Abstract
Realistically simulating a human attacker can effectively help the defender identify security weaknesses in the network. One important factor that affects the attacker’s strategy is the various human characteristics. In this paper, we develop an attack engine, dubbed Attacker-Patience-Experience-Curiosity or APEC for short, to model the attacker’s strategy under uncertainty. The proposed model is based on the Partially Observable Markov Decision Process (POMDP) model, taking three familiar characteristics of the attacker into consideration, including: (i) patience towards the target network; (ii) experience with attack tools; (iii) curiosity to develop new attack tools. These characteristics are modeled into the state space, action space, transition function, and reward function in the POMDP model. We further propose the betrayal principle, sunk cost, and “silence speaks volumes” to demonstrate how the attacker’s characteristics affect its strategy, and why the attacker’s strategy is changed at some specific points. We evaluate the effectiveness of the proposed model over two realistic network scenarios and draw several useful insights.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lallie, H.S., Debattista, K., Bal, J.: A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev. 35, 100219 (2020)
Shengwei, Y., et al.: Overview on attack graph generation and visualization technology In: International Conference on Anti-Counterfeiting, Security and Identification, pp. 1–6 (2013)
Lockheed, M.: The cyber kill chain. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Al Shebli, H.M.Z., Beheshti, B.D.: A study on penetration testing process and tools. In: 2018 IEEE Long Island Systems, Applications and Technology Conference, pp. 1–7 (2018)
Vyas, S., Hannay, J., Bolton, A., Burnap, P.P.: Automated cyber defence: a review. arXiv (2023)
Kadivar, M.: Cyber-attack attributes. Technol. Innov. Manage. Rev. 22–27 (2014)
Chapple, M., Seidl, D.: CompTIA Security+ Study Guide: Exam SY0-601. 8th edn. ISBN-13 is 978–1119736257, Sybex (2021)
Boddy, M.S., Gohde, J., Haigh, T., Harp, S.A.: Course of action generation for cyber security using classical planning. In: The Fifteenth International Conference on Automated Planning and Scheduling, pp. 12–21 (2005)
Hoffmann, J.: Simulated penetration testing: from “Dijkstra" to “Turing Test++”. In: The Twenty-Fifth International Conference on Automated Planning and Scheduling, pp. 364–372 (2015)
Sarraute, C., Buffet, O., Hoffmann, J.: POMDPs make better hackers: accounting for uncertainty in penetration testing. In: The Twenty-Sixth AAAI Conference on Artificial Intelligence, pp. 1816–1824 (2012)
Sarraute, C., Richarte, G., Lucángeli Obes, J.: an algorithm to find optimal attack paths in nondeterministic scenarios. In: The 4th ACM Workshop on Security and Artificial Intelligence, pp. 71–80 (2011)
Shmaryahu, D., Shani, G., Hoffmann, J., Steinmetz, M.: Simulated penetration testing as contingent planning. In: The Twenty-Eighth International Conference on Automated Planning and Scheduling, pp. 241–249 (2018)
Schwartz, J., Kurniawati, H., El-Mahassni, E.: “POMDP + information-decay: incorporating defender’s behaviour in autonomous penetration testing. In: The Thirtieth International Conference on Automated Planning and Scheduling, pp. 235–243 (2020)
Holm, H.: Lore a red team emulation tool. IEEE Trans. Dependable Secure Comput. 20(2), 1596–1608 (2023)
Randhawa, S., Turnbull, B., Yuen, J., Dean, J.: Mission-centric automated cyber red teaming. In: The 13th International Conference on Availability, Reliability and Security, pp. 1–11 (2018)
Vats, P., Mandot, M., Gosain, A.: A comprehensive literature review of penetration testing & its applications. In: 8th International Conference on Reliability, Infocom Technologies and Optimization, pp. 674–680 (2020)
Maeda, R., Mimura, M.: Automating post-exploitation with deep reinforcement learning. Comput. Secur. 100, 102–108 (2020)
Alsaheel, A., et al.: ATLAS: a sequence-based learning approach for attack investigation. In: The 30th USENIX Security Symposium, pp. 3005–3022 (2021)
Li, J., Ou, X., Rajagopalan, R.: Uncertainty and risk management in cyber situational awareness. In: Uncertainty and Risk Management in Cyber Situational Awareness (2010)
Applebaum, A., Miller, D., Strom, B., Korban, C., Wolf, R.: Intelligent, automated red team emulation. In: The 32nd Annual Conference on Computer Security Applications, pp. 363–373 (2020)
Erik, M., Mohammad, R., Demosthenis, T.: A POMDP approach to the dynamic defense of large-scale cyber networks. IEEE Trans. Inf. Forensics Secur. 13, 2490–2505 (2018)
Abomhara, M., Køien, G.M.: Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Cyber Secur. 65–88 (2015)
Munaiah, N., Rahman, A., Pelletier, J., Williams, L., Meneely, A.: Characterizing attacker behavior in a cybersecurity penetration testing competition. In: ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 1–6 (2019)
Gabrys, R., et al.: Emotional state classification and related behaviors among cyber attackers. In: Proceedings of the 56th Hawaii International Conference on System Sciences, pp. 846–855 (2023)
Åström, K.J.: Optimal control of Markov processes with incomplete state information. J. Math. Anal. Appl. 10, 174–205 (1965)
Perry, I., et al.: Differentiating and predicting cyberattack behaviors using LSTM. In: IEEE Conference on Dependable and Secure Computing, pp. 1–8 (2018)
Ghanem, M.C., Chen, T.M.: Reinforcement Learning for efficient network penetration testing. Article 6 (2020)
Lye, K.-W., Wing J.M.: Game Strategies in Network Security. vol. 4, pp. 1615–5262. Springer, Cham (2005)
Shridhar, M, Panpan, C.: Efficient point-based POMDP planning by approximating. Accessed 10 Nov 2021
Acknowledgment
This work was supported by the National Key R &D Program of China with No. 2021YFB3101402, Defense Industrial Technology Development Program (Grant JCKY2021906A001), NSFC No.61902397, NSFC No. U2003111 and 61871378.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Cai, W., Chen, H., Liu, F. (2023). Keeping Your Enemies Closer: Shedding Light on the Attacker’s Optimal Strategy. In: Yung, M., Chen, C., Meng, W. (eds) Science of Cyber Security . SciSec 2023. Lecture Notes in Computer Science, vol 14299. Springer, Cham. https://doi.org/10.1007/978-3-031-45933-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-45933-7_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-45932-0
Online ISBN: 978-3-031-45933-7
eBook Packages: Computer ScienceComputer Science (R0)