Markov Decision Process to Enforce Moving Target Defence Policies

Moving Target Defense (MTD) is an emerging game-changing defense strategy in cybersecurity with the goal of strengthening defenders and conversely puzzling adversaries in a network environment. The successful deployment of an MTD system can be affected by several factors including 1) the effectiveness of the employed technique, 2) the deployment strategy, 3) the cost of the MTD implementation, and 4) the impact yielded by the enforced security policies. Many research efforts have been spent on introducing a variety of MTD techniques which are often evaluated through simulations. Nevertheless, this line of research needs more attention. In particular, the determination of optimal cost and policy analysis and the selection of those policies in an MTD setting is still an open research question. To advance the state-of-the-art of this line of research, this paper introduces an approach based on control theory to model, analyze and select optimal security policies for Moving Target Defense (MTD) deployment strategies. A Markov Decision Process (MDP) scheme is presented to model states of the system from attacking point of view. The employed value iteration method is based on the Bellman optimality equation for optimal policy selection for each state defined in the system. The model is then utilized to analyze the impact of various costs on the optimal policy. The MDP model is then applied to two case studies to evaluate the performance of the model.

[1]  Akbar Siami Namin,et al.  Defending SDN-based IoT Networks Against DDoS Attacks Using Markov Decision Process , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[2]  Akbar Siami Namin,et al.  Detecting Web Spams Using Evidence Theory , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[3]  Michael P. Wellman,et al.  Empirical Game-Theoretic Analysis for Moving Target Defense , 2015, MTD@CCS.

[4]  Akbar Siami Namin,et al.  The Impact of Address Changes and Host Diversity on the Effectiveness of Moving Target Defense Strategy , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[5]  Akbar Siami Namin,et al.  A Comparison of ARIMA and LSTM in Forecasting Time Series , 2018, 2018 17th IEEE International Conference on Machine Learning and Applications (ICMLA).

[6]  Arun K. Sood,et al.  Securing Web Servers Using Self Cleansing Intrusion Tolerance (SCIT) , 2009, 2009 Second International Conference on Dependability.

[7]  Sara Sartoli,et al.  Adaptive Reasoning in the Presence of Imperfect Security Requirements , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[8]  Hamed Okhravi,et al.  Have No PHEAR: Networks Without Identifiers , 2016, MTD@CCS.

[9]  Akbar Siami Namin,et al.  Forecasting Economics and Financial Time Series: ARIMA vs. LSTM , 2018, ArXiv.

[10]  Akbar Siami Namin,et al.  A Survey on the Moving Target Defense Strategies: An Architectural Perspective , 2019, Journal of Computer Science and Technology.

[11]  Michael P. Wellman,et al.  Moving Target Defense against DDoS Attacks: An Empirical Game-Theoretic Analysis , 2016, MTD@CCS.

[12]  Akbar Siami Namin,et al.  A Markov Decision Process to Determine Optimal Policies in Moving Target , 2018, CCS.

[13]  Akbar Siami Namin,et al.  Evidence Fusion for Malicious Bot Detection in IoT , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[14]  Yong Chen,et al.  Client-side Straggler-Aware I/O Scheduler for Object-based Parallel File Systems , 2018, Parallel Comput..

[15]  Yong Chen,et al.  Log-Assisted Straggler-Aware I/O Scheduler for High-End Computing , 2016, 2016 45th International Conference on Parallel Processing Workshops (ICPPW).

[16]  Sara Sartoli,et al.  A semantic model for action-based adaptive security , 2017, SAC.