Citation
Erik Miehling, Mohammad Rasouli, Demos Teneketzis. "Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs". In Proceedings of the Second ACM Workshop on Moving Target Defense, ACM, 67-76, 2015.

Abstract
The defense of computer networks from intruders is becoming a problem of great importance as networks and devices become increasingly connected. We develop an automated approach to defending a network against continuous attacks from intruders, using the notion of Bayesian attack graphs to describe how attackers combine and exploit system vulnerabilities in order to gain access and progress through a network. We assume that the attacker follows a probabilistic spreading process on the attack graph and that the defender can only partially observe the attacker’s capabilities at any given time. This leads to the formulation of the defender’s problem as a partially observable Markov decision process (POMDP). We define and compute optimal defender countermeasure policies, which describe the optimal countermeaSure action to deploy given the current information.

Electronic downloads

• http://dl.acm.org/citation.cfm?id=2808482

• HTML

  Erik Miehling, Mohammad Rasouli, Demos Teneketzis. <a
  href="http://www.cps-forces.org/pubs/126.html"
  >Optimal Defense Policies for Partially Observable
  Spreading Processes on Bayesian Attack Graphs</a>, In
  Proceedings of the Second ACM Workshop on Moving Target
  Defense, ACM, 67-76, 2015.

• Plain text

  Erik Miehling, Mohammad Rasouli, Demos Teneketzis.
  "Optimal Defense Policies for Partially Observable
  Spreading Processes on Bayesian Attack Graphs". In
  Proceedings of the Second ACM Workshop on Moving Target
  Defense, ACM, 67-76, 2015.

• BibTeX

  @inproceedings{MiehlingRasouliTeneketzis15_OptimalDefensePoliciesForPartiallyObservableSpreading,
      author = {Erik Miehling and Mohammad Rasouli and Demos
                Teneketzis},
      title = {Optimal Defense Policies for Partially Observable
                Spreading Processes on Bayesian Attack Graphs},
      booktitle = {In Proceedings of the Second ACM Workshop on
                Moving Target Defense},
      organization = {ACM},
      pages = {67-76},
      year = {2015},
      abstract = {The defense of computer networks from intruders is
                becoming a problem of great importance as networks
                and devices become increasingly connected. We
                develop an automated approach to defending a
                network against continuous attacks from intruders,
                using the notion of Bayesian attack graphs to
                describe how attackers combine and exploit system
                vulnerabilities in order to gain access and
                progress through a network. We assume that the
                attacker follows a probabilistic spreading process
                on the attack graph and that the defender can only
                partially observe the attacker’s capabilities at
                any given time. This leads to the formulation of
                the defender’s problem as a partially observable
                Markov decision process (POMDP). We define and
                compute optimal defender countermeasure policies,
                which describe the optimal countermeaSure action
                to deploy given the current information.},
      URL = {http://cps-forces.org/pubs/126.html}
  }
  

Posted by Erik Miehling on 7 Apr 2016.
Groups: students
For additional information, see the Publications FAQ or contact webmaster at cps-forces org.