A Receding-Horizon MDP Approach for Performance Evaluation of Moving Target Defense in Networks

In this paper we study the problem of assessing the effectiveness of a proactive defense-by-detection policy with a network-based moving target defense. We model the network system using a probabilistic attack graph-a graphical security model. Given a network system with a proactive defense strategy an intelligent attacker needs to perform reconnaissance repeatedly to learn about the locations of intrusion detection systems and re- plan optimally to reach the target while avoiding detection. To compute the attacker's strategy for security evaluation we develop a receding-horizon planning algorithm using a risk-sensitive Markov decision process with a time-varying reward function. Finally we implement both defense and attack strategies in a synthetic network and analyze how the frequency of network randomization and the number of detection systems can influence the success rate of the attacker. This study provides insights for designing proactive defense strategies against online and multi-stage attacks by a resourceful attacker.

[1]  Amir Pnueli,et al.  Synthesis of Reactive(1) designs , 2006, J. Comput. Syst. Sci..

[2]  Quanyan Zhu,et al.  GADAPT: A Sequential Game-Theoretic Framework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats , 2016, GameSec.

[3]  Veeraruna Kavitha,et al.  Finite horizon risk sensitive MDP and linear programming , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[4]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[5]  Jin B. Hong,et al.  Assessing the Effectiveness of Moving Target Defenses Using Security Models , 2016, IEEE Transactions on Dependable and Secure Computing.

[6]  Barbara Kordy,et al.  Foundations of Attack-Defense Trees , 2010, Formal Aspects in Security and Trust.

[7]  B. Jones BOUNDED RATIONALITY , 1999 .

[8]  Jin B. Hong,et al.  HARMs: Hierarchical Attack Representation Models for Network Security Analysis , 2012, AISM 2012.

[9]  Ehab Al-Shaer,et al.  Specification-driven Moving Target Defense Synthesis , 2019, MTD'19.

[10]  Sailik Sengupta,et al.  A Survey of Moving Target Defenses for Network Security , 2019, IEEE Communications Surveys & Tutorials.

[11]  Christel Baier,et al.  Principles of Model Checking (Representation and Mind Series) , 2008 .

[12]  Quanyan Zhu,et al.  Control of Multilayer Mobile Autonomous Systems in Adversarial Environments: A Games-in-Games Approach , 2019, IEEE Transactions on Control of Network Systems.

[13]  Quanyan Zhu,et al.  A Dynamic Game Approach to Strategic Design of Secure and Resilient Infrastructure Network , 2019, IEEE Transactions on Information Forensics and Security.

[14]  Guannan Qu,et al.  Markov Decision Processes with Time-varying Transition Probabilities and Rewards , 2019 .

[15]  Kim G. Larsen,et al.  Quantitative Evaluation of Attack Defense Trees Using Stochastic Timed Automata , 2017, GraMSec@CSF.

[16]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[17]  Barbara Kordy,et al.  On Quantitative Analysis of Attack-Defense Trees with Repeated Labels , 2018, POST.

[18]  Sushil Jajodia,et al.  Cyber Deception: Building the Scientific Foundation , 2016 .

[19]  Martín Barrère,et al.  Exact Inference Techniques for the Analysis of Bayesian Attack Graphs , 2015, IEEE Transactions on Dependable and Secure Computing.

[20]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[21]  Krishnendu Chatterjee,et al.  Graph Games and Reactive Synthesis , 2018, Handbook of Model Checking.

[22]  Ayman I. Kayssi,et al.  Flow-based Intrusion Detection System for SDN , 2017, 2017 IEEE Symposium on Computers and Communications (ISCC).

[23]  Flemming Nielson,et al.  Quantitative Verification and Synthesis of Attack-Defence Scenarios , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[24]  Arvind Mallari Rao,et al.  Technical Aspects of Cyber Kill Chain , 2015, SSCC.

[25]  Quanyan Zhu,et al.  Decision and Game Theory for Security , 2016, Lecture Notes in Computer Science.

[26]  Quanyan Zhu,et al.  Dynamic games for secure and resilient control system design , 2019, National science review.

[27]  Quanyan Zhu,et al.  Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense , 2020, Adaptive Autonomous Secure Cyber Systems.

[28]  Rami G. Melhem,et al.  Roaming honeypots for mitigating service-level denial-of-service attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[29]  Vincent Conitzer,et al.  Complexity of Computing Optimal Stackelberg Strategies in Security Resource Allocation Games , 2010, AAAI.

[30]  Quanyan Zhu,et al.  Game-Theoretic Approach to Feedback-Driven Multi-stage Moving Target Defense , 2013, GameSec.

[31]  Quanyan Zhu,et al.  A Dynamic Games Approach to Proactive Defense Strategies against Advanced Persistent Threats in Cyber-Physical Systems , 2019, Comput. Secur..

[32]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.