Effective Quarantine and Recovery Scheme Against Advanced Persistent Threat
IEEE transactions on systems, man, and cybernetics Systems(2021)
Abstract
Advanced persistent threat (APT) for cyber espionage poses a great threat to modern organizations. In order to mitigate the impact of APT on an organization, all the compromised systems in the organization must be quarantined and recovered in a timely and effective way. This article focuses on the problem of customizing a dynamic quarantine and recovery (QAR) scheme for an organization so that the APT impact is minimized. Based on a novel node-level epidemic model characterizing the effect of the QAR scheme on the expected state of the underlying network, we estimate the expected impact of APT under a QAR scheme. On this basis, we model the original problem as an optimal control problem. By use of optimal control theory, we derive the optimality system for the optimal control problem and thereby introduce the concept of normal potential optimal (NPO) control. Next, through comparative experiments, we find that the NPO control outperforms a set of heuristic controls. Hence, the QAR scheme associated with the NPO control is satisfactory in terms of the effectiveness of defending against APT. Finally, we examine the effect of some factors on the expected APT impact under the NPO control. This article would be helpful to the defense against APT for cyber espionage.
MoreTranslated text
Key words
Epidemics,Organizations,Optimal control,Standards organizations,Games,Cyber espionage,Advanced persistent threat (APT),node-level epidemic model,optimal control problem,optimality system,potential optimal (PO) control,quarantine and recovery (QAR) scheme
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined