Skip to main content
SpringerLink
Log in

Keeping Your Enemies Closer: Shedding Light on the Attacker’s Optimal Strategy

  • Conference paper
  • First Online:
Science of Cyber Security (SciSec 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14299))

Included in the following conference series:

  • 276 Accesses

Abstract

Realistically simulating a human attacker can effectively help the defender identify security weaknesses in the network. One important factor that affects the attacker’s strategy is the various human characteristics. In this paper, we develop an attack engine, dubbed Attacker-Patience-Experience-Curiosity or APEC for short, to model the attacker’s strategy under uncertainty. The proposed model is based on the Partially Observable Markov Decision Process (POMDP) model, taking three familiar characteristics of the attacker into consideration, including: (i) patience towards the target network; (ii) experience with attack tools; (iii) curiosity to develop new attack tools. These characteristics are modeled into the state space, action space, transition function, and reward function in the POMDP model. We further propose the betrayal principle, sunk cost, and “silence speaks volumes” to demonstrate how the attacker’s characteristics affect its strategy, and why the attacker’s strategy is changed at some specific points. We evaluate the effectiveness of the proposed model over two realistic network scenarios and draw several useful insights.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Lallie, H.S., Debattista, K., Bal, J.: A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev. 35, 100219 (2020)

    Article  MathSciNet  MATH  Google Scholar 

  2. Shengwei, Y., et al.: Overview on attack graph generation and visualization technology In: International Conference on Anti-Counterfeiting, Security and Identification, pp. 1–6 (2013)

    Google Scholar 

  3. Lockheed, M.: The cyber kill chain. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

  4. Al Shebli, H.M.Z., Beheshti, B.D.: A study on penetration testing process and tools. In: 2018 IEEE Long Island Systems, Applications and Technology Conference, pp. 1–7 (2018)

    Google Scholar 

  5. Vyas, S., Hannay, J., Bolton, A., Burnap, P.P.: Automated cyber defence: a review. arXiv (2023)

    Google Scholar 

  6. Kadivar, M.: Cyber-attack attributes. Technol. Innov. Manage. Rev. 22–27 (2014)

    Google Scholar 

  7. Chapple, M., Seidl, D.: CompTIA Security+ Study Guide: Exam SY0-601. 8th edn. ISBN-13 is 978–1119736257, Sybex (2021)

    Google Scholar 

  8. Boddy, M.S., Gohde, J., Haigh, T., Harp, S.A.: Course of action generation for cyber security using classical planning. In: The Fifteenth International Conference on Automated Planning and Scheduling, pp. 12–21 (2005)

    Google Scholar 

  9. Hoffmann, J.: Simulated penetration testing: from “Dijkstra" to “Turing Test++”. In: The Twenty-Fifth International Conference on Automated Planning and Scheduling, pp. 364–372 (2015)

    Google Scholar 

  10. Sarraute, C., Buffet, O., Hoffmann, J.: POMDPs make better hackers: accounting for uncertainty in penetration testing. In: The Twenty-Sixth AAAI Conference on Artificial Intelligence, pp. 1816–1824 (2012)

    Google Scholar 

  11. Sarraute, C., Richarte, G., Lucángeli Obes, J.: an algorithm to find optimal attack paths in nondeterministic scenarios. In: The 4th ACM Workshop on Security and Artificial Intelligence, pp. 71–80 (2011)

    Google Scholar 

  12. Shmaryahu, D., Shani, G., Hoffmann, J., Steinmetz, M.: Simulated penetration testing as contingent planning. In: The Twenty-Eighth International Conference on Automated Planning and Scheduling, pp. 241–249 (2018)

    Google Scholar 

  13. Schwartz, J., Kurniawati, H., El-Mahassni, E.: “POMDP + information-decay: incorporating defender’s behaviour in autonomous penetration testing. In: The Thirtieth International Conference on Automated Planning and Scheduling, pp. 235–243 (2020)

