Lu-Xing Yang

Pengdeng Li, Lu-Xing Yang, Xiaofan Yang et al.

The new cyber attack pattern of advanced persistent threat (APT) has posed a serious threat to modern society. This paper addresses the APT defense problem, i.e., the problem of how to effectively defend against an APT campaign. Based on a novel APT attack-defense model, the effectiveness of an APT defense strategy is quantified. Thereby, the APT defense problem is modeled as an optimal control problem, in which an optimal control stands for a most effective APT defense strategy. The existence of an optimal control is proved, and an optimality system is derived. Consequently, an optimal control can be figured out by solving the optimality system. Some examples of the optimal control are given. Finally, the influence of some factors on the effectiveness of an optimal control is examined through computer experiments. These findings help organizations to work out policies of defending against APTs.

Lu-Xing Yang, Pengdeng Li, Xiaofan Yang et al.

This paper is devoted to measuring the security of cyber networks under advanced persistent threats (APTs). First, an APT-based cyber attack-defense process is modeled as an individual-level dynamical system. Second, the dynamic model is shown to exhibit the global stability. On this basis, a new security metric of cyber networks, which is known as the limit security, is defined as the limit expected fraction of compromised nodes in the networks. Next, the influence of different factors on the limit security is illuminated through theoretical analysis and computer simulation. This work helps understand the security of cyber networks under APTs.

Xiaofan Yang, Tianrui Zhang, Lu-Xing Yang et al.

As a new type of cyber attacks, advanced persistent threats (APTs) pose a severe threat to modern society. This paper focuses on the assessment of the risk of APTs. Based on a dynamic model characterizing the time evolution of the state of an organization, the organization's risk is defined as its maximum possible expected loss, and the risk assessment problem is modeled as a constrained optimization problem. The influence of different factors on an organization's risk is uncovered through theoretical analysis. Based on extensive experiments, we speculate that the attack strategy obtained by applying the hill-climbing method to the proposed optimization problem, which we call the HC strategy, always leads to the maximum possible expected loss. We then present a set of five heuristic attack strategies and, through comparative experiments, show that the HC strategy causes a higher risk than all these heuristic strategies do, which supports our conjecture. Finally, the impact of two factors on the attacker's HC cost profit is determined through computer simulations. These findings help understand the risk of APTs in a quantitative manner.