Surviving Advanced Persistent Threats - a Framework and Analysis

Designing robust mission-critical systems demands bringing together fault tolerance and security. The emergence of advanced persistent threats (APT) has further added to the challenge of meeting mission assurance goals. Despite the advances in mission survivability, the existing solutions remain ineffective against APTs. In this paper, we propose a novel survivability framework against APTs in a distributed environment. It involves tamper-resistant and surreptitious detection and node-to-node verification of suspicious events. The solution aims to identify attacker intent, objectives and strategies (AIOS) and to design targeted recoveries that promote survivability. Its security strength has been theoretically analyzed, while the performance and scalability aspects are measured via simulation. Our simulations demonstrate high scalability with respect to network size and application runtime and the time overhead for long running applications can be easily kept under 1% of original runtime by carefully adjusting the security strength.