Understanding Bifurcation of Slow Versus Fast Cyber-Attackers
|Title||Understanding Bifurcation of Slow Versus Fast Cyber-Attackers|
|Publication Type||Conference Paper|
|Year of Publication||2016|
|Authors||van Wieren M., Doerr C., Jacobs V., Pieters W.|
|Conference Name||11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Greece|
|Keywords||APT, Behavioral optimization, Bifurcation, Cyber-attack, Economic models, Information Security, Smash-and-Grab|
Anecdotally, the distinction between fast ?Smash-and-Grab? cyber-attacks on the one hand and slow attacks or ?Advanced Persistent Threats? on the other hand is well known. In this article, we provide an explanation for this phenomenon as the outcome of an optimization from the perspective of the attacker. To this end, we model attacks as an interaction between an attacker and a defender and infer the two types of behavior observed based on justifiable assumptions on key variables such as detection thresholds. On the basis of our analysis, it follows that bi-modal detection capabilities are optimal.