Understanding bifurcation of slow versus fast cyber-attackers

Maarten van Wieren, Christian Doerr, Vivian Jacobs, Wolter Pieters

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

Abstract

Anecdotally, the distinction between fast “Smash-and-Grab” cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats” on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.
Original languageEnglish
Title of host publicationData Privacy Management and Security Assurance
Subtitle of host publication11th International Workshop DPM 2016 and 5th International Workshop QASA 2016
EditorsG Livraga , V. Torra, A. Aldini, F. Martinelli, N. Suri
Place of PublicationCham
PublisherSpringer
Pages19-33
Number of pages15
ISBN (Electronic)978-3-319-47072-6
ISBN (Print)978-3-319-47071-9
DOIs
Publication statusPublished - 2016
EventInternational Workshop on Data Privacy Management International Workshop on Quantitative Aspects in Security Assurance: Data Privacy Management and Security Assurance - Heraklion, Greece
Duration: 26 Sep 201627 Sep 2016
Conference number: 9963

Publication series

NameLecture notes in computer science
PublisherSpringer
Volume9963
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInternational Workshop on Data Privacy Management International Workshop on Quantitative Aspects in Security Assurance
Abbreviated titleDPM QASA 2016
CountryGreece
CityHeraklion
Period26/09/1627/09/16

Keywords

  • APT
  • Behavioral optimization
  • Bifurcation
  • Cyber-attack
  • Economic models
  • Information security
  • Smash-and-grab

Fingerprint Dive into the research topics of 'Understanding bifurcation of slow versus fast cyber-attackers'. Together they form a unique fingerprint.

Cite this