Junaid Haseeb , Saif Ur Rehman Malik , Masood Mansoori , Ian Welch
{"title":"基于马尔可夫决策过程的欺骗安全框架概率建模","authors":"Junaid Haseeb , Saif Ur Rehman Malik , Masood Mansoori , Ian Welch","doi":"10.1016/j.cose.2021.102599","DOIUrl":null,"url":null,"abstract":"<div><p><span>Existing studies using deception are ad-hoc attempts and few theoretical models have been designed to plan and integrate deception. We theorise that a pre-planning stage should be a fundamental part to obtain information about the attackers’ behaviours and the attack process by analysing known attacks. This will help plan and take defence actions by actively interacting with the attackers and predicting their actions using a probabilistic approach. This paper proposes a framework that provides a theoretical understanding to plan and integrate deception systematically and strategically. We also present probabilistic modelling to predict attack actions by formalising a real case of attacks captured on simulated </span>Internet of Things devices<span> as an Markov Decision Process<span> (MDP) and verifying related properties using Probabilistic Symbolic Model Checker (PRISM). MDP’s properties verification results reveal that the associated cost for defence actions can be decreased by successfully predicting attackers’ probable actions. Moreover, we identify several quantification metrics (e.g. cost, reward, trust, incentive and penalty) to evaluate the performance of actions performed by attackers and defenders.</span></span></p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"115 ","pages":"Article 102599"},"PeriodicalIF":4.8000,"publicationDate":"2022-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Probabilistic modelling of deception-based security framework using markov decision process\",\"authors\":\"Junaid Haseeb , Saif Ur Rehman Malik , Masood Mansoori , Ian Welch\",\"doi\":\"10.1016/j.cose.2021.102599\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p><span>Existing studies using deception are ad-hoc attempts and few theoretical models have been designed to plan and integrate deception. We theorise that a pre-planning stage should be a fundamental part to obtain information about the attackers’ behaviours and the attack process by analysing known attacks. This will help plan and take defence actions by actively interacting with the attackers and predicting their actions using a probabilistic approach. This paper proposes a framework that provides a theoretical understanding to plan and integrate deception systematically and strategically. We also present probabilistic modelling to predict attack actions by formalising a real case of attacks captured on simulated </span>Internet of Things devices<span> as an Markov Decision Process<span> (MDP) and verifying related properties using Probabilistic Symbolic Model Checker (PRISM). MDP’s properties verification results reveal that the associated cost for defence actions can be decreased by successfully predicting attackers’ probable actions. Moreover, we identify several quantification metrics (e.g. cost, reward, trust, incentive and penalty) to evaluate the performance of actions performed by attackers and defenders.</span></span></p></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"115 \",\"pages\":\"Article 102599\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2022-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404821004223\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404821004223","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Probabilistic modelling of deception-based security framework using markov decision process
Existing studies using deception are ad-hoc attempts and few theoretical models have been designed to plan and integrate deception. We theorise that a pre-planning stage should be a fundamental part to obtain information about the attackers’ behaviours and the attack process by analysing known attacks. This will help plan and take defence actions by actively interacting with the attackers and predicting their actions using a probabilistic approach. This paper proposes a framework that provides a theoretical understanding to plan and integrate deception systematically and strategically. We also present probabilistic modelling to predict attack actions by formalising a real case of attacks captured on simulated Internet of Things devices as an Markov Decision Process (MDP) and verifying related properties using Probabilistic Symbolic Model Checker (PRISM). MDP’s properties verification results reveal that the associated cost for defence actions can be decreased by successfully predicting attackers’ probable actions. Moreover, we identify several quantification metrics (e.g. cost, reward, trust, incentive and penalty) to evaluate the performance of actions performed by attackers and defenders.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.