Understanding Bifurcation of Slow Versus Fast Cyber-Attackers

TitleUnderstanding Bifurcation of Slow Versus Fast Cyber-Attackers
Publication TypeConference Paper
Year of Publication2016
Authorsvan Wieren M., Doerr C., Jacobs V., Pieters W.
Conference Name11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Greece
PublisherSpringer Verlag
Conference LocationLondon
KeywordsAPT, Behavioral optimization, Bifurcation, Cyber-attack, Economic models, Information Security, Smash-and-Grab

Anecdotally, the distinction between fast ?Smash-and-Grab? cyber-attacks on the one hand and slow attacks or ?Advanced Persistent Threats? on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.