Probabilistic modelling of deception-based security framework using markov decision process

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2022-04-01 DOI:10.1016/j.cose.2021.102599

Junaid Haseeb , Saif Ur Rehman Malik , Masood Mansoori , Ian Welch

{"title":"Probabilistic modelling of deception-based security framework using markov decision process","authors":"Junaid Haseeb , Saif Ur Rehman Malik , Masood Mansoori , Ian Welch","doi":"10.1016/j.cose.2021.102599","DOIUrl":null,"url":null,"abstract":"<div><p><span>Existing studies using deception are ad-hoc attempts and few theoretical models have been designed to plan and integrate deception. We theorise that a pre-planning stage should be a fundamental part to obtain information about the attackers’ behaviours and the attack process by analysing known attacks. This will help plan and take defence actions by actively interacting with the attackers and predicting their actions using a probabilistic approach. This paper proposes a framework that provides a theoretical understanding to plan and integrate deception systematically and strategically. We also present probabilistic modelling to predict attack actions by formalising a real case of attacks captured on simulated </span>Internet of Things devices<span> as an Markov Decision Process<span> (MDP) and verifying related properties using Probabilistic Symbolic Model Checker (PRISM). MDP’s properties verification results reveal that the associated cost for defence actions can be decreased by successfully predicting attackers’ probable actions. Moreover, we identify several quantification metrics (e.g. cost, reward, trust, incentive and penalty) to evaluate the performance of actions performed by attackers and defenders.</span></span></p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"115 ","pages":"Article 102599"},"PeriodicalIF":4.8000,"publicationDate":"2022-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404821004223","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Existing studies using deception are ad-hoc attempts and few theoretical models have been designed to plan and integrate deception. We theorise that a pre-planning stage should be a fundamental part to obtain information about the attackers’ behaviours and the attack process by analysing known attacks. This will help plan and take defence actions by actively interacting with the attackers and predicting their actions using a probabilistic approach. This paper proposes a framework that provides a theoretical understanding to plan and integrate deception systematically and strategically. We also present probabilistic modelling to predict attack actions by formalising a real case of attacks captured on simulated Internet of Things devices as an Markov Decision Process (MDP) and verifying related properties using Probabilistic Symbolic Model Checker (PRISM). MDP’s properties verification results reveal that the associated cost for defence actions can be decreased by successfully predicting attackers’ probable actions. Moreover, we identify several quantification metrics (e.g. cost, reward, trust, incentive and penalty) to evaluate the performance of actions performed by attackers and defenders.

查看原文本刊更多论文

基于马尔可夫决策过程的欺骗安全框架概率建模

现有的欺骗研究都是临时的尝试，很少有理论模型被设计来计划和整合欺骗。我们的理论是，通过分析已知的攻击，预先计划阶段应该是获取攻击者行为和攻击过程信息的基本部分。这将有助于计划和采取防御行动，通过积极地与攻击者互动，并使用概率方法预测他们的行动。本文提出了一个框架，为系统和战略地规划和整合欺骗提供了理论认识。我们还提出了概率建模来预测攻击行为，通过将模拟物联网设备上捕获的真实攻击案例形式化为马尔可夫决策过程(MDP)，并使用概率符号模型检查器(PRISM)验证相关属性。MDP的属性验证结果表明，通过成功预测攻击者可能的行为，可以降低防御行动的相关成本。此外，我们确定了几个量化指标(例如成本，奖励，信任，激励和惩罚)来评估攻击者和防御者所执行的行动的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.