Abstract
Anecdotally, the distinction between fast “Smash-and-Grab‿ cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats‿ on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.
Original language | English |
---|---|
Title of host publication | Data Privacy Management and Security Assurance |
Subtitle of host publication | 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings |
Editors | Giovanni Livraga, Vicenç Torra, Alessandro Aldini, Fabio Martinelli, Neeraj Suri |
Place of Publication | Cham |
Publisher | Springer |
Pages | 19-33 |
Number of pages | 15 |
ISBN (Electronic) | 978-3-319-47072-6 |
ISBN (Print) | 978-3-319-47071-9 |
DOIs | |
Publication status | Published - 2016 |
Event | 5th International Workshop on Quantitative Aspects in Security Assurance, QASA 2016 - Heraklion, Greece Duration: 26 Sep 2016 → 27 Sep 2016 Conference number: 5 |
Publication series
Name | Lecture notes in computer science |
---|---|
Publisher | Springer |
Volume | 9963 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Workshop
Workshop | 5th International Workshop on Quantitative Aspects in Security Assurance, QASA 2016 |
---|---|
Abbreviated title | QASA |
Country | Greece |
City | Heraklion |
Period | 26/09/16 → 27/09/16 |
Keywords
- Information security
- Cyber-attack
- Smash-and-grab
- Behavioral optimization
- EC Grant Agreement nr.: FP7/318003
- Economic models
- APT
- Bifurcation
- EC Grant Agreement nr.: FP7/2007-2013