Title :
Analysis of a Markov decision process model for intrusion tolerance
Author :
Kreidl, O. Patrick
Author_Institution :
Lab. for Inf. & Decision Syst., MIT, Cambridge, MA, USA
fDate :
June 28 2010-July 1 2010
Abstract :
We consider a simplest Markov decision process model for intrusion tolerance, assuming that (i) each attack proceeds through one or more steps before the system´s security fails and (ii) defensive responses targeting these intermediate steps may only sometimes thwart the attack. Our analysis shows that, even in the ideal case of perfect detectors, it can be sub-optimal in the long run to employ defensive responses while under attack; that is, depending on attack dynamics and response effectiveness, the total overhead of ongoing defensive countermeasures can exceed the total risk of intermittent security failures. Simulation experiments reveal that a tradeoff between these two types of costs persists in the realistic case of imperfect detectors. These experiments also shed light on (i) the extent to which increasing sensor uncertainty monotonically degrades achievable performance and (ii) the loss from optimum performance of two popular rule-based policies for response selection.
Keywords :
Markov processes; decision theory; security of data; Markov decision process model; attack dynamics; defensive response; intrusion tolerance; response effectiveness; rule based policy; Costs; Degradation; Detectors; Failure analysis; Information analysis; Information security; Laboratories; Performance loss; Real time systems; Uncertainty;
Conference_Titel :
Dependable Systems and Networks Workshops (DSN-W), 2010 International Conference on
Conference_Location :
Chicago, IL
Print_ISBN :
978-1-4244-7729-6
Electronic_ISBN :
978-1-4244-7728-9
DOI :
10.1109/DSNW.2010.5542603
