Understanding Bifurcation of Slow Versus Fast Cyber-Attackers

Maarten van Wieren, Christian Doerr, Vivian Jacobs, Wolter Pieters

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review


    Anecdotally, the distinction between fast “Smash-and-Grab‿ cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats‿ on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.
    Original languageEnglish
    Title of host publicationData Privacy Management and Security Assurance
    Subtitle of host publication11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings
    EditorsGiovanni Livraga, Vicenç Torra, Alessandro Aldini, Fabio Martinelli, Neeraj Suri
    Place of PublicationCham
    Number of pages15
    ISBN (Electronic)978-3-319-47072-6
    ISBN (Print)978-3-319-47071-9
    Publication statusPublished - 2016
    Event5th International Workshop on Quantitative Aspects in Security Assurance, QASA 2016 - Heraklion, Greece
    Duration: 26 Sep 201627 Sep 2016
    Conference number: 5

    Publication series

    NameLecture notes in computer science
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349


    Workshop5th International Workshop on Quantitative Aspects in Security Assurance, QASA 2016
    Abbreviated titleQASA


    • Information security
    • Cyber-attack
    • Smash-and-grab
    • Behavioral optimization
    • EC Grant Agreement nr.: FP7/318003
    • Economic models
    • APT
    • Bifurcation
    • EC Grant Agreement nr.: FP7/2007-2013


    Dive into the research topics of 'Understanding Bifurcation of Slow Versus Fast Cyber-Attackers'. Together they form a unique fingerprint.

    Cite this