Litcius/Paper detail

Impulsive Artificial Defense Against Advanced Persistent Threat

Hao Sun, Xiaofan Yang, Lu‐Xing Yang, Kaifan Huang, Gang Li

2023IEEE Transactions on Information Forensics and Security20 citationsDOIOpen Access PDF

Abstract

Advanced persistent threat (APT) as a new type of cyber espionage poses a severe threat to modern organizations. Artificial APT defense, in which an organization engages experienced cybersecurity experts to artificially check if there exist rootkits implanted by APT actors within the organizational internet and, if so, artificially remove the discovered rootkits, is recognized as an indispensable part of APT defense. There are two different ways of artificial APT defenses: continuous artificial defense (CAD), where the defense work is conducted at all time points, and impulsive artificial defense (IAD), where the defense work is conducted at a scheduled sequence of time points. IAD is superior to CAD in terms of the overall service cost. In the context of IAD, we refer to each sequence of service costs as an IAD policy. This paper addresses the problem of developing a cost-effective IAD policy (the IAD problem). First, by introducing an impulsive state evolutionary model for the organizational intranet, the IAD problem is reduced to an optimal impulsive control model (the IAD model). Second, by deriving the optimality system for the IAD model, an iterative algorithm for solving the IAD model (the IAD algorithm) is presented. Next, the convergence and effectiveness of the IAD algorithm are validated through numerical experiments. Finally, the effect of some factors is inspected. To our knowledge, this is the first time IAD is inspected from the perspective of optimal impulsive control theory.

Topics & Concepts

Computer scienceRootkitContext (archaeology)Computer securityService (business)Artificial intelligenceMalwareEconomyBiologyPaleontologyEconomicsSmart Grid Security and ResilienceNetwork Security and Intrusion DetectionSoftware-Defined Networks and 5G