Optimization of Moving Target Defense Using a Partially Observable Markov Decision Process and Determinized Sparse Partially Observable Tree
Abstract
Those who defend systems against cyber-attacks can use moving target defense (MTD) to their advantage. However, optimal MTD techniques have yet to be sufficiently explored. In terms of cost-benefit analysis, the desired level of attack suppression will come at the cost of network availability, and optimization tools might be able to harness the advantages of MTD without undue sacrifice. This thesis formulates an attack/defense scenario as a partially observable Markov decision process (POMDP) to facilitate optimal MTD of a host. We develop a system in which service and IP reconfigurations can be employed as defense against a five-stage attack to maximize system availability and minimize cost. With an attack/defense scenario involving five attack stages and two defense options, we explore the utility of the Determinized Sparse Partially Observable Tree (DESPOT) algorithm for online optimal defense selection using the POMDP formulation. We compare optimization of the system for three different cases of the POMDP with varying levels of uncertainty (i.e., probability of detection) representing potential real-world scenarios. A significant result of this thesis is our development of a framework for optimizing MTD techniques. We also demonstrate, within the limitations of this research, how to determine the bounds for best performance when using DESPOT as an MTD controller.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2020
- Accession Number
- AD1114753
Entities
People
- Kelsey M. Shevock
Organizations
- Naval Postgraduate School