The Game of Spear and Shield in Next Era of Cybersecurity

The competition between hackers and defenders is the game of spear and shield in cybersecurity. The field of cybersecurity has been studied for decades, yet it remains a severe and critical topic. One of the main reasons is the fast evolution of hacking techniques. To stay stealthy in the compromised network environment, hackers tend to use system built-in tools and legitimate software to launch the attack by imitating normal activities. These behaviors are seemingly normal but malicious, making it difficult to distinguish them from legitimate activities and leading to a high volume of false alarms raised by detection tools. Countless approaches have been proposed to address these problems. However, conventional evaluation methods for detection approaches have limited capability of handling evolving hacking techniques, thereby hindering the evaluation effectiveness in real-world network environments. The gap between the lab evaluation and real-world practice is significant and should not be overlooked. In this article, the competition between cybersecurity attacks and defenses will be introduced. The current state, approaches, and challenges from both sides will be included to illustrate the gap. Finally, research opportunities for the next era of the game of spear and shield will be proposed.