    Google Scholar 

  14. Holm, H.: Lore a red team emulation tool. IEEE Trans. Dependable Secure Comput. 20(2), 1596–1608 (2023)

    Article  MathSciNet  Google Scholar 

  15. Randhawa, S., Turnbull, B., Yuen, J., Dean, J.: Mission-centric automated cyber red teaming. In: The 13th International Conference on Availability, Reliability and Security, pp. 1–11 (2018)

    Google Scholar 

  16. Vats, P., Mandot, M., Gosain, A.: A comprehensive literature review of penetration testing & its applications. In: 8th International Conference on Reliability, Infocom Technologies and Optimization, pp. 674–680 (2020)

    Google Scholar 

  17. Maeda, R., Mimura, M.: Automating post-exploitation with deep reinforcement learning. Comput. Secur. 100, 102–108 (2020)

    Google Scholar 

  18. Alsaheel, A., et al.: ATLAS: a sequence-based learning approach for attack investigation. In: The 30th USENIX Security Symposium, pp. 3005–3022 (2021)

    Google Scholar 

  19. Li, J., Ou, X., Rajagopalan, R.: Uncertainty and risk management in cyber situational awareness. In: Uncertainty and Risk Management in Cyber Situational Awareness (2010)

    Google Scholar 

  20. Applebaum, A., Miller, D., Strom, B., Korban, C., Wolf, R.: Intelligent, automated red team emulation. In: The 32nd Annual Conference on Computer Security Applications, pp. 363–373 (2020)

    Google Scholar 

  21. Erik, M., Mohammad, R., Demosthenis, T.: A POMDP approach to the dynamic defense of large-scale cyber networks. IEEE Trans. Inf. Forensics Secur. 13, 2490–2505 (2018)

    Article  Google Scholar 

  22. Abomhara, M., Køien, G.M.: Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Cyber Secur. 65–88 (2015)

    Google Scholar 

  23. Munaiah, N., Rahman, A., Pelletier, J., Williams, L., Meneely, A.: Characterizing attacker behavior in a cybersecurity penetration testing competition. In: ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 1–6 (2019)

    Google Scholar 

  24. Gabrys, R., et al.: Emotional state classification and related behaviors among cyber attackers. In: Proceedings of the 56th Hawaii International Conference on System Sciences, pp. 846–855 (2023)

    Google Scholar 

  25. Åström, K.J.: Optimal control of Markov processes with incomplete state information. J. Math. Anal. Appl. 10, 174–205 (1965)

    Article  MathSciNet  MATH  Google Scholar 

  26. Perry, I., et al.: Differentiating and predicting cyberattack behaviors using LSTM. In: IEEE Conference on Dependable and Secure Computing, pp. 1–8 (2018)

    Google Scholar 

  27. Ghanem, M.C., Chen, T.M.: Reinforcement Learning for efficient network penetration testing. Article 6 (2020)

    Google Scholar 

  28. Lye, K.-W., Wing J.M.: Game Strategies in Network Security. vol. 4, pp. 1615–5262. Springer, Cham (2005)

    Google Scholar 

  29. Shridhar, M, Panpan, C.: Efficient point-based POMDP planning by approximating. Accessed 10 Nov 2021

    Google Scholar 

Download references

Acknowledgment

This work was supported by the National Key R &D Program of China with No. 2021YFB3101402, Defense Industrial Technology Development Program (Grant JCKY2021906A001), NSFC No.61902397, NSFC No. U2003111 and 61871378.

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Weixia Cai, Huashan Chen & Feng Liu

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Weixia Cai & Feng Liu

Authors
  1. Weixia Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Huashan Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Feng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Huashan Chen .

Editor information

Editors and Affiliations

  1. Columbia University, New York, NY, USA

    Moti Yung

  2. RMIT University, Melbourne, VIC, Australia

    Chao Chen

  3. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cai, W., Chen, H., Liu, F. (2023). Keeping Your Enemies Closer: Shedding Light on the Attacker’s Optimal Strategy. In: Yung, M., Chen, C., Meng, W. (eds) Science of Cyber Security . SciSec 2023. Lecture Notes in Computer Science, vol 14299. Springer, Cham. https://doi.org/10.1007/978-3-031-45933-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-45933-7_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-45932-0

  • Online ISBN: 978-3-031-45933-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation