Mathew Nicho
A system dynamics approach to evaluate advanced persistent threat vectors.
Nicho, Mathew; McDermott, Christopher D.; Fakhry, Hussein; Girija, Shini
Abstract
Cyber-attacks targeting high-profile entities are focused, persistent, and employ common vectors with varying levels of sophistication to exploit social-technical vulnerabilities. Advanced persistent threats (APTs) deploy zero-day malware against such targets to gain entry through multiple security layers, exploiting the dynamic interplay of vulnerabilities in the target network. System dynamics (SD) offers an alternative approach to analyze non-linear, complex, and dynamic social-technical systems. This research applied SD to three high-profile APT attacks - Equifax, Carphone, and Zomato - to identify and simulate socio-technical variables leading to breaches. By modeling APTs using SD, managers can evaluate threats, predict attacks, and reduce damage by mitigating specific socio-technical cues. This study provides valuable insights into the dynamics of cyber threats, making it the first to apply SD to APTs.
Citation
NICHO, M., MCDERMOTT, C.D., FAKHRY, H. and GIRIJA, S. 2023. A system dynamics approach to evaluate advanced persistent threat vectors. International journal of information security and privacy [online], 17(1), pages 1-23. Available from: https://doi.org/10.4018/IJISP.324064
Journal Article Type | Article |
---|---|
Acceptance Date | Jun 16, 2023 |
Online Publication Date | Jun 16, 2023 |
Publication Date | Jun 30, 2023 |
Deposit Date | Jun 23, 2023 |
Publicly Available Date | Jun 23, 2023 |
Journal | International journal of information security and privacy |
Print ISSN | 1930-1650 |
Electronic ISSN | 1930-1669 |
Publisher | IGI Global |
Peer Reviewed | Peer Reviewed |
Volume | 17 |
Issue | 1 |
Pages | 1-23 |
DOI | https://doi.org/10.4018/IJISP.324064 |
Keywords | Advanced persistent threats; Cyberattacks; Cyberthreats; Data breach; Systems dynamics |
Public URL | https://rgu-repository.worktribe.com/output/1993652 |
Files
NICHO 2023 A system dynamics approach (VOR)
(1.1 Mb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by/4.0/
You might also like
A crime scene reconstruction for digital forensic analysis: an SUV case study.
(2023)
Journal Article
Towards situational awareness of botnet activity in the Internet of Things
(2018)
Presentation / Conference Contribution
Botnet detection in the Internet of Things using deep learning approaches.
(2018)
Presentation / Conference Contribution