The use of partially observable Markov decision processes to optimally implement moving target defense

McAbee, Ashley S.M.; Tummala, Murali; McEachen, John

The use of partially observable Markov decision processes to optimally implement moving target defense

Files

The_use_of_partially_observable_Markov.pdf (464.2 KB)

Authors

McAbee, Ashley S.M.

Tummala, Murali

McEachen, John

Subjects

Cybersecurity and Software Assurance
cybersecurity
markov models
moving target

Date of Issue

2021-01-05

Date

2021

Publisher

HICSS

Abstract

For moving target defense (MTD) to shift advantage away from cyber attackers, we need techniques which render systems unpredictable but still manageable. We formulate a partially observable Markov decision process (POMDP) which facilitates optimized MTD capable of thwarting cyber attacks without excess overhead. This paper describes POMDP formulation including the use of an absorbing final state and attack penalty scaling factor to abstract defender-defined priorities into the model. An autonomous agent leverages the POMDP to select the optimal defense based on assessed cyber-attack phase. We offer an example formulation wherein attack suppression of greater than 99% and system availability of greater than 94% were maintained even as probability of detection of attack phase dropped to 74%.

Type

Conference Paper

Description

17 USC 105 interim-entered record; under temporary embargo.

URI

https://hdl.handle.net/10945/66994

Series/Report No

Faculty & Researcher Publications

Funding

U.S. Government affiliation is unstated in article text.

Format

10 p.

Citation

McAbee, Ashley, Murali Tummala, and John McEachen. "The use of partially observable Markov decision processes to optimally implement moving target defense." Proceedings of the 54th Hawaii International Conference on System Sciences. 2021.

Collections

Publications

Full item page

Naval Postgraduate School

Dudley Knox Library