The expansion of information technology infrastructure is encountered with Advanced Persistent Threats (APTs), which can launch data destruction, disclosure, modification, and/or Denial of Service attacks by drawing upon vulnerabilities of software and hardware. Moving Target Defense (MTD) is a promising risk mitigation technique that replies to APTs via implementing randomisation and dynamic strategies on compromised assets. However, some MTD techniques adopt the blind random mutation, which causes greater performance overhead and worse defense utility. In this paper, we formulate the cyber-attack and defense as a dynamic partially observable Markov process based on dynamic Bayesian inference. Then we develop an Inference-Based Adaptive Attack Tolerance (IBAAT) system, which includes two stages. In the first stage, a forward–backward algorithm with a time window is employed to perform a security risk assessment. To select the defense strategy, in the second stage, the attack and defense process is modelled as a two-player general-sum Markov game and the optimal defense strategy is acquired by quantitative analysis based on the first stage. The evaluation shows that the proposed algorithm has about 10% security utility improvement compared to the state-of-the-art.
|Number of pages||21|
|Publication status||Published - 16 Oct 2020|
Bibliographical noteFunding Information:
This work was supported by National Key Research and Development Program of China (No. 2018YFB0804004) and the National Natural Science Foundation of China (No. 61602509).
© 2020 Informa UK Limited, trading as Taylor & Francis Group.
- Advanced persistent threats
- Bayesian network
- Markov game
- moving target defense
- risk assessment