Understanding Bifurcation of Slow Versus Fast Cyber-Attackers

Maarten van Wieren, Christian Doerr, Vivian Jacobs, Wolter Pieters

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

Anecdotally, the distinction between fast “Smash-and-Grab‿ cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats‿ on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.
Original languageEnglish
Title of host publicationData Privacy Management and Security Assurance
Subtitle of host publication11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings
EditorsGiovanni Livraga, Vicenç Torra, Alessandro Aldini, Fabio Martinelli, Neeraj Suri
Place of PublicationCham
PublisherSpringer
Pages19-33
Number of pages15
ISBN (Electronic)978-3-319-47072-6
ISBN (Print)978-3-319-47071-9
DOIs
Publication statusPublished - 2016
Event5th International Workshop on Quantitative Aspects in Security Assurance, QASA 2016 - Heraklion, Greece
Duration: 26 Sep 201627 Sep 2016
Conference number: 5

Publication series

NameLecture notes in computer science
PublisherSpringer
Volume9963
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Workshop

Workshop5th International Workshop on Quantitative Aspects in Security Assurance, QASA 2016
Abbreviated titleQASA
CountryGreece
CityHeraklion
Period26/09/1627/09/16

Keywords

  • Information security
  • Cyber-attack
  • Smash-and-grab
  • Behavioral optimization
  • EC Grant Agreement nr.: FP7/318003
  • Economic models
  • APT
  • Bifurcation
  • EC Grant Agreement nr.: FP7/2007-2013

Cite this

van Wieren, M., Doerr, C., Jacobs, V., & Pieters, W. (2016). Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. In G. Livraga, V. Torra, A. Aldini, F. Martinelli, & N. Suri (Eds.), Data Privacy Management and Security Assurance: 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings (pp. 19-33). (Lecture notes in computer science; Vol. 9963). Cham: Springer. https://doi.org/10.1007/978-3-319-47072-6_2
van Wieren, Maarten ; Doerr, Christian ; Jacobs, Vivian ; Pieters, Wolter. / Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. Data Privacy Management and Security Assurance: 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings. editor / Giovanni Livraga ; Vicenç Torra ; Alessandro Aldini ; Fabio Martinelli ; Neeraj Suri. Cham : Springer, 2016. pp. 19-33 (Lecture notes in computer science).
@inproceedings{e31aea03408a48f0ab45f40f15d3bd66,
title = "Understanding Bifurcation of Slow Versus Fast Cyber-Attackers",
abstract = "Anecdotally, the distinction between fast “Smash-and-Grab‿ cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats‿ on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.",
keywords = "Information security, Cyber-attack, Smash-and-grab, Behavioral optimization, EC Grant Agreement nr.: FP7/318003, Economic models, APT, Bifurcation, EC Grant Agreement nr.: FP7/2007-2013",
author = "{van Wieren}, Maarten and Christian Doerr and Vivian Jacobs and Wolter Pieters",
year = "2016",
doi = "10.1007/978-3-319-47072-6_2",
language = "English",
isbn = "978-3-319-47071-9",
series = "Lecture notes in computer science",
publisher = "Springer",
pages = "19--33",
editor = "Giovanni Livraga and Vicen{\cc} Torra and Alessandro Aldini and Fabio Martinelli and Neeraj Suri",
booktitle = "Data Privacy Management and Security Assurance",

}

van Wieren, M, Doerr, C, Jacobs, V & Pieters, W 2016, Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. in G Livraga, V Torra, A Aldini, F Martinelli & N Suri (eds), Data Privacy Management and Security Assurance: 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings. Lecture notes in computer science, vol. 9963, Springer, Cham, pp. 19-33, 5th International Workshop on Quantitative Aspects in Security Assurance, QASA 2016, Heraklion, Greece, 26/09/16. https://doi.org/10.1007/978-3-319-47072-6_2

Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. / van Wieren, Maarten; Doerr, Christian; Jacobs, Vivian; Pieters, Wolter.

Data Privacy Management and Security Assurance: 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings. ed. / Giovanni Livraga; Vicenç Torra; Alessandro Aldini; Fabio Martinelli; Neeraj Suri. Cham : Springer, 2016. p. 19-33 (Lecture notes in computer science; Vol. 9963).

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Understanding Bifurcation of Slow Versus Fast Cyber-Attackers

AU - van Wieren, Maarten

AU - Doerr, Christian

AU - Jacobs, Vivian

AU - Pieters, Wolter

PY - 2016

Y1 - 2016

N2 - Anecdotally, the distinction between fast “Smash-and-Grab‿ cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats‿ on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.

AB - Anecdotally, the distinction between fast “Smash-and-Grab‿ cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats‿ on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.

KW - Information security

KW - Cyber-attack

KW - Smash-and-grab

KW - Behavioral optimization

KW - EC Grant Agreement nr.: FP7/318003

KW - Economic models

KW - APT

KW - Bifurcation

KW - EC Grant Agreement nr.: FP7/2007-2013

U2 - 10.1007/978-3-319-47072-6_2

DO - 10.1007/978-3-319-47072-6_2

M3 - Conference contribution

SN - 978-3-319-47071-9

T3 - Lecture notes in computer science

SP - 19

EP - 33

BT - Data Privacy Management and Security Assurance

A2 - Livraga, Giovanni

A2 - Torra, Vicenç

A2 - Aldini, Alessandro

A2 - Martinelli, Fabio

A2 - Suri, Neeraj

PB - Springer

CY - Cham

ER -

van Wieren M, Doerr C, Jacobs V, Pieters W. Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. In Livraga G, Torra V, Aldini A, Martinelli F, Suri N, editors, Data Privacy Management and Security Assurance: 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings. Cham: Springer. 2016. p. 19-33. (Lecture notes in computer science). https://doi.org/10.1007/978-3-319-47072-6_2