research-article

Applying POMDP to moving target optimization

Authors:

Richard R. BrooksAuthors Info & Claims

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

Article No.: 49, Pages 1 - 4

https://doi.org/10.1145/2459976.2460032

Published: 08 January 2013 Publication History

Abstract

Diversity maintains security by making the computing environment less standard and less predictable. Recent studies show that many randomization techniques, e.g. address space layout randomization (ASLR) significantly enhance system security simply through reducing the number of return to libc exploits [14]. However, "diversity" may incur significant overhead on the computing platforms. We study the problem of implementing diversity to trade off security performance with diversity implementation costs. We address this problem by formulating it as a partially observable Markov decision process (POMDP). An optimal solution considering a fixed amount of history can be obtained by transforming the POMDP optimization problem into a nonlinear programming (NLP) problem. Simulation results for a set of benchmark problems illustrate the effectiveness of the proposed method.

Supplementary Material

a49-yu.pdf (a49-yu_supp.pdf)

Supplemental file.

Download
457.04 KB

References

[1]

C. Amato, D. S. Bernstein, and S. Zilberstein. Optimizing fixed-size stochastic controllers for pomdps and decentralized pomdps. Auton Agent Multi-Agent Syst, 21:293âĂŞ320, 2010.

Digital Library

[2]

A. R. Cassandra. Tony's pomdp file repository page. http://www.cassandra.org/pomdp/examples/index.shtml, (Last Accessed: 09/2012).

[3]

E. Florio. From bootroot to trojan. mebroot: A rootkit in your mbr. http:www.symatec.com/connect/blogs/bootroot-trojanmerbroot-rootkit-your-mbr, (Last Accessed: 05/2012).

[4]

S. Forrest, A. Somaya, and D. H. Ackley. Building diverse computer systems. 6th Workshop on Hot Topics in Operating Systems, pages 67--73, May 2006.

Digital Library

[5]

C. Giuffrida and A. Kuijