The advanced persistent threat (APT) as a new kind of cyber attack has posed a severe threat to modern organizations. When the APT has been detected, the organization has to deal with the APT response problem, i.e., to allocate the available response resources to fix her insecure hosts so as to mitigate her potential loss. This paper addresses the APT response problem by using the risk management approach. First, we introduce a model characterizing the evolution of the organization's expected state. By analyzing this model, we find the organization's expected state approaches a common limit expected state. Then, we use the organization's expected loss per unit time to measure her potential loss, and we find this measure is determined by the organization's limit expected state. On this basis, we model the APT response problem as a game-theoretic problem (the APT response game) in which the organization seeks a Nash equilibrium. We present a greedy algorithm for solving the game. Comparative experiments show that the algorithm is effective. Therefore, we recommend the response strategy generated by performing the algorithm. These findings contribute to defending against the APT. To our knowledge, this is the first time the APT response problem is addressed.

• 出版日期2020-11-1
• 单位北京航空航天大学; 重庆大学