BG-FlipIn: A Bayesian game framework for FlipIt-insider models in advanced persistent threats
Yang Jiao, Guanpu Chen, Yiguang Hong
TL;DR
The paper tackles APT defense when an insider's preferences are uncertain by introducing BG-FlipIn, a Bayesian game framework for FlipIt-insider models. It derives a closed-form Bayesian Nash Equilibrium and analyzes three edge-case NEs corresponding to malicious, inadvertent, and corrupt insiders, revealing how defender move rates and costs interact with insider types. The authors identify parameter intervals where the Bayesian strategy outperforms all edge-case strategies and provide decision guidance for defenders under varying priors. Two applications—simulation with unknown insider types and cloud-based remote state estimation—demonstrate that BG-FlipIn yields robust defender performance and reduced estimation error even as insider preferences evolve rapidly.
Abstract
In this paper, we study advanced persistent threats (APT) with an insider who has different preferences. To address the uncertainty of the insider's preference, we propose the BG-FlipIn: a Bayesian game framework for FlipIt-insider models with an investigation on malicious, inadvertent, or corrupt insiders. We calculate the closed-form Bayesian Nash Equilibrium expression and further obtain three edge cases with deterministic insiders corresponding to their Nash Equilibrium expressions. On this basis, we further discover several phenomena in APT related to the defender's move rate and cost, as well as the insider's preferences. We then provide decision-making guidance for the defender, given different parametric conditions. Two applications validate that our BG-FlipIn framework enables the defender to make decisions consistently, avoiding detecting the insider's concrete preference or adjusting its strategy frequently.