An Intelligence-Driven Security-Aware Defense Mechanism for Advanced Persistent Threats

摘要

Combined with many different attack forms, advanced persistent threats (APTs) are becoming a major threat to cyber security. Existing security protection works typically either focus on one-shot case, or separate detection from response decisions. Such practices lead to tractable analysis, but miss key inherent APTs persistence and risk heterogeneity. To this end, we propose a Lyapunov-based security-aware defense mechanism backed by threat intelligence, where robust defense strategy-making is based on acquired heterogeneity knowledge. By exploring temporal evolution of risk level, we introduce priority-aware virtual queues, which together with attack queues, enable security-aware response among hosts. Specifically, a long-term time average profit maximization problem is formulated. We first develop risk admission control policy to accommodate hosts’ risk tolerance and response capacity. Under multiple attacker resources, defense control policy is implemented on two-stage decisions, involving proportional fair resource allocation and host-attack assignment. In particular, distributed auction-based assignment algorithm is designed to capture uncertainty in the number of resolved attacks, where high-risk host-attack pairs are prioritized over others. We theoretically prove our mechanism can guarantee bounded queue backlogs, profit optimality, no underflow condition, and robustness to detection errors. Simulations on real-world data set corroborate theoretical analysis and reveal the importance of security awareness.