论文信息 - A dependency graph formalism for the dynamic defense of cyber networks

A dependency graph formalism for the dynamic defense of cyber networks

We present ongoing work related to the development of a security model for the dynamic defense of cyber networks. The model is based on a graphical object termed a dependency graph, which models the interactions between security conditions and exploits. By embedding a state-space on the dependency graph, we are able to reason about the security of the system and prescribe effective defense decision in order to mitigate the progression of an attacker. The resulting defense problem is a partially observable Markov decision process. The application of an existing online solver allows for one to obtain defense policies in realistically-sized systems.

[1] Joel Veness,et al. Monte-Carlo Planning in Large POMDPs , 2010, NIPS.

[2] Duminda Wijesekera,et al. Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[3] William H. Sanders,et al. Ieee Transactions on Parallel and Distributed Systems Rre: a Game-theoretic Intrusion Response and Recovery Engine , 2022 .

[4] O. Patrick Kreidl,et al. Feedback control applied to survivability: a host-based autonomic defense system , 2004, IEEE Transactions on Reliability.

[5] Robert J. Ellison,et al. Attack Trees , 2009, Encyclopedia of Biometrics.

[6] Sherif Abdelwahed,et al. A Probabilistic Approach to Autonomic Security Management , 2016, 2016 IEEE International Conference on Autonomic Computing (ICAC).

[7] Pravin Varaiya,et al. Stochastic Systems: Estimation, Identification, and Adaptive Control , 1986 .