Computing Optimal Policies for Attack Graphs with Action Failures and Costs
نویسندگان
چکیده
An attack graph represents all known sequences of actions that compromise a system in form of an and-or graph. We assume that each action in the attack graph has a specified cost and probability of success and propose an algorithm for computing an action selection policy minimizing the expected cost of performing an attack. We model the problem as a finite horizon MDP and use forward search with transposition tables and various pruning techniques based on the structure of the attack graph. We experimentally compare the proposed algorithm to a generic MDP solver and a solver transforming the problem to an Unconstrained Influence Diagram showing a substantial runtime improvement.
منابع مشابه
Optimal Coding Subgraph Selection under Survivability Constraint
Nowadays communication networks have become an essential and inevitable part of human life. Hence, there is an ever-increasing need for expanding bandwidth, decreasing delay and data transfer costs. These needs necessitate the efficient use of network facilities. Network coding is a new paradigm that allows the intermediate nodes in a network to create new packets by combining the packets recei...
متن کاملGame-Theoretic Algorithms for Optimal Network Security Hardening Using Attack Graphs
In network security hardening a network administrator may need to use limited resources (such as honeypots) to harden a network against possible attacks. Attack graphs are a common formal model used to represent possible attacks. However, most existing works on attack graphs do not consider the reactions of attackers to different defender strategies. We introduce a game-theoretic model of the j...
متن کاملA particle swarm optimization algorithm for minimization analysis of cost-sensitive attack graphs
To prevent an exploit, the security analyst must implement a suitable countermeasure. In this paper, we consider cost-sensitive attack graphs (CAGs) for network vulnerability analysis. In these attack graphs, a weight is assigned to each countermeasure to represent the cost of its implementation. There may be multiple countermeasures with different weights for preventing a single exploit. Also,...
متن کاملApplication of n-distance balanced graphs in distributing management and finding optimal logistical hubs
Optimization and reduction of costs in management of distribution and transportation of commodity are one of the main goals of many organizations. Using suitable models in supply chain in order to increase efficiency and appropriate location for support centers in logistical networks is highly important for planners and managers. Graph modeling can be used to analyze these problems and many oth...
متن کاملComputing optimal security strategies in networked domains: a cost-benefit approach
We introduce a novel framework for computing optimal randomized security policies in networked domains which extends previous approaches in several ways. First, we extend previous linear programming techniques for Stackelberg security games to incorporate benefits and costs of arbitrary security configurations on individual assets. Second, we offer a principled model of failure cascades that al...
متن کامل