Foundations of Adaptive Cyber Defense Against Advanced Persistent Threats

Abstract

The term Advanced Persistent Threats (APTs) refers both to highly-sophisticated, often nation-state attackers with tremendous resources and to the malware they employ to compromise their target – to which no organization has proven immune. Dynamic and deception-based defense techniques offer a possible solution. Such techniques, including Moving Target Defense (MTD) and Adaptive Cyber Defense(ACD) techniques, prevent or delay attacks against computer networks by dynamically altering characteristics of the systems or network in a manner to present attackers with a variable, possibly deceptive attack surface and disrupt the planning or execution of cyber-attacks. To better leverage these techniques, this work proposes a novel model to capture how advanced, stealthy adversaries, including APT actors, acquire knowledge about the target network and establish and expand their foothold within the system. This model quantifies the cost and reward, from the adversary's perspective, of compromising and maintaining control over targets within the network. With this foundational understanding of attacker incentives and deterrents, as well as their predicted position in the network, existing defenses can be refined and innovative defenses can be built specifically to counteract the threat posed by APTs.