Advanced Persistent Threats (APT) in Cybersecurity - Time & Space Complexity

Analyzing time complexity helps us understand how the effort to detect or respond to Advanced Persistent Threats (APTs) grows as the attack or network size increases.

We want to know how the work needed changes when more systems or data are involved.

Analyze the time complexity of this simplified APT detection process.

for each device in network:
    scan device logs
    for each alert in device alerts:
        analyze alert
        if alert suspicious:
            investigate alert

This code scans all devices, checks alerts on each, and investigates suspicious ones.

Look at what repeats as input grows.

• Primary operation: Looping through all devices and their alerts.
• How many times: For each device (n devices), it loops through alerts (m alerts per device).

As the number of devices and alerts grows, the work grows too.

Input Size (n devices, m alerts)	Approx. Operations
10 devices, 5 alerts each	About 50 alert checks
100 devices, 5 alerts each	About 500 alert checks
1000 devices, 5 alerts each	About 5000 alert checks

Pattern observation: The total work grows roughly by multiplying devices and alerts, so doubling devices doubles work.

Time Complexity: O(n * m)

This means the time needed grows proportionally to the number of devices times the number of alerts per device.

[X] Wrong: "The time to detect APTs grows only with the number of devices."

[OK] Correct: The number of alerts per device also affects the work, so ignoring alerts underestimates the effort.

Understanding how detection effort scales with network size and alert volume shows your grasp of real-world cybersecurity challenges.

"What if the number of alerts per device grows as the network grows? How would that affect the time complexity?"