Quickest Detection of Advanced Persistent Threats: A Semi-Markov Game Approach

Sahabandu, Dinuka; Allen, Joey; Moothedath, Shana; Bushnell, Linda; Lee, Wenke; Poovendran, Radha

doi:10.1109/iccps48487.2020.00009

Cited by 3 publications

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The relevant research regarding this question has been observed to include different types of cyber attacks targeting specific platforms, such as personal computers and smartphones. On the one hand, as observed in Table 11, the AI techniques used against personal computers were machine learning [23,119,122,156,157], deep neural networks [158], game theory [159][160][161][162][163][164][165][166][167][168], fuzzy neural networks [169,170], and anomaly detection [123]. In research by [112], several machine learning classifiers were adopted, including naïve Bayes, Bayes net, K-nearest-neighbor (KNN), random forest, and SVM.…”

Section: Ai Techniques/algorithms Used To Detect Apts In Personal Com...mentioning

confidence: 99%

“…A basic framework that splits a generic APT into three primary temporal periods was also presented in a study [165]. The DIFT has been presented as a viable approach for detecting and preventing various cyber attacks in computer systems [166].…”

Section: Ai Techniques/algorithms Used To Detect Apts In Personal Com...mentioning

confidence: 99%

“…These factors specify how the assault is undertaken when launched, in addition to the threat detection efficiency. It is critical as the threats are persistent, and the harm they inflict on a system is more significant when the adversary spends a longer period in the system [166].…”

Section: Utilization Of Generic Pathmentioning

confidence: 99%

See 2 more Smart Citations

A Systematic Literature Review and a Conceptual Framework Proposition for Advanced Persistent Threats (APT) Detection for Mobile Devices Using Artificial Intelligence Techniques

2023

View full text Add to dashboard Cite

Advanced persistent threat (APT) refers to a specific form of targeted attack used by a well-organized and skilled adversary to remain undetected while systematically and continuously exfiltrating sensitive data. Various APT attack vectors exist, including social engineering techniques such as spear phishing, watering holes, SQL injection, and application repackaging. Various sensors and services are essential for a smartphone to assist in user behavior that involves sensitive information. Resultantly, smartphones have become the main target of APT attacks. Due to the vulnerability of smartphone sensors, several challenges have emerged, including the inadequacy of current methods for detecting APTs. Nevertheless, several existing APT solutions, strategies, and implementations have failed to provide comprehensive solutions. Detecting APT attacks remains challenging due to the lack of attention given to human behavioral factors contributing to APTs, the ambiguity of APT attack trails, and the absence of a clear attack fingerprint. In addition, there is a lack of studies using game theory or fuzzy logic as an artificial intelligence (AI) strategy for detecting APT attacks on smartphone sensors, besides the limited understanding of the attack that may be employed due to the complex nature of APT attacks. Accordingly, this study aimed to deliver a systematic review to report on the extant research concerning APT detection for mobile sensors, applications, and user behavior. The study presents an overview of works performed between 2012 and 2023. In total, 1351 papers were reviewed during the primary search. Subsequently, these papers were processed according to their titles, abstracts, and contents. The resulting papers were selected to address the research questions. A conceptual framework is proposed to incorporate the situational awareness model in line with adopting game theory as an AI technique used to generate APT-based tactics, techniques, and procedures (TTPs) and normal TTPs and cognitive decision making. This framework enhances security awareness and facilitates the detection of APT attacks on smartphone sensors, applications, and user behavior. It supports researchers in exploring the most significant papers on APTs related to mobile sensors, services, applications, and detection techniques using AI.

show abstract

Section: Ai Techniques/algorithms Used To Detect Apts In Personal Com...mentioning

confidence: 99%

Section: Ai Techniques/algorithms Used To Detect Apts In Personal Com...mentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Literature Review and a Conceptual Framework Proposition for Advanced Persistent Threats (APT) Detection for Mobile Devices Using Artificial Intelligence Techniques

2023

View full text Add to dashboard Cite

show abstract

“…On this basis, an optimal defense strategy selection algorithm for moving targets was proposed. Sahabandu et al [16] adopted Markov game to model Dynamic Information Flow Tracking (DIFT) and Advanced Persistent reats (APTs) as a two-person zero-sum game model and proposed Q-learning algorithm to solve the problem of APTs attack detection. Li et al [17] considered the optimal decisionmaking method of moving target defense and used Markov game method to calculate the optimal strategy in time and space, thus improving the value of the decision.…”

Section: Introductionmentioning

confidence: 99%

Optimal Network Defense Strategy Selection Method: A Stochastic Differential Game Model

Mao

Zhang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

In a real-world network confrontation process, attack and defense actions change rapidly and continuously. The network environment is complex and dynamically random. Therefore, attack and defense strategies are inevitably subject to random disturbances during their execution, and the transition of the network security state is affected accordingly. In this paper, we construct a network security state transition model by referring to the epidemic evolution process, use Gaussian noise to describe random effects during the strategy execution, and introduce a random disturbance intensity factor to describe the degree of random effects. On this basis, we establish an attack-defense stochastic differential game model, propose a saddle point equilibrium solution method, and provide an algorithm to select the optimal defense strategy. Our method achieves real-time defense decision-making in network attack-defense scenarios with random disturbances and has better real-time performance and practicality than current methods. Results of a simulation experiment show that our model and algorithm are effective and feasible.

show abstract

A constraint partially observable semi-Markov decision process for the attack–defence relationships in various critical infrastructures

Niknami

2021

Cyber-Physical Systems

View full text Add to dashboard Cite

Quickest Detection of Advanced Persistent Threats: A Semi-Markov Game Approach

Cited by 3 publications

References 17 publications

A Systematic Literature Review and a Conceptual Framework Proposition for Advanced Persistent Threats (APT) Detection for Mobile Devices Using Artificial Intelligence Techniques

A Systematic Literature Review and a Conceptual Framework Proposition for Advanced Persistent Threats (APT) Detection for Mobile Devices Using Artificial Intelligence Techniques

Optimal Network Defense Strategy Selection Method: A Stochastic Differential Game Model

A constraint partially observable semi-Markov decision process for the attack–defence relationships in various critical infrastructures

Contact Info

Product

Resources

About