A Markov Model of Non-Mutually Exclusive Cyber Threats and its Applications for Selecting an Optimal Set of Information Security Remedies

In this work, we study a Markov model of cyber threats that act on a computer system. Within the framework of the model the computer system is considered as a system with failures and recoveries by analogy with models of reliability theory. To estimate functionally-temporal properties of the system we introduce a parameter called the lifetime of the system and defined as the number of transitions of the corresponding Markov chain until the first hit to the final state. Since this random variable plays an important role at evaluating a security level of the computer system, we investigate in detail its random distribution for the case of mutually exclusive cyber threats; in particular, we derive explicit analytical formulae for numerical characteristics of its distribution: expected value and dispersion. Then we generalize substantially the Markov model dropping the assumption that cyber threats acting on the system are mutually exclusive. This modification leads to an extended Markov chain that has (at least qualitatively) the same structure as the original chain. This fact allowed to generalize the above analytical results for the expected value and dispersion of the lifetime to the case of non-mutually exclusive cyber threats. At the end of the work the Markov model for non-mutually exclusive cyber threats is used to state a problem of finding an optimal configuration of security remedies in a given cyber threat space. It is essential that the formulated optimization problems belong to the class of non-linear discrete (Boolean) programming problems. Finally, we consider an example that illustrate the solution of the problem on selecting the optimal set of security remedies for a computer system.

1. N. Ye, Y. Zhang, and B. C.M., “Robustness of the Markov-chain model for cyber-attack detection”, IEEE Transactions on Reliability, vol. 53, no. 1, pp. 116–123, 2004.

2. S. Jha, K. Tan, and R. Maxion, “Markov Chains, Classifiers, and Intrusion Detection.”, in Proc. IEEE Computer Security Foundations Workshops, vol. 1, 2001, pp. 206–219.

3. A. Ahmadian Ramaki, A. Rasoolzadegan, and A. Javan Jafari, “A systematic review on intrusion detection based on the Hidden Markov Model”, Statistical Analysis and Data Mining: The ASA Data Science Journal, vol. 11, no. 3, pp. 111–134, 2018.

4. P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fern ´ andez, and E. V ´ azquez, “Anomaly-based network ´ intrusion detection: Techniques, systems and challenges”, Computers and Security, vol. 28, no. 1-2, pp. 18–28, 2009.

5. L. Billings, W. Spears, and I. Schwartz, “A unified prediction of computer virus spread in connected networks”, Physics Letters A, vol. 297, no. 3-4, pp. 261–266, 2002.

6. A. Boyko, “Sposob analiticheskogo modelirovaniya protsessa rasprostraneniya virusov v komp’yuternykh setyakh razlichnoy struktury”, Trudy SPIIRAN, vol. 5, no. 42, pp. 196–211, 2015.

7. Y. Dalinger, D. Babanin, and B. S.M., “Matematicheskie modeli rasprostraneniya virusov v komp’yuternykh setyakh razlichnoy struktury”, Informatika i sistemy upravleniya, no. 4, pp. 25–33, 2012.

8. A. Del Rey, “Mathematical modeling of the propagation of malware: a review”, Security and Communication Networks, vol. 8, no. 15, pp. 2561–2579, 2015.

9. M. Yang, R. Jiang, T. Gao, W. Xie, and J. Wang, “Research on Cloud Computing Security Risk Assessment Based on Information Entropy and Markov Chain.”, I. J. Network Security, vol. 20, no. 4, p. 664–673, 2018.

10. C. Xiaolin, T. Xiaobin, Z. Yong, and X. Hongsheng, “A Markov game theory-based risk assessment model for network information system”, in International Conference on Computer Science and Software Engineering, China, IEEE, vol. 3, 2008, pp. 1057–1061.

11. H. Orojloo and M. Azgomi, “A method for modeling and evaluation of the security of cyber-physical systems”, in 11th International ISC Conference on Information Security and Cryptology, Iran, IEEE, 2014, pp. 131–136.

12. J. Almasizadeh and M. Azgomi, “A stochastic model of attack process for the evaluation of security metrics”, Computer Networks, vol. 57, no. 10, pp. 2159–2180, 2013.

13. K. Shcheglov and A. Shcheglov, “Markovskie modeli ugrozy bezopasnosti informatsionnoy sistemy”, Izvestiya vysshikh uchebnykh zavedeniy. Priborostroenie, vol. 58, no. 12, pp. 957–965, 2015.

14. A. Rosenko, “Matematicheskoe modelirovanie vliyaniya vnutrennikh ugroz na bezopasnost’ konfidentsial’noy informatsii, tsirkuliruyushchey v avtomatizirovannoy informatsionnoy sisteme”, Izvestiya Yuzhnogo federal’nogo universiteta. Tekhnicheskie nauki, vol. 85, no. 8, pp. 71–81, 2008.

15. A. Magazev and V. Tsyrulnik, “Investigation of a Markov Model for Computer System Security ‘reats”, Automatic Control and Computer Sciences, vol. 52, no. 7, pp. 615–624, 2018.

16. A. Magazev and V. Tsyrulnik, “Optimizing the selection of information security remedies in terms of a Markov security model”, in Journal of Physics: Conference Series, vol. 1096, 2018, p. 012 160.

17. D. Shirtz and Y. Elovici, “Optimizing investment decisions in selecting information security remedies”, Information Management and Computer Security, vol. 19, no. 2, pp. 95–112, 2011.

18. P. A.P., Y. Brychkov, and M. O.I., Integrals and series: Elementary functions. Gordon&Breach Sci. Publ., New York, 1986, vol. 1.

19. W. Feller, An introduction to probability theory and its applications. John Wiley & Sons Inc, 1968, vol. 1, 528 pp.

20. A. e. a. Ovchinnikov, “Matematicheskaya model’ optimal’nogo vybora sredstv zashchity ot ugroz bezopasnosti vychislitel’noy seti predpriyatiya”, Vestnik Moskovskogo gosudarstvennogo tekhnicheskogo universiteta im. N. E. Baumana. Ser. “Priborostroenie”, no. 3, pp. 115–121, 2007.

21. M. Kovalev, Diskretnaya optimizatsiya (tselochislennoe programmirovanie), 2-e izd., stereotipnoe. Editorial URSS, 2003, 192 pp.

22. Beshelev, S.D., and F. Gurvich, Matematiko-statisticheskie metody ekspertnykh otsenok. 1980, 263 pp.