Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs
Erik Miehling, Mohammad Rasouli, Demos Teneketzis

Citation
Erik Miehling, Mohammad Rasouli, Demos Teneketzis. "Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs". In Proceedings of the Second ACM Workshop on Moving Target Defense, ACM, 67-76, 2015.

Abstract
The defense of computer networks from intruders is becoming a problem of great importance as networks and devices become increasingly connected. We develop an automated approach to defending a network against continuous attacks from intruders, using the notion of Bayesian attack graphs to describe how attackers combine and exploit system vulnerabilities in order to gain access and progress through a network. We assume that the attacker follows a probabilistic spreading process on the attack graph and that the defender can only partially observe the attacker’s capabilities at any given time. This leads to the formulation of the defender’s problem as a partially observable Markov decision process (POMDP). We define and compute optimal defender countermeasure policies, which describe the optimal countermeaSure action to deploy given the current information.

Electronic downloads

Citation formats  
  • HTML
    Erik Miehling, Mohammad Rasouli, Demos Teneketzis. <a
    href="http://www.cps-forces.org/pubs/126.html"
    >Optimal Defense Policies for Partially Observable
    Spreading Processes on Bayesian Attack Graphs</a>, In
    Proceedings of the Second ACM Workshop on Moving Target
    Defense, ACM, 67-76, 2015.
  • Plain text
    Erik Miehling, Mohammad Rasouli, Demos Teneketzis.
    "Optimal Defense Policies for Partially Observable
    Spreading Processes on Bayesian Attack Graphs". In
    Proceedings of the Second ACM Workshop on Moving Target
    Defense, ACM, 67-76, 2015.
  • BibTeX
    @inproceedings{MiehlingRasouliTeneketzis15_OptimalDefensePoliciesForPartiallyObservableSpreading,
        author = {Erik Miehling and Mohammad Rasouli and Demos
                  Teneketzis},
        title = {Optimal Defense Policies for Partially Observable
                  Spreading Processes on Bayesian Attack Graphs},
        booktitle = {In Proceedings of the Second ACM Workshop on
                  Moving Target Defense},
        organization = {ACM},
        pages = {67-76},
        year = {2015},
        abstract = {The defense of computer networks from intruders is
                  becoming a problem of great importance as networks
                  and devices become increasingly connected. We
                  develop an automated approach to defending a
                  network against continuous attacks from intruders,
                  using the notion of Bayesian attack graphs to
                  describe how attackers combine and exploit system
                  vulnerabilities in order to gain access and
                  progress through a network. We assume that the
                  attacker follows a probabilistic spreading process
                  on the attack graph and that the defender can only
                  partially observe the attackerâs capabilities at
                  any given time. This leads to the formulation of
                  the defenderâs problem as a partially observable
                  Markov decision process (POMDP). We define and
                  compute optimal defender countermeasure policies,
                  which describe the optimal countermeaSure action
                  to deploy given the current information.},
        URL = {http://cps-forces.org/pubs/126.html}
    }
    

Posted by Erik Miehling on 7 Apr 2016.
Groups: students
For additional information, see the Publications FAQ or contact webmaster at cps-forces org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.