Assessing the risk of advanced persistent threats
This work provides a quantitative method for cybersecurity professionals to understand APT risks, but it is incremental as it builds on existing optimization and simulation techniques.
The paper tackled the problem of assessing the risk of advanced persistent threats (APTs) by modeling it as a constrained optimization problem based on a dynamic organizational state, and found that a hill-climbing attack strategy (HC) leads to higher risk than five heuristic strategies, as shown through experiments.
As a new type of cyber attacks, advanced persistent threats (APTs) pose a severe threat to modern society. This paper focuses on the assessment of the risk of APTs. Based on a dynamic model characterizing the time evolution of the state of an organization, the organization's risk is defined as its maximum possible expected loss, and the risk assessment problem is modeled as a constrained optimization problem. The influence of different factors on an organization's risk is uncovered through theoretical analysis. Based on extensive experiments, we speculate that the attack strategy obtained by applying the hill-climbing method to the proposed optimization problem, which we call the HC strategy, always leads to the maximum possible expected loss. We then present a set of five heuristic attack strategies and, through comparative experiments, show that the HC strategy causes a higher risk than all these heuristic strategies do, which supports our conjecture. Finally, the impact of two factors on the attacker's HC cost profit is determined through computer simulations. These findings help understand the risk of APTs in a quantitative manner.