Defense Policies for Partially Observed Spreading Processes on Bayesian Attack Graphs
Erik Miehling

Citation
Erik Miehling. "Defense Policies for Partially Observed Spreading Processes on Bayesian Attack Graphs". Talk or presentation, 29, May, 2015.

Abstract
The increasing connectivity of networks and smart devices allows for greater efficiency and operational flexibility but comes at the significant cost of making the system exposed to multiple vulnerabilities, placing the system under the constant threat of external attacks. This makes the monitoring and mitigation of intrusions a vitally important task. The problem is further complicated by the fact that attackers typically combine multiple vulnerabilities, of which the network operator (defender) cannot fully observe, in order to penetrate the network. We use the notion of Bayesian attack graphs to describe how attackers combine and exploit system vulnerabilities in order gain access to a key set of resources. We assume the attacker follows a probabilistic spreading process on the attack graph, of which the defender can only partially observe. Formulating the problem as a partially observed Markov decision process (POMDP) allows us to compute an optimal defender countermeasure policy, protecting the key set of resources from being compromised. We demonstrate the performance of our approach on a realistic test network.

Electronic downloads

Internal. This publication has been marked by the author for FORCES-only distribution, so electronic downloads are not available without logging in.

Citation formats

• HTML

  Erik Miehling. <a
  href="http://www.cps-forces.org/pubs/87.html"
  ><i>Defense Policies for Partially Observed
  Spreading Processes on Bayesian Attack
  Graphs</i></a>, Talk or presentation,  29, May,
  2015.

• Plain text

  Erik Miehling. "Defense Policies for Partially Observed
  Spreading Processes on Bayesian Attack Graphs". Talk or
  presentation,  29, May, 2015.

• BibTeX

  @presentation{Miehling15_DefensePoliciesForPartiallyObservedSpreadingProcesses,
      author = {Erik Miehling},
      title = {Defense Policies for Partially Observed Spreading
                Processes on Bayesian Attack Graphs},
      day = {29},
      month = {May},
      year = {2015},
      abstract = {The increasing connectivity of networks and smart
                devices allows for greater efficiency and
                operational flexibility but comes at the
                significant cost of making the system exposed to
                multiple vulnerabilities, placing the system under
                the constant threat of external attacks. This
                makes the monitoring and mitigation of intrusions
                a vitally important task. The problem is further
                complicated by the fact that attackers typically
                combine multiple vulnerabilities, of which the
                network operator (defender) cannot fully observe,
                in order to penetrate the network. We use the
                notion of Bayesian attack graphs to describe how
                attackers combine and exploit system
                vulnerabilities in order gain access to a key set
                of resources. We assume the attacker follows a
                probabilistic spreading process on the attack
                graph, of which the defender can only partially
                observe. Formulating the problem as a partially
                observed Markov decision process (POMDP) allows us
                to compute an optimal defender countermeasure
                policy, protecting the key set of resources from
                being compromised. We demonstrate the performance
                of our approach on a realistic test network.},
      URL = {http://cps-forces.org/pubs/87.html}
  }
  

Posted by Carolyn Winter on 10 Jun 2015.
Groups: forces
For additional information, see the Publications FAQ or contact webmaster at cps-forces org.