Understanding Bifurcation of Slow Versus Fast Cyber-Attackers

Maarten van Wieren; Christian Doerr; Vivian Jacobs; Wolter Pieters

doi:10.1007/978-3-319-47072-6_2

Understanding Bifurcation of Slow Versus Fast Cyber-Attackers

Maarten van Wieren, Christian Doerr, Vivian Jacobs, Wolter Pieters

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Anecdotally, the distinction between fast “Smash-and-Grab‿ cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats‿ on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.

Original language	English
Title of host publication	Data Privacy Management and Security Assurance
Subtitle of host publication	11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings
Editors	Giovanni Livraga, Vicenç Torra, Alessandro Aldini, Fabio Martinelli, Neeraj Suri
Place of Publication	Cham
Publisher	Springer
Pages	19-33
Number of pages	15
ISBN (Electronic)	978-3-319-47072-6
ISBN (Print)	978-3-319-47071-9
DOIs	https://doi.org/10.1007/978-3-319-47072-6_2
Publication status	Published - 2016
Event	5th International Workshop on Quantitative Aspects in Security Assurance, QASA 2016 - Heraklion, Greece Duration: 26 Sep 2016 → 27 Sep 2016 Conference number: 5

Publication series

Name	Lecture notes in computer science
Publisher	Springer
Volume	9963
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Workshop

Workshop	5th International Workshop on Quantitative Aspects in Security Assurance, QASA 2016
Abbreviated title	QASA
Country	Greece
City	Heraklion
Period	26/09/16 → 27/09/16

Keywords

Information security
Cyber-attack
Smash-and-grab
Behavioral optimization
EC Grant Agreement nr.: FP7/318003
Economic models
APT
Bifurcation
EC Grant Agreement nr.: FP7/2007-2013

Access to Document

10.1007/978-3-319-47072-6_2

Cite this

van Wieren, M., Doerr, C., Jacobs, V., & Pieters, W. (2016). Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. In G. Livraga, V. Torra, A. Aldini, F. Martinelli, & N. Suri (Eds.), Data Privacy Management and Security Assurance: 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings (pp. 19-33). (Lecture notes in computer science; Vol. 9963). Cham: Springer. https://doi.org/10.1007/978-3-319-47072-6_2

van Wieren, Maarten ; Doerr, Christian ; Jacobs, Vivian ; Pieters, Wolter. / Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. Data Privacy Management and Security Assurance: 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings. editor / Giovanni Livraga ; Vicenç Torra ; Alessandro Aldini ; Fabio Martinelli ; Neeraj Suri. Cham : Springer, 2016. pp. 19-33 (Lecture notes in computer science).

@inproceedings{e31aea03408a48f0ab45f40f15d3bd66,

title = "Understanding Bifurcation of Slow Versus Fast Cyber-Attackers",

abstract = "Anecdotally, the distinction between fast “Smash-and-Grab‿ cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats‿ on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.",

keywords = "Information security, Cyber-attack, Smash-and-grab, Behavioral optimization, EC Grant Agreement nr.: FP7/318003, Economic models, APT, Bifurcation, EC Grant Agreement nr.: FP7/2007-2013",

author = "{van Wieren}, Maarten and Christian Doerr and Vivian Jacobs and Wolter Pieters",

year = "2016",

doi = "10.1007/978-3-319-47072-6_2",

language = "English",

isbn = "978-3-319-47071-9",

series = "Lecture notes in computer science",

publisher = "Springer",

pages = "19--33",

editor = "Giovanni Livraga and Vicen{\cc} Torra and Alessandro Aldini and Fabio Martinelli and Neeraj Suri",

booktitle = "Data Privacy Management and Security Assurance",

}

van Wieren, M, Doerr, C, Jacobs, V & Pieters, W 2016, Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. in G Livraga, V Torra, A Aldini, F Martinelli & N Suri (eds), Data Privacy Management and Security Assurance: 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings. Lecture notes in computer science, vol. 9963, Springer, Cham, pp. 19-33, 5th International Workshop on Quantitative Aspects in Security Assurance, QASA 2016, Heraklion, Greece, 26/09/16. https://doi.org/10.1007/978-3-319-47072-6_2

Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. / van Wieren, Maarten; Doerr, Christian; Jacobs, Vivian; Pieters, Wolter.

Data Privacy Management and Security Assurance: 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings. ed. / Giovanni Livraga; Vicenç Torra; Alessandro Aldini; Fabio Martinelli; Neeraj Suri. Cham : Springer, 2016. p. 19-33 (Lecture notes in computer science; Vol. 9963).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Understanding Bifurcation of Slow Versus Fast Cyber-Attackers

AU - van Wieren, Maarten

AU - Doerr, Christian

AU - Jacobs, Vivian

AU - Pieters, Wolter

PY - 2016

Y1 - 2016

N2 - Anecdotally, the distinction between fast “Smash-and-Grab‿ cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats‿ on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.

AB - Anecdotally, the distinction between fast “Smash-and-Grab‿ cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats‿ on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.

KW - Information security

KW - Cyber-attack

KW - Smash-and-grab

KW - Behavioral optimization

KW - EC Grant Agreement nr.: FP7/318003

KW - Economic models

KW - APT

KW - Bifurcation

KW - EC Grant Agreement nr.: FP7/2007-2013

U2 - 10.1007/978-3-319-47072-6_2

DO - 10.1007/978-3-319-47072-6_2

M3 - Conference contribution

SN - 978-3-319-47071-9

T3 - Lecture notes in computer science

SP - 19

EP - 33

BT - Data Privacy Management and Security Assurance

A2 - Livraga, Giovanni

A2 - Torra, Vicenç

A2 - Aldini, Alessandro

A2 - Martinelli, Fabio

A2 - Suri, Neeraj

PB - Springer

CY - Cham

ER -

van Wieren M, Doerr C, Jacobs V, Pieters W. Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. In Livraga G, Torra V, Aldini A, Martinelli F, Suri N, editors, Data Privacy Management and Security Assurance: 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings. Cham: Springer. 2016. p. 19-33. (Lecture notes in computer science). https://doi.org/10.1007/978-3-319-47072-6_2