{"id":"https://openalex.org/W2900929178","doi":"https://doi.org/10.1109/tac.2020.2976040","title":"A Game-Theoretic Approach for Dynamic Information Flow Tracking to Detect Multistage Advanced Persistent Threats","display_name":"A Game-Theoretic Approach for Dynamic Information Flow Tracking to Detect Multistage Advanced Persistent Threats","publication_year":2020,"publication_date":"2020-02-24","ids":{"openalex":"https://openalex.org/W2900929178","doi":"https://doi.org/10.1109/tac.2020.2976040","mag":"2900929178"},"language":"en","primary_location":{"id":"doi:10.1109/tac.2020.2976040","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tac.2020.2976040","pdf_url":null,"source":{"id":"https://openalex.org/S184954342","display_name":"IEEE Transactions on Automatic Control","issn_l":"0018-9286","issn":["0018-9286","1558-2523","2334-3303"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Automatic Control","raw_type":"journal-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1811.05622","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087007662","display_name":"Shana Moothedath","orcid":"https://orcid.org/0000-0001-6091-2384"},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shana Moothedath","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA"],"raw_orcid":"https://orcid.org/0000-0001-6091-2384","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA","institution_ids":["https://openalex.org/I201448701"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033433868","display_name":"Dinuka Sahabandu","orcid":"https://orcid.org/0000-0001-7776-7865"},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dinuka Sahabandu","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA","institution_ids":["https://openalex.org/I201448701"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007487580","display_name":"Joey Allen","orcid":"https://orcid.org/0000-0002-5503-4123"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Joey Allen","raw_affiliation_strings":["College of Computing, Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0002-5503-4123","affiliations":[{"raw_affiliation_string":"College of Computing, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004774385","display_name":"Andrew Clark","orcid":"https://orcid.org/0000-0002-5868-6186"},"institutions":[{"id":"https://openalex.org/I107077323","display_name":"Worcester Polytechnic Institute","ror":"https://ror.org/05ejpqr48","country_code":"US","type":"education","lineage":["https://openalex.org/I107077323"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Andrew Clark","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Worcester Polytechnic Institute, Worcester, MA, USA"],"raw_orcid":"https://orcid.org/0000-0002-5868-6186","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Worcester Polytechnic Institute, Worcester, MA, USA","institution_ids":["https://openalex.org/I107077323"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003489427","display_name":"Linda Bushnell","orcid":"https://orcid.org/0000-0002-8751-2409"},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Linda Bushnell","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA"],"raw_orcid":"https://orcid.org/0000-0002-8751-2409","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA","institution_ids":["https://openalex.org/I201448701"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047140382","display_name":"Wenke Lee","orcid":"https://orcid.org/0000-0003-2761-1277"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenke Lee","raw_affiliation_strings":["College of Computing, Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0003-2761-1277","affiliations":[{"raw_affiliation_string":"College of Computing, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5079723268","display_name":"Radha Poovendran","orcid":"https://orcid.org/0000-0003-0269-8097"},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Radha Poovendran","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA"],"raw_orcid":"https://orcid.org/0000-0003-0269-8097","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Washington, Seattle, WA, USA","institution_ids":["https://openalex.org/I201448701"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.1621,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.50123622,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"65","issue":"12","first_page":"5248","last_page":"5263"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7567759156227112},{"id":"https://openalex.org/keywords/nash-equilibrium","display_name":"Nash equilibrium","score":0.5357462763786316},{"id":"https://openalex.org/keywords/sequential-game","display_name":"Sequential game","score":0.5135748386383057},{"id":"https://openalex.org/keywords/complete-information","display_name":"Complete information","score":0.5052693486213684},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.488943487405777},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4600754380226135},{"id":"https://openalex.org/keywords/information-flow","display_name":"Information flow","score":0.44230854511260986},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.42795392870903015},{"id":"https://openalex.org/keywords/game-theory","display_name":"Game theory","score":0.4218416213989258},{"id":"https://openalex.org/keywords/repeated-game","display_name":"Repeated game","score":0.4170495867729187},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3684922456741333},{"id":"https://openalex.org/keywords/mathematical-optimization","display_name":"Mathematical optimization","score":0.22794079780578613},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.12578356266021729}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7567759156227112},{"id":"https://openalex.org/C46814582","wikidata":"https://www.wikidata.org/wiki/Q23389","display_name":"Nash equilibrium","level":2,"score":0.5357462763786316},{"id":"https://openalex.org/C73795354","wikidata":"https://www.wikidata.org/wiki/Q287618","display_name":"Sequential game","level":3,"score":0.5135748386383057},{"id":"https://openalex.org/C113336015","wikidata":"https://www.wikidata.org/wiki/Q574010","display_name":"Complete information","level":2,"score":0.5052693486213684},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.488943487405777},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4600754380226135},{"id":"https://openalex.org/C2779136372","wikidata":"https://www.wikidata.org/wiki/Q10283002","display_name":"Information flow","level":2,"score":0.44230854511260986},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.42795392870903015},{"id":"https://openalex.org/C177142836","wikidata":"https://www.wikidata.org/wiki/Q44455","display_name":"Game theory","level":2,"score":0.4218416213989258},{"id":"https://openalex.org/C202556891","wikidata":"https://www.wikidata.org/wiki/Q1584646","display_name":"Repeated game","level":3,"score":0.4170495867729187},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3684922456741333},{"id":"https://openalex.org/C126255220","wikidata":"https://www.wikidata.org/wiki/Q141495","display_name":"Mathematical optimization","level":1,"score":0.22794079780578613},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.12578356266021729},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C144237770","wikidata":"https://www.wikidata.org/wiki/Q747534","display_name":"Mathematical economics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/tac.2020.2976040","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tac.2020.2976040","pdf_url":null,"source":{"id":"https://openalex.org/S184954342","display_name":"IEEE Transactions on Automatic Control","issn_l":"0018-9286","issn":["0018-9286","1558-2523","2334-3303"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Automatic Control","raw_type":"journal-article"},{"id":"pmh:oai:arXiv.org:1811.05622","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1811.05622","pdf_url":"https://arxiv.org/pdf/1811.05622","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"mag:2900929178","is_oa":true,"landing_page_url":"https://arxiv.org/pdf/1811.05622","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"doi:10.48550/arxiv.1811.05622","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.1811.05622","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1811.05622","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1811.05622","pdf_url":"https://arxiv.org/pdf/1811.05622","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"score":0.4300000071525574,"display_name":"Decent work and economic growth","id":"https://metadata.un.org/sdg/8"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2900929178.pdf","grobid_xml":"https://content.openalex.org/works/W2900929178.grobid-xml"},"referenced_works_count":29,"referenced_works":["https://openalex.org/W568984285","https://openalex.org/W1222699389","https://openalex.org/W1533945010","https://openalex.org/W1570963478","https://openalex.org/W1997147068","https://openalex.org/W2015787697","https://openalex.org/W2057913812","https://openalex.org/W2067050450","https://openalex.org/W2089745089","https://openalex.org/W2118929276","https://openalex.org/W2138788987","https://openalex.org/W2151135920","https://openalex.org/W2156036190","https://openalex.org/W2179494254","https://openalex.org/W2292282511","https://openalex.org/W2560932476","https://openalex.org/W2568394246","https://openalex.org/W2766852928","https://openalex.org/W2785187462","https://openalex.org/W2893632805","https://openalex.org/W2912262279","https://openalex.org/W2963492322","https://openalex.org/W3145128584","https://openalex.org/W4211043782","https://openalex.org/W4252481514","https://openalex.org/W4253730333","https://openalex.org/W6627779323","https://openalex.org/W6754481008","https://openalex.org/W6756362368"],"related_works":["https://openalex.org/W2893632805","https://openalex.org/W3037467533","https://openalex.org/W3027336174","https://openalex.org/W3044418889","https://openalex.org/W2981386664","https://openalex.org/W3200976007","https://openalex.org/W3012486662","https://openalex.org/W3038385234","https://openalex.org/W3176592993","https://openalex.org/W2912262279","https://openalex.org/W4009483","https://openalex.org/W2973035675","https://openalex.org/W2908077968","https://openalex.org/W2783892643","https://openalex.org/W2145967292","https://openalex.org/W2887356979","https://openalex.org/W1536792846","https://openalex.org/W1970601741","https://openalex.org/W2358426254","https://openalex.org/W2528551565"],"abstract_inverted_index":{"Advanced":[0],"persistent":[1],"threats":[2],"(APTs)":[3],"infiltrate":[4],"cyber":[5],"systems":[6],"and":[7,66,75,84,114,148,170,199],"compromise":[8],"specifically":[9],"targeted":[10],"data":[11,206],"and/or":[12],"resources":[13],"through":[14],"a":[15,39,98,116,156,181,186],"sequence":[16],"of":[17,21,48,88,100,102,107,119,124,143,167],"stealthy":[18],"attacks":[19],"consisting":[20],"multiple":[22],"stages.":[23],"Dynamic":[24],"information":[25,41,59,150,159],"flow":[26,42,60],"tracking":[27,43],"has":[28,91],"been":[29],"proposed":[30],"to":[31,111,128,184],"detect":[32],"APTs.":[33],"In":[34],"this":[35],"article,":[36],"we":[37,195],"develop":[38],"dynamic":[40,52],"game":[44,55,90],"for":[45,175,189],"resource-efficient":[46],"detection":[47,113,131],"APTs":[49],"via":[50],"multistage":[51,191],"games.":[53],"The":[54,105,122,140],"evolves":[56],"on":[57,137,201],"an":[58],"graph,":[61],"whose":[62],"nodes":[63,101],"are":[64,95,146],"processes":[65,83],"objects":[67],"(e.g.,":[68],"file,":[69],"network":[70],"endpoints)":[71],"in":[72,155],"the":[73,76,79,89,103,108,125,130,138,144,149,164,168,190,209],"system":[74],"edges":[77],"capture":[78],"interaction":[80],"between":[81],"different":[82,147],"objects.":[85],"Each":[86],"stage":[87],"prespecified":[92],"targets":[93],"that":[94],"characterized":[96],"by":[97],"set":[99],"graph.":[104],"goal":[106,123],"APT":[109],"is":[110,127,152],"evade":[112],"reach":[115],"target":[117],"node":[118],"each":[120],"stage.":[121],"defender":[126],"maximize":[129],"probability":[132],"while":[133],"minimizing":[134],"performance":[135],"overhead":[136],"system.":[139,214],"resource":[141],"costs":[142],"players":[145,169],"structure":[151],"asymmetric,":[153],"resulting":[154],"nonzero-sum":[157],"imperfect":[158],"game.":[160],"We":[161,178],"first":[162],"calculate":[163],"best":[165],"responses":[166],"then":[171,179],"compute":[172,185],"Nash":[173],"equilibrium":[174,188],"single-stage":[176],"attacks.":[177],"provide":[180],"polynomial-time":[182],"algorithm":[183,200],"correlated":[187],"attack":[192,205],"case.":[193],"Finally,":[194],"simulate":[196],"our":[197],"model":[198],"real-world":[202],"nation":[203],"state":[204],"obtained":[207],"from":[208],"Refinable":[210],"Attack":[211],"INvestigation":[212],"(RAIN)":[213]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}