A Stochastic Model of Active Cyber Defense Dynamics
This work addresses the problem of quantifying active cyber defense effectiveness for cybersecurity practitioners, though it is incremental as it builds on existing concepts with a new modeling approach.
The authors tackled the lack of mathematical models for active cyber defense effectiveness by proposing a novel Markov process model, which they simplified via mean-field approximation into a Dynamic System model to derive analytical results for four types of defense dynamics, with simulations validating the approach.
The concept of active cyber defense has been proposed for years. However, there are no mathematical models for characterizing the effectiveness of active cyber defense. In this paper, we fill the void by proposing a novel Markov process model that is native to the interaction between cyber attack and active cyber defense. Unfortunately, the native Markov process model cannot be tackled by the techniques we are aware of. We therefore simplify, via mean-field approximation, the Markov process model as a Dynamic System model that is amenable to analysis. This allows us to derive a set of valuable analytical results that characterize the effectiveness of four types of active cyber defense dynamics. Simulations show that the analytical results are inherent to the native Markov process model, and therefore justify the validity of the Dynamic System model. We also discuss the side-effect of the mean-field approximation and its implications.