In this paper, we study advanced persistent threats (APT) with an insider who has different preferences. To address the uncertainty of the insider's preference, we propose the BG-FlipIn: a Bayesian game framework for FlipIt-insider models with an investigation on malicious, inadvertent, or corrupt insiders. We calculate the closed-form Bayesian Nash Equilibrium expression and further obtain three edge cases with deterministic insiders corresponding to their Nash Equilibrium expressions. On this basis, we further discover several phenomena in APT related to the defender's move rate and cost, as well as the insider's preferences. We then provide decision-making guidance for the defender, given different parametric conditions. Two applications validate that our BG-FlipIn framework enables the defender to make decisions consistently, avoiding detecting the insider's concrete preference or adjusting its strategy frequently.
翻译:暂无翻译