A Moving Target Defense Scheme with Overhead Optimization using Partially Observable Markov Decision Processes with Absorbing States

Abstract

Moving target defense (MTD) is a promising strategy for gaining advantage over cyber attackers, but these dynamic reconfigurations can impose significant overhead. We propose implementing MTD within an optimization framework so that we seize defensive advantage while minimizing overhead. This dissertation presents an MTD scheme that leverages partially observable Markov decision processes (POMDP) with absorbing states to select the optimal defense based on partial observations of the cyber attack phase. In this way, overhead is minimized as reconfigurations are triggered only when the potential benefit outweighs the cost. We formulate and implement a POMDP within a system with Monte-Carlo planning-based decision making configured to reflect defender-defined priorities for the cost-benefit tradeoff. The proposed system also includes a performance-monitoring scheme for continuous validation of the model, critical given attackers ever-changing techniques. We present simulation results that confirm the system fulfills the design goals, thwarting 99 percent of inbound attacks while sustaining system availability at greater than 94 percent even as probability of attack phase detection dropped to 0.74. A comparable system that triggered MTD techniques pseudorandomly maintained just 43 percent availability when providing equivalent attack suppression, which illustrates the utility of our proposed scheme.

Document Details

Document Type

Technical Report

Publication Date

Sep 01, 2020

Accession Number

AD1126518

Entities

Tags