A Factored MDP Approach To Moving Target Defense With Dynamic Threat Modeling and Cost Efficiency
This addresses the challenge of adaptive cyber threats for cybersecurity systems, representing an incremental improvement by combining existing techniques like MDPs and Bayesian networks.
The paper tackles the problem of moving target defense in cybersecurity by introducing a Markov Decision Process model that does not rely on predefined attacker payoffs, integrating real-time attacker responses and cost considerations, and demonstrates effectiveness in high-uncertainty scenarios through empirical evaluations.
Moving Target Defense (MTD) has emerged as a proactive and dynamic framework to counteract evolving cyber threats. Traditional MTD approaches often rely on assumptions about the attackers knowledge and behavior. However, real-world scenarios are inherently more complex, with adaptive attackers and limited prior knowledge of their payoffs and intentions. This paper introduces a novel approach to MTD using a Markov Decision Process (MDP) model that does not rely on predefined attacker payoffs. Our framework integrates the attackers real-time responses into the defenders MDP using a dynamic Bayesian Network. By employing a factored MDP model, we provide a comprehensive and realistic system representation. We also incorporate incremental updates to an attack response predictor as new data emerges. This ensures an adaptive and robust defense mechanism. Additionally, we consider the costs of switching configurations in MTD, integrating them into the reward structure to balance execution and defense costs. We first highlight the challenges of the problem through a theoretical negative result on regret. However, empirical evaluations demonstrate the frameworks effectiveness in scenarios marked by high uncertainty and dynamically changing attack landscapes.