Back to Search Start Over

Optimal Joint Defense and Monitoring for Networks Security under Uncertainty: A POMDP-Based Approach

Authors :
Armita Kazeminajafabadi
Mahdi Imani
Source :
IET Information Security, Vol 2024 (2024)
Publication Year :
2024
Publisher :
Hindawi-IET, 2024.

Abstract

The increasing interconnectivity in our infrastructure poses a significant security challenge, with external threats having the potential to penetrate and propagate throughout the network. Bayesian attack graphs have proven to be effective in capturing the propagation of attacks in complex interconnected networks. However, most existing security approaches fail to systematically account for the limitation of resources and uncertainty arising from the complexity of attacks and possible undetected compromises. To address these challenges, this paper proposes a partially observable Markov decision process (POMDP) model for network security under uncertainty. The POMDP model accounts for uncertainty in monitoring and defense processes, as well as the probabilistic attack propagation. This paper develops two security policies based on the optimal stationary defense policy for the underlying POMDP state process (i.e., a network with known compromises): the estimation-based policy that performs the defense actions corresponding to the optimal minimum mean square error state estimation and the distribution-based policy that utilizes the posterior distribution of network compromises to make defense decisions. Optimal monitoring policies are designed to specifically support each of the defense policies, allowing dynamic allocation of monitoring resources to capture network vulnerabilities/compromises. The performance of the proposed policies is examined in terms of robustness, accuracy, and uncertainty using various numerical experiments.

Details

Language :
English
ISSN :
17518717
Volume :
2024
Database :
Directory of Open Access Journals
Journal :
IET Information Security
Publication Type :
Academic Journal
Accession number :
edsdoj.56f4e8f2693a4c7898cd595672ba7892
Document Type :
article
Full Text :
https://doi.org/10.1049/2024/7966713