| Title | Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs |
| Publication Type | Conference Paper |
| Year of Publication | 2015 |
| Authors | Erik Miehling, Mohammad Rasouli, Demos Teneketzis |
| Conference Name | In Proceedings of the Second ACM Workshop on Moving Target Defense |
| Publisher | ACM |
| Abstract | The defense of computer networks from intruders is becoming a problem of great importance as networks and devices become increasingly connected. We develop an automated approach to defending a network against continuous attacks from intruders, using the notion of Bayesian attack graphs to describe how attackers combine and exploit system vulnerabilities in order to gain access and progress through a network. We assume that the attacker follows a probabilistic spreading process on the attack graph and that the defender can only partially observe the attacker's capabilities at any given time. This leads to the formulation of the defender's problem as a partially observable Markov decision process (POMDP). We define and compute optimal defender countermeasure policies, which describe the optimal countermeaSure action to deploy given the current information. |
| URL | https://cps-vo.org/node/38437 |
| Citation Key | MiehlingRasouliTeneketzis15_OptimalDefensePoliciesForPartiallyObservableSpreading |
Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs