TY - GEN
T1 - A receding-horizon MDP approach for performance evaluation of moving target defense in networks
AU - Qian, Zhentian
AU - Fu, Jie
AU - Zhu, Quanyan
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/8
Y1 - 2020/8
N2 - In this paper we study the problem of assessing the effectiveness of a proactive defense-by-detection policy with a network-based moving target defense. We model the network system using a probabilistic attack graph-a graphical security model. Given a network system with a proactive defense strategy an intelligent attacker needs to perform reconnaissance repeatedly to learn about the locations of intrusion detection systems and re- plan optimally to reach the target while avoiding detection. To compute the attacker's strategy for security evaluation we develop a receding-horizon planning algorithm using a risk-sensitive Markov decision process with a time-varying reward function. Finally we implement both defense and attack strategies in a synthetic network and analyze how the frequency of network randomization and the number of detection systems can influence the success rate of the attacker. This study provides insights for designing proactive defense strategies against online and multi-stage attacks by a resourceful attacker.
AB - In this paper we study the problem of assessing the effectiveness of a proactive defense-by-detection policy with a network-based moving target defense. We model the network system using a probabilistic attack graph-a graphical security model. Given a network system with a proactive defense strategy an intelligent attacker needs to perform reconnaissance repeatedly to learn about the locations of intrusion detection systems and re- plan optimally to reach the target while avoiding detection. To compute the attacker's strategy for security evaluation we develop a receding-horizon planning algorithm using a risk-sensitive Markov decision process with a time-varying reward function. Finally we implement both defense and attack strategies in a synthetic network and analyze how the frequency of network randomization and the number of detection systems can influence the success rate of the attacker. This study provides insights for designing proactive defense strategies against online and multi-stage attacks by a resourceful attacker.
UR - http://www.scopus.com/inward/record.url?scp=85094096892&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85094096892&partnerID=8YFLogxK
U2 - 10.1109/CCTA41146.2020.9206360
DO - 10.1109/CCTA41146.2020.9206360
M3 - Conference contribution
AN - SCOPUS:85094096892
T3 - CCTA 2020 - 4th IEEE Conference on Control Technology and Applications
SP - 1
EP - 7
BT - CCTA 2020 - 4th IEEE Conference on Control Technology and Applications
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 4th IEEE Conference on Control Technology and Applications, CCTA 2020
Y2 - 24 August 2020 through 26 August 2020
ER -