A. Alshamrani, S. Myneni, A. Chowdhary and D. Huang, A survey of advanced persistent threats: Techniques, solutions, challenges and research opportunities, IEEE Communications Surveys and Tutorials, vol. 21(2), pp. 1852–1877, 2019.
R. Brewer, Advanced persistent threats: Minimizing the damage, Network Security, vol. 2014(4), pp. 5–9, 2014.
L. Busoniu, R. Babuska and B. De Schutter, A comprehensive survey of multiagent reinforcement learning, IEEE Transactions on Systems, Man and Cybernetics, Part C (Applications and Reviews), vol. 38(2), pp. 156–172, 2008.
H. Cavusoglu, S. Raghunathan and B. Mishra, Optimal design of information technology security architectures, Proceedings of the International Conference on Information Systems, pp. 749–756, 2002.
P. Chen, L. Desmet and C. Huygens, A study on advanced persistent threats, in Communications and Multimedia Security, B. De Decker and A. Zuquete (Eds.), Springer, Berlin Heidelberg, Germany, pp. 63–72, 2014.
F. Cohen, The use of deception techniques: Honeypots and decoys, in Handbook of Information Security, Volume 3, H. Bidgoli (Ed.), John Wiley, Chichester, United Kingdom, pp. 646–655, 2006.
X. Deng, X. Zheng, X. Su, F. Chan, Y. Hu, R. Sadiq and Y. Deng, An evidential game theory framework for a multi-criteria decision making process, Applied Mathematics and Computation, vol. 244, pp. 783–793, 2014.
T. Do, N. Tran, C. Hong, C. Kamhoua, K. Kwiat, E. Blasch, S. Ren, N. Pissinou and S. Iyengar, Game theory for cyber security and privacy, ACM Computing Surveys, vol. 50(2), article no. 30, 2017.
Elsevier, ScienceDirect, Amsterdam, The Netherlands (www.sciencedirect.com), 2020.
C. Esposito, M. Ficco, F. Palmieri and A. Castiglione, Smart cloud storage service selection based on fuzzy logic: Theory of evidence and game theory, IEEE Transactions on Computers, vol. 65(8), pp. 2348–2362, 2016.
J. Filar and B. Tolwinski, On the algorithm of Pollatschek and Avi-ltzhak, in Stochastic Games and Related Topics, T. Raghavan, T. Ferguson, T. Parthasarathy and O. Vrieze (Eds.), Springer, Dordrecht, The Netherlands, pp. 59–70, 1991.
A. Fink, Equilibrium in a stochastic n-person game, Journal of Sciences of the Hiroshima University, Series A-I (Mathematics), vol. 28(1), pp. 89–93, 1964.
D. Fudenberg and J. Tirole, Game Theory, MIT Press, Cambridge, Massachusetts, 2000.
Google, Google Scholar, Mountain View, California (scholar.google.com), 2020.
J. Harrington, Games, Strategies and Decision Making, Worth Publishers, New York, 2009.
P. Hu, H. Li, H. Fu, D. Cansever and P. Mohapatra, Dynamic defense strategy against advanced persistent threat with insiders, Proceedings of the IEEE Conference on Computer Communications, pp. 747–755, 2015.
L. Huang and Q. Zhu, A dynamic games approach to proactive defense strategies against advanced persistent threats in cyber-physical systems, Computers and Security, vol. 89, article no. 101660, 2020.
International Organization for Standardization, ISO 31000:2018 Risk Management – Guidelines, Geneva, Switzerland, 2018.
Joint Task Force Transformation Initiative, Managing Information Security Risk: Organization, Mission and Information System View, NIST Special Publication 800-39, National Institute of Standards and Technology, Gaithersburg, Maryland, 2011.
N. Kaloudi and J. Li, The AI-based cyber threat landscape: A survey, ACM Computing Surveys, vol. 53(1), article no. 20, 2020.
C. Kiennert, Z. Ismail, H. Debar and J. Leneutre, A survey of game-theoretic approaches for intrusion detection and response optimization, ACM Computing Surveys, vol. 51(5), article no. 90, 2018.
D. Kushner, The real story of Stuxnet, IEEE Spectrum, vol. 50(3), pp. 48–53, 2013.
C. Lei, H. Zhang, J. Tan, Y. Zhang and X. Liu, Moving target defense techniques: A survey, Security and Communication Networks, vol. 2018, article no. 3759626, 2018.
K. Leyton-Brown and Y. Shoham, Essentials of Game Theory: A Concise Multidisciplinary Introduction, Morgan and Claypool Publishers, San Rafael, California, 2008.
X. Liang and Y. Xiao, Game theory for network security, IEEE Communications Surveys and Tutorials, vol. 15(1), pp. 472–486, 2013.
R. Luh, S. Marschalek, M. Kaiser, H. Janicke and S. Schrittwieser, Semantics-aware detection of targeted attacks: A survey, Journal of Computer Virology and Hacking Techniques, vol. 13(1), pp. 47–85, 2017.
J. Marden and J. Shamma, Game theory and distributed control, in Handbook of Game Theory with Economic Applications, Volume 4, H. Young and S. Zamir (Eds.), Elsevier, Amsterdam, The Netherlands, pp. 861–899, 2015.
R. McDermott, Risk-Taking in International Politics, University of Michigan Press, Ann Arbor, Michigan, 2001.
Microsoft, Microsoft Academic, Redmond, Washington (academic.microsoft.com/home), 2020.
M. Min, L. Xiao, C. Xie, M. Hajimirsadeghi and N. Mandayam, Defense against advanced persistent threats in dynamic cloud storage: A Colonel Blotto game approach, IEEE Internet of Things Journal, vol. 5(6), pp. 4250–4261, 2018.
R. Myerson, Game Theory: Analysis of Conflict, Harvard University Press, Cambridge, Massachusetts, 1991.
J. Osborne and A. Rubinstein, A Course in Game Theory, MIT Press, Cambridge, Massachusetts, 1994.
J. Pawlick, E. Colbert and Q. Zhu, A game-theoretic taxonomy and survey of defensive deception for cyber security and privacy, ACM Computing Surveys, vol. 52(4), article no. 82, 2019.
J. Pawlick, S. Farhang and Q. Zhu, Flip the cloud: Cyber-physical signaling games in the presence of advanced persistent threats, in Decision and Game Theory for Security, M. Khouzani, E. Panaousis and G. Theodorakopoulos (Eds.), Springer, Cham, Switzerland, pp. 289–308, 2015.
S. Rass, S. Konig and S. Schauer, Defending against advanced persistent threats using game theory, PLOS ONE, vol. 12(1), article no. e0168675, 2017.
S. Rass and Q. Zhu, GADAPT: A sequential game-theoretic framework for designing defense-in-depth strategies against advanced persistent threats, in Decision and Game Theory for Security, Q. Zhu, T. Alpcan, E. Panaousis, M. Tambe and W. Casey (Eds.), Springer, Cham, Switzerland, pp. 314–326, 2016.
L. Shapley, Stochastic games, Proceedings of the National Academy of Sciences, vol. 39(10), pp. 1095–1100, 1953.
J. Stankovic, J. Sturges and J. Eisenberg, A 21st century cyber-physical systems education, IEEE Computer, vol. 50(12), pp. 82–85, 2017.
G. Stoneburner, A. Goguen and A. Feringa, Risk Management Guide for Information Technology Systems, NIST Special Publication 800-30, National Institute of Standards and Technology, Gaithersburg, Maryland, 2002.
B. Tarzey, The trouble heading for your business in 2013, Computer Weekly, March 1, 2013.
W. Tian, X. Ji, W. Liu, J. Zhai, G. Liu, Y. Dai and S. Huang, Honeypot game-theoretical model for defending against APT attacks with limited resources in cyber-physical systems, Electronics and Telecommunications Research Institute Journal, vol. 41(5), pp. 585–598, 2019.
D. Tosh, I. Vakilinia, S. Shetty, S. Sengupta, C. Kamhoua, L. Njilla and K. Kwiat, Three-layer game theoretic decision framework for cyber investment and cyber insurance, in Decision and Game Theory for Security, S. Rass, B. An, C. Kiekintveld, F. Fang and S. Schauer (Eds.), Springer, Cham, Switzerland, pp. 519–532, 2017.
M. van Dijk, A. Juels, A. Oprea and R. Rivest, FlipIt: The game of “stealthy takeover,” Journal of Cryptology, vol. 26(4), pp. 655–713, 2013.
V. Verendel, Quantified security is a weak hypothesis: A critical survey of results and assumptions, Proceedings of the New Security Paradigms Workshop, pp. 37–50, 2009.
K. Wang, M. Du, D. Yang, C. Zhu, J. Shen and Y. Zhang, Game-theory-based active defense for intrusion detection in cyber-physical embedded systems, ACM Transactions on Embedded Computing Systems, vol. 16(1), article no. 18, 2016.
G. Wangen, C. Hallstensen and E. Snekkenes, A framework for estimating information security risk assessment method completeness, International Journal of Information Security, vol. 17(6), pp. 681–699, 2018.
H. Wu and W. Wang, A game theory based collaborative security detection method for Internet of Things systems, IEEE Transactions on Information Forensics and Security, vol. 13(6), pp. 1432–1445, 2018.
L. Xiao, D. Xu, C. Xie, N. Mandayam and H. Poor, Cloud storage defense against advanced persistent threats: A prospect-theoretic study, IEEE Journal on Selected Areas in Communications, vol. 35(3), pp. 534–544, 2017.
L. Yang, P. Li, Y. Zhang, X. Yang, Y. Xiang and W. Zhou, Effective repair strategy against advanced persistent threats: A differential game approach, IEEE Transactions on Information Forensics and Security, vol. 14(7), pp. 1713–1728, 2019.
Q. Zhu and T. Basar, Game-theoretic approach to feedback-driven multistage moving target defense, in Decision and Game Theory for Security, S. Das, C. Nita-Rotaru and M. Kantarcioglu (Eds.), Springer, Cham, Switzerland, pp. 246–263, 2013.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kumar, R., Singh, S., Kela, R. (2022). Analyzing Advanced Persistent Threats Using Game Theory: A Critical Literature Review. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XV. ICCIP 2021. IFIP Advances in Information and Communication Technology, vol 636. Springer, Cham. https://doi.org/10.1007/978-3-030-93511-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-93511-5_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93510-8
Online ISBN: 978-3-030-93511-5
eBook Packages: Computer ScienceComputer Science (R0)