Security Defense against Long-term and Stealthy Cyberattacks (Working Paper)

Kookyoung Han, Choi, Jin Hyuk, Yun-Sik Choi, Gene Moo Lee, Andrew B. Whinston (2021) “Security Defense against Long-term and Stealthy Cyberattacks”. Working Paper.

  • Latest version: Dec 2021
  • Funded by NSF (Award #1718600) and UNIST
  • Best Paper Award at KrAIS 2017
  • Presented at UT Austin (2017), UNIST (2017), INFORMS (Houston, TX 2017), CIST (Houston, TX 2017), WITS (Seoul, Korea 2017), and KrAIS (Seoul, Korea 2017)
  • Previous titles:
    • Misinformation and Optimal Time to Detect
    • Optimal Stopping and Strategic Espionage
    • To Disconnect or Not: A Cybersecurity Game

Modern cyberattacks such as advanced persistent threats have become sophisticated. Hackers can stay undetected for an extended time and defenders do not have sufficient countermeasures to prevent advanced cyberattacks. Reflecting on this phenomenon, we propose a game-theoretic model in which a hacker launches stealthy cyberattacks for a long time and a defender’s actions are to monitor the activities and to disable a suspicious user. Damages caused by the hacker can be enormous if the defender does not immediately ban a suspicious user under certain circumstances, which can explain the emerging sophisticated cyberattacks with detrimental consequences. Our model also predicts that the hacker may opt to be behavioral to avoid the worst cases. This is because behavioral cyberattacks are less threatening and the defender decides not to immediately block a suspicious user to reduce the cost of false detection.