Portal de Periódicos da CAPES

A Quantitative Security Risk Analysis Framework for Modelling and Analyzing Advanced Persistent Threats

2021; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-030-70881-8_3

1611-3349

Rajesh Kumar, Siddhant Singh, Rohan Kela,

Network Security and Intrusion Detection

Advanced persistent threats (APTs) are different from other computer-based attacks in their target selection, attack technique, and malicious motive. Distinct from script kiddie attacks, these attacks target critical systems to inflict maximum damage, such as to stall critical industrial processes. Standard defenses against APT attack is to deploy security mechanisms that are typically reminiscent of enterprise defense systems such as firewalls, intrusion detection systems, etc. However, given the nature and attack potential of APT attacks, one cannot rely on these security mechanisms alone as they are susceptible to failure, false alarms, and interfere with usability. A yet another problem is to decide on which mechanisms to deploy and at which points to offer maximum coverage against attacks. We believe, given the unique characteristics of APT attacks, one needs a robust and layered defense to protect against APT by timely detection, prevention, mitigation, and emergency plan. One such objective way to determine the countermeasures' efficacy is by modeling and simulating attack behaviour.