Dynamic defense strategy against advanced persistent threat under heterogeneous networks.

Highlights • A mixed strategy game-based malicious nodes detection is proposed. • A data fusion method NetF is proposed to fuse data obtained from different networks. • An excellent performance is shown by NetF in experiments. • Our algorithm can plan the best defense strategy to nodes at different times. Abstract Advanced persistent threats (APTs) pose a grave threat in cyberspace because of their long latency and concealment. In this paper, we propose a hybrid strategy game-based dynamic defense model to optimally allocate constrained secure resources for the target network. In addition, values of profits of players in this game are computed by a novel data-fusion method called NetF. Based on network protocols and log documents, the NetF deciphers data packets collected from different networks to natural language to make them comparable. Using this algorithm, data observed from the Internet and wireless sensor networks (WSNs) can be fused to calculate the comprehensive payoff of every node precisely. The Nash equilibrium can be computed using the value to detect the possibility of a node being a malicious node. Using this method, the dynamic optimal defense strategy can be allocated to every node at different times, which enhances the security of the target network obviously. In experiments, we illustrate the obtained results via case studies of a cluster of heterogeneous networks. The results guide planning of optimal defense strategies for different kinds of nodes at different times. [ABSTRACT FROM AUTHOR]