Visible to the public Adaptive MTD Security using Markov Game Modeling

TitleAdaptive MTD Security using Markov Game Modeling
Publication TypeConference Paper
Year of Publication2019
AuthorsChowdhary, Ankur, Sengupta, Sailik, Alshamrani, Adel, Huang, Dijiang, Sabur, Abdulhakim
Conference Name2019 International Conference on Computing, Networking and Communications (ICNC)
Keywordsadaptive filtering, adaptive MTD security, Attack Graphs, attack policy, cloud network, Common Vulnerability Scoring System, Computer crime, computer network security, computing elements, critical information, CVSS, distributed networking, expert knowledge, game theory, Intrusion Detection Systems, large scale cloud networks, Markov Game modeling, Markov processes, Metrics, monitoring attacks, moving target defense, multistage attack scenario, multistage attacks, network administrator, packet filtering, proactive security framework, pubcrawl, reactive security mechanism, Resiliency, Scalability, security experts, security state, sub-optimal policy, target software vulnerabilities, transition probabilities, two-player zero-sum Markov Game
AbstractLarge scale cloud networks consist of distributed networking and computing elements that process critical information and thus security is a key requirement for any environment. Unfortunately, assessing the security state of such networks is a challenging task and the tools used in the past by security experts such as packet filtering, firewall, Intrusion Detection Systems (IDS) etc., provide a reactive security mechanism. In this paper, we introduce a Moving Target Defense (MTD) based proactive security framework for monitoring attacks which lets us identify and reason about multi-stage attacks that target software vulnerabilities present in a cloud network. We formulate the multi-stage attack scenario as a two-player zero-sum Markov Game (between the attacker and the network administrator) on attack graphs. The rewards and transition probabilities are obtained by leveraging the expert knowledge present in the Common Vulnerability Scoring System (CVSS). Our framework identifies an attacker's optimal policy and places countermeasures to ensure that this attack policy is always detected, thus forcing the attacker to use a sub-optimal policy with higher cost.
Citation Keychowdhary_adaptive_2019