Mitigating the Risk of Advanced Cyber-Attackers

Ohad Barzilay; Asher Tishler (College of Management); Amitai Gilad  


This study develops defense strategies against sophisticated and well-funded cyber-attacks (such as Advanced Persistent Threats, APT) that can cause extensive damage to major organizations. We develop and analyze a game between a cyber-attacker and a defender operating a network that manages a large organization (such as a bank or an electric utility) in which the defender moves first and deploys blocking and/or detection measures to protect her network from cyber-attacks. Then, the attacker, who has learned the network structure and defense profile, attempts to deliver the maximal flow of malicious elements to a target node, possibly by investing in R&D to avoid detection and bypass blocks.

We pose the following research questions:

1. How should the risk of advanced cyber-attacks be incorporated into the defenders’ decision-making process?

2. Whether and how do optimal defense strategies against advanced cyber-attacks differ from common practices?

3. How intrinsic considerations, such as the characteristics of various cyber-technologies and the network structure, affect the attackers’ R&D processes and operational efforts?

4. Is it advantageous for several organizations, which may or may not be competitors in the same marketplace, to cooperate in defending against advanced cyber-attacks?

We expect the following major contributions:

1. To define and analyze advanced cyber-attackers’ strategic decision-making by incorporating the attacker’s desired volume of malicious flow and R&D investment, as well as the intrinsic characteristics of defense measures, the players’ budgets and costs. Our models will account for the attacker’s strategy and reaction to various defenders’ strategies.

2. To propose an organizational defense approach for allocating resources to cyber-defense technologies in networks, in an attempt to mitigate the risk of advanced cyber-attacks.

3. We expect to advance the body of knowledge regarding the value of defenders’ deterrence and deceit efforts, which is a growing trend in mitigating such risks in practice.

4. We expect to shed some light on regulatory measures in a country's defense against APT.

Tel Aviv University makes every effort to respect copyright. If you own copyright to the content contained here and / or the use of such content is in your opinion infringing, Contact us as soon as possible >>
Tel Aviv University, P.O. Box 39040, Tel Aviv 6997801, Israel
UI/UX Basch_Interactive