The Game of Spear and Shield in Next Era of Cybersecurity

Shanhsin Lee; Mengru Tsai; Shiuhpyng Winston Shieh

doi:10.1109/TR.2023.3342874

The Game of Spear and Shield in Next Era of Cybersecurity

Shanhsin Lee, Mengru Tsai, Shiuhpyng Winston Shieh

Research output: Contribution to journal › Article › peer-review

1 Scopus citations

Abstract

The competition between hackers and defenders is the game of spear and shield in cybersecurity. The field of cybersecurity has been studied for decades, yet it remains a severe and critical topic. One of the main reasons is the fast evolution of hacking techniques. To stay stealthy in the compromised network environment, hackers tend to use system built-in tools and legitimate software to launch the attack by imitating normal activities. These behaviors are seemingly normal but malicious, making it difficult to distinguish them from legitimate activities and leading to a high volume of false alarms raised by detection tools. Countless approaches have been proposed to address these problems. However, conventional evaluation methods for detection approaches have limited capability of handling evolving hacking techniques, thereby hindering the evaluation effectiveness in real-world network environments. The gap between the lab evaluation and real-world practice is significant and should not be overlooked. In this article, the competition between cybersecurity attacks and defenses will be introduced. The current state, approaches, and challenges from both sides will be included to illustrate the gap. Finally, research opportunities for the next era of the game of spear and shield will be proposed.

Original language	English
Pages (from-to)	1-8
Number of pages	8
Journal	IEEE Transactions on Reliability
DOIs	https://doi.org/10.1109/TR.2023.3342874
State	Accepted/In press - 2023

Keywords

Advanced persistent threat (APT)
Behavioral sciences
Computer hacking
Electronic mail
Games
Protocols
Ransomware
Synchronization
cybersecurity
evolved threat
landscape
threat generator

Access to Document

10.1109/TR.2023.3342874

Cite this

@article{3e0fa29eb2c64f3d95875c6bcd960dc8,

title = "The Game of Spear and Shield in Next Era of Cybersecurity",

abstract = "The competition between hackers and defenders is the game of spear and shield in cybersecurity. The field of cybersecurity has been studied for decades, yet it remains a severe and critical topic. One of the main reasons is the fast evolution of hacking techniques. To stay stealthy in the compromised network environment, hackers tend to use system built-in tools and legitimate software to launch the attack by imitating normal activities. These behaviors are seemingly normal but malicious, making it difficult to distinguish them from legitimate activities and leading to a high volume of false alarms raised by detection tools. Countless approaches have been proposed to address these problems. However, conventional evaluation methods for detection approaches have limited capability of handling evolving hacking techniques, thereby hindering the evaluation effectiveness in real-world network environments. The gap between the lab evaluation and real-world practice is significant and should not be overlooked. In this article, the competition between cybersecurity attacks and defenses will be introduced. The current state, approaches, and challenges from both sides will be included to illustrate the gap. Finally, research opportunities for the next era of the game of spear and shield will be proposed.",

keywords = "Advanced persistent threat (APT), Behavioral sciences, Computer hacking, Electronic mail, Games, Protocols, Ransomware, Synchronization, cybersecurity, evolved threat, landscape, threat generator",

author = "Shanhsin Lee and Mengru Tsai and Shieh, {Shiuhpyng Winston}",

note = "Publisher Copyright: IEEE",

year = "2023",

doi = "10.1109/TR.2023.3342874",

language = "English",

pages = "1--8",

journal = "IEEE Transactions on Reliability",

issn = "0018-9529",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - The Game of Spear and Shield in Next Era of Cybersecurity

AU - Lee, Shanhsin

AU - Tsai, Mengru

AU - Shieh, Shiuhpyng Winston

N1 - Publisher Copyright: IEEE

PY - 2023

Y1 - 2023

N2 - The competition between hackers and defenders is the game of spear and shield in cybersecurity. The field of cybersecurity has been studied for decades, yet it remains a severe and critical topic. One of the main reasons is the fast evolution of hacking techniques. To stay stealthy in the compromised network environment, hackers tend to use system built-in tools and legitimate software to launch the attack by imitating normal activities. These behaviors are seemingly normal but malicious, making it difficult to distinguish them from legitimate activities and leading to a high volume of false alarms raised by detection tools. Countless approaches have been proposed to address these problems. However, conventional evaluation methods for detection approaches have limited capability of handling evolving hacking techniques, thereby hindering the evaluation effectiveness in real-world network environments. The gap between the lab evaluation and real-world practice is significant and should not be overlooked. In this article, the competition between cybersecurity attacks and defenses will be introduced. The current state, approaches, and challenges from both sides will be included to illustrate the gap. Finally, research opportunities for the next era of the game of spear and shield will be proposed.

AB - The competition between hackers and defenders is the game of spear and shield in cybersecurity. The field of cybersecurity has been studied for decades, yet it remains a severe and critical topic. One of the main reasons is the fast evolution of hacking techniques. To stay stealthy in the compromised network environment, hackers tend to use system built-in tools and legitimate software to launch the attack by imitating normal activities. These behaviors are seemingly normal but malicious, making it difficult to distinguish them from legitimate activities and leading to a high volume of false alarms raised by detection tools. Countless approaches have been proposed to address these problems. However, conventional evaluation methods for detection approaches have limited capability of handling evolving hacking techniques, thereby hindering the evaluation effectiveness in real-world network environments. The gap between the lab evaluation and real-world practice is significant and should not be overlooked. In this article, the competition between cybersecurity attacks and defenses will be introduced. The current state, approaches, and challenges from both sides will be included to illustrate the gap. Finally, research opportunities for the next era of the game of spear and shield will be proposed.

KW - Advanced persistent threat (APT)

KW - Behavioral sciences

KW - Computer hacking

KW - Electronic mail

KW - Games

KW - Protocols

KW - Ransomware

KW - Synchronization

KW - cybersecurity

KW - evolved threat

KW - landscape

KW - threat generator

UR - http://www.scopus.com/inward/record.url?scp=85181556162&partnerID=8YFLogxK

U2 - 10.1109/TR.2023.3342874

DO - 10.1109/TR.2023.3342874

M3 - Article

AN - SCOPUS:85181556162

SN - 0018-9529

SP - 1

EP - 8

JO - IEEE Transactions on Reliability

JF - IEEE Transactions on Reliability

ER -

The Game of Spear and Shield in Next Era of Cybersecurity

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this