Dependability Analysis of a Scalable Intrusion Tolerant Architecture with Two Detection Modes

In this paper we consider a discrete-time stochastic model of an intrusion tolerant system with two detection modes; automatic detection mode and manual detection mode. The stochastic behavior of the system is formulated by a discrete-time semi-Markov process and analyzed through an embedded Markov chain (EMC) approach. We derive the optimal time from an automatic detection mode to a manual detection mode, which maximizes the steady-state system availability. Also, we obtain analytically an explicit form of the mean time to security failure (MTTSF). Numerical examples are presented for illustrating the optimal switching of detection mode and its availability/MTTSF performance.