Prospect Theoretic Study of Cloud Storage Defense against Advanced Persistent Threats

Cloud storage is vulnerable to Advanced Persistent Threats (APTs), which are stealthy, continuous, well funded and targeted. In this paper, prospect theory is applied to study the interactions between a subjective cloud storage defender and a subjective APT attacker. Two subjective APT games are formulated, in which the defender chooses its interval to scan the storage device and the attacker decides its duration between launching two attacks under uncertain APT attack durations and action of the opponent, respectively. The Nash equilibria of the static subjective APT games are derived. We also study the dynamic APT game and propose a Q-learning based APT defense strategy for cloud storage. Simulation results show that the APT defense benefits from the subjective view of the attacker and the proposed defense strategy can improve detection performance with a higher utility.