A Factored MDP Approach To Moving Target Defense With Dynamic Threat Modeling and Cost Efficiency

TL;DR

This paper presents a factored MDP-based Moving Target Defense framework that dynamically models threats and adapts to real-time attacker responses, balancing defense effectiveness and switching costs in uncertain environments.

Contribution

It introduces a novel factored MDP approach that incorporates real-time attacker responses via Bayesian networks and accounts for switching costs, enhancing adaptive cyber defense strategies.

Findings

Empirical results show improved defense performance under high uncertainty.

The framework effectively balances defense costs and robustness.

Theoretical analysis highlights limitations of regret in dynamic settings.

Abstract

Moving Target Defense (MTD) has emerged as a proactive and dynamic framework to counteract evolving cyber threats. Traditional MTD approaches often rely on assumptions about the attackers knowledge and behavior. However, real-world scenarios are inherently more complex, with adaptive attackers and limited prior knowledge of their payoffs and intentions. This paper introduces a novel approach to MTD using a Markov Decision Process (MDP) model that does not rely on predefined attacker payoffs. Our framework integrates the attackers real-time responses into the defenders MDP using a dynamic Bayesian Network. By employing a factored MDP model, we provide a comprehensive and realistic system representation. We also incorporate incremental updates to an attack response predictor as new data emerges. This ensures an adaptive and robust defense mechanism. Additionally, we consider the costs of switching configurations in MTD, integrating them into the reward structure to balance execution and defense costs. We first highlight the challenges of the problem through a theoretical negative result on regret. However, empirical evaluations demonstrate the frameworks effectiveness in scenarios marked by high uncertainty and dynamically changing attack landscapes.