Advanced persistent threat (APT) is a kind of stealthy, sophisticated, and long-term cyberattack that has brought severe financial losses and critical infrastructure damages. Existing works mainly focus on APT defense under stable network topologies, while the problem under time-varying dynamic networks (e.g., vehicular networks) remains unexplored, which motivates our work. Besides, the spatiotemporal dynamics in defense resources, complex attackers' lateral movement behaviors, and lack of timely defense make APT defense a challenging issue under time-varying networks. In this paper, we propose a novel game-theoretical APT defense approach to promote real-time and optimal defense strategy-making under both periodic time-varying and general time-varying environments. Specifically, we first model the interactions between attackers and defenders in an APT process as a dynamic APT repair game, and then formulate the APT damage minimization problem as the precise prevention and control (PPAC) problem. To derive the optimal defense strategy under both latency and defense resource constraints, we further devise an online optimal control-based mechanism integrated with two backtracking-forward algorithms to fastly derive the near-optimal solution of the PPAC problem in real time. Extensive experiments are carried out, and the results demonstrate that our proposed scheme can efficiently obtain optimal defense strategy in 54481 ms under seven attack-defense interactions with 9.64$\%$ resource occupancy in stimulated periodic time-varying and general time-varying networks. Besides, even under static networks, our proposed scheme still outperforms existing representative APT defense approaches in terms of service stability and defense resource utilization.

翻译：高级持续性威胁（APT）是一种隐蔽、复杂且长期的网络攻击，已造成严重的经济损失和关键基础设施破坏。现有研究主要关注稳定网络拓扑下的APT防御，而时变动态网络（如车载网络）中的问题尚未得到探索，这激发了我们的研究。此外，防御资源的时空动态性、攻击者复杂的横向移动行为以及缺乏及时防御，使得时变网络下的APT防御成为一项具有挑战性的课题。本文提出一种新颖的博弈论APT防御方法，以在周期时变和一般时变环境中促进实时且最优的防御策略制定。具体而言，我们首先将APT过程中攻击者与防御者之间的交互建模为动态APT修复博弈，然后将APT损害最小化问题表述为精准预防与控制（PPAC）问题。为在时延和防御资源约束下推导最优防御策略，我们进一步设计了一种基于在线最优控制的机制，并集成两种回溯-前向算法，以快速实时求解PPAC问题的近似最优解。通过大量实验，结果表明：在模拟的周期时变和一般时变网络中，经过七次攻防交互，所提方案能以9.64%的资源占用率在54481毫秒内高效获得最优防御策略。此外，即使在静态网络下，所提方案在服务稳定性和防御资源利用率方面仍优于现有代表性APT防御方法。