Understanding bifurcation of slow versus fast cyber-attackers

Maarten van Wieren; Christian Doerr; Vivian Jacobs; Wolter Pieters

doi:10.1007/978-3-319-47072-6_2

Understanding bifurcation of slow versus fast cyber-attackers

Maarten van Wieren, Christian Doerr, Vivian Jacobs, Wolter Pieters

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

1 Citation (Scopus)

Abstract

Anecdotally, the distinction between fast “Smash-and-Grab” cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats” on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.

Original language	English
Title of host publication	Data Privacy Management and Security Assurance
Subtitle of host publication	11th International Workshop DPM 2016 and 5th International Workshop QASA 2016
Editors	G Livraga , V. Torra, A. Aldini, F. Martinelli, N. Suri
Place of Publication	Cham
Publisher	Springer
Pages	19-33
Number of pages	15
ISBN (Electronic)	978-3-319-47072-6
ISBN (Print)	978-3-319-47071-9
DOIs	https://doi.org/10.1007/978-3-319-47072-6_2
Publication status	Published - 2016
Event	International Workshop on Data Privacy Management International Workshop on Quantitative Aspects in Security Assurance: Data Privacy Management and Security Assurance - Heraklion, Greece Duration: 26 Sept 2016 → 27 Sept 2016 Conference number: 9963

Publication series

Name	Lecture notes in computer science
Publisher	Springer
Volume	9963
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	International Workshop on Data Privacy Management International Workshop on Quantitative Aspects in Security Assurance
Abbreviated title	DPM QASA 2016
Country/Territory	Greece
City	Heraklion
Period	26/09/16 → 27/09/16

Keywords

APT
Behavioral optimization
Bifurcation
Cyber-attack
Economic models
Information security
Smash-and-grab

Access to Document

10.1007/978-3-319-47072-6_2

Cite this

van Wieren, M., Doerr, C., Jacobs, V., & Pieters, W. (2016). Understanding bifurcation of slow versus fast cyber-attackers. In G. Livraga , V. Torra, A. Aldini, F. Martinelli, & N. Suri (Eds.), Data Privacy Management and Security Assurance: 11th International Workshop DPM 2016 and 5th International Workshop QASA 2016 (pp. 19-33). (Lecture notes in computer science; Vol. 9963). Springer. https://doi.org/10.1007/978-3-319-47072-6_2

van Wieren, Maarten ; Doerr, Christian ; Jacobs, Vivian et al. / Understanding bifurcation of slow versus fast cyber-attackers. Data Privacy Management and Security Assurance: 11th International Workshop DPM 2016 and 5th International Workshop QASA 2016. editor / G Livraga ; V. Torra ; A. Aldini ; F. Martinelli ; N. Suri. Cham : Springer, 2016. pp. 19-33 (Lecture notes in computer science).

@inproceedings{422e5f185d39421fbfdacf49a9377dbc,

title = "Understanding bifurcation of slow versus fast cyber-attackers",

abstract = "Anecdotally, the distinction between fast “Smash-and-Grab” cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats” on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.",

keywords = "APT, Behavioral optimization, Bifurcation, Cyber-attack, Economic models, Information security, Smash-and-grab",

author = "{van Wieren}, Maarten and Christian Doerr and Vivian Jacobs and Wolter Pieters",

year = "2016",

doi = "10.1007/978-3-319-47072-6_2",

language = "English",

isbn = "978-3-319-47071-9",

series = "Lecture notes in computer science",

publisher = "Springer",

pages = "19--33",

editor = "{Livraga }, G and V. Torra and A. Aldini and F. Martinelli and N. Suri",

booktitle = "Data Privacy Management and Security Assurance",

note = "International Workshop on Data Privacy Management International Workshop on Quantitative Aspects in Security Assurance : Data Privacy Management and Security Assurance, DPM QASA 2016 ; Conference date: 26-09-2016 Through 27-09-2016",

}

van Wieren, M, Doerr, C, Jacobs, V & Pieters, W 2016, Understanding bifurcation of slow versus fast cyber-attackers. in G Livraga , V Torra, A Aldini, F Martinelli & N Suri (eds), Data Privacy Management and Security Assurance: 11th International Workshop DPM 2016 and 5th International Workshop QASA 2016. Lecture notes in computer science, vol. 9963, Springer, Cham, pp. 19-33, International Workshop on Data Privacy Management International Workshop on Quantitative Aspects in Security Assurance, Heraklion, Greece, 26/09/16. https://doi.org/10.1007/978-3-319-47072-6_2

Understanding bifurcation of slow versus fast cyber-attackers. / van Wieren, Maarten; Doerr, Christian; Jacobs, Vivian et al.
Data Privacy Management and Security Assurance: 11th International Workshop DPM 2016 and 5th International Workshop QASA 2016. ed. / G Livraga ; V. Torra; A. Aldini; F. Martinelli; N. Suri. Cham: Springer, 2016. p. 19-33 (Lecture notes in computer science; Vol. 9963).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Understanding bifurcation of slow versus fast cyber-attackers

AU - van Wieren, Maarten

AU - Doerr, Christian

AU - Jacobs, Vivian

AU - Pieters, Wolter

N1 - Conference code: 9963

PY - 2016

Y1 - 2016

N2 - Anecdotally, the distinction between fast “Smash-and-Grab” cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats” on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.

AB - Anecdotally, the distinction between fast “Smash-and-Grab” cyber-attacks on the one hand and slow attacks or “Advanced Persistent Threats” on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.

KW - APT

KW - Behavioral optimization

KW - Bifurcation

KW - Cyber-attack

KW - Economic models

KW - Information security

KW - Smash-and-grab

UR - http://www.scopus.com/inward/record.url?scp=84990031682&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-47072-6_2

DO - 10.1007/978-3-319-47072-6_2

M3 - Conference contribution

AN - SCOPUS:84990031682

SN - 978-3-319-47071-9

T3 - Lecture notes in computer science

SP - 19

EP - 33

BT - Data Privacy Management and Security Assurance

A2 - Livraga , G

A2 - Torra, V.

A2 - Aldini, A.

A2 - Martinelli, F.

A2 - Suri, N.

PB - Springer

CY - Cham

T2 - International Workshop on Data Privacy Management International Workshop on Quantitative Aspects in Security Assurance

Y2 - 26 September 2016 through 27 September 2016

ER -

van Wieren M, Doerr C, Jacobs V, Pieters W. Understanding bifurcation of slow versus fast cyber-attackers. In Livraga G, Torra V, Aldini A, Martinelli F, Suri N, editors, Data Privacy Management and Security Assurance: 11th International Workshop DPM 2016 and 5th International Workshop QASA 2016. Cham: Springer. 2016. p. 19-33. (Lecture notes in computer science). doi: 10.1007/978-3-319-47072-6_2

Understanding bifurcation of slow versus fast cyber-attackers

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cybersecurity (TPM)

Cite this

Understanding bifurcation of slow versus fast cyber-attackers

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Projects

Cybersecurity (TPM)

Cite this