Optimal Joint Defense and Monitoring for Networks Security under Uncertainty: A POMDP-Based Approach
The increasing interconnectivity in our infrastructure poses a significant security challenge, with external threats having the potential to penetrate and propagate throughout the network. Bayesian attack graphs have proven to be effective in capturing the propagation of attacks in complex interconn...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2024-01-01
|
| Series: | IET Information Security |
| Online Access: | http://dx.doi.org/10.1049/2024/7966713 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1825199949432750080 |
|---|---|
| author | Armita Kazeminajafabadi Mahdi Imani |
| author_facet | Armita Kazeminajafabadi Mahdi Imani |
| author_sort | Armita Kazeminajafabadi |
| collection | DOAJ |
| description | The increasing interconnectivity in our infrastructure poses a significant security challenge, with external threats having the potential to penetrate and propagate throughout the network. Bayesian attack graphs have proven to be effective in capturing the propagation of attacks in complex interconnected networks. However, most existing security approaches fail to systematically account for the limitation of resources and uncertainty arising from the complexity of attacks and possible undetected compromises. To address these challenges, this paper proposes a partially observable Markov decision process (POMDP) model for network security under uncertainty. The POMDP model accounts for uncertainty in monitoring and defense processes, as well as the probabilistic attack propagation. This paper develops two security policies based on the optimal stationary defense policy for the underlying POMDP state process (i.e., a network with known compromises): the estimation-based policy that performs the defense actions corresponding to the optimal minimum mean square error state estimation and the distribution-based policy that utilizes the posterior distribution of network compromises to make defense decisions. Optimal monitoring policies are designed to specifically support each of the defense policies, allowing dynamic allocation of monitoring resources to capture network vulnerabilities/compromises. The performance of the proposed policies is examined in terms of robustness, accuracy, and uncertainty using various numerical experiments. |
| format | Article |
| id | doaj-art-56f4e8f2693a4c7898cd595672ba7892 |
| institution | Kabale University |
| issn | 1751-8717 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj-art-56f4e8f2693a4c7898cd595672ba78922025-02-08T00:00:07ZengWileyIET Information Security1751-87172024-01-01202410.1049/2024/7966713Optimal Joint Defense and Monitoring for Networks Security under Uncertainty: A POMDP-Based ApproachArmita Kazeminajafabadi0Mahdi Imani1Department of Electrical and Computer EngineeringDepartment of Electrical and Computer EngineeringThe increasing interconnectivity in our infrastructure poses a significant security challenge, with external threats having the potential to penetrate and propagate throughout the network. Bayesian attack graphs have proven to be effective in capturing the propagation of attacks in complex interconnected networks. However, most existing security approaches fail to systematically account for the limitation of resources and uncertainty arising from the complexity of attacks and possible undetected compromises. To address these challenges, this paper proposes a partially observable Markov decision process (POMDP) model for network security under uncertainty. The POMDP model accounts for uncertainty in monitoring and defense processes, as well as the probabilistic attack propagation. This paper develops two security policies based on the optimal stationary defense policy for the underlying POMDP state process (i.e., a network with known compromises): the estimation-based policy that performs the defense actions corresponding to the optimal minimum mean square error state estimation and the distribution-based policy that utilizes the posterior distribution of network compromises to make defense decisions. Optimal monitoring policies are designed to specifically support each of the defense policies, allowing dynamic allocation of monitoring resources to capture network vulnerabilities/compromises. The performance of the proposed policies is examined in terms of robustness, accuracy, and uncertainty using various numerical experiments.http://dx.doi.org/10.1049/2024/7966713 |
| spellingShingle | Armita Kazeminajafabadi Mahdi Imani Optimal Joint Defense and Monitoring for Networks Security under Uncertainty: A POMDP-Based Approach IET Information Security |
| title | Optimal Joint Defense and Monitoring for Networks Security under Uncertainty: A POMDP-Based Approach |
| title_full | Optimal Joint Defense and Monitoring for Networks Security under Uncertainty: A POMDP-Based Approach |
| title_fullStr | Optimal Joint Defense and Monitoring for Networks Security under Uncertainty: A POMDP-Based Approach |
| title_full_unstemmed | Optimal Joint Defense and Monitoring for Networks Security under Uncertainty: A POMDP-Based Approach |
| title_short | Optimal Joint Defense and Monitoring for Networks Security under Uncertainty: A POMDP-Based Approach |
| title_sort | optimal joint defense and monitoring for networks security under uncertainty a pomdp based approach |
| url | http://dx.doi.org/10.1049/2024/7966713 |
| work_keys_str_mv | AT armitakazeminajafabadi optimaljointdefenseandmonitoringfornetworkssecurityunderuncertaintyapomdpbasedapproach AT mahdiimani optimaljointdefenseandmonitoringfornetworkssecurityunderuncertaintyapomdpbasedapproach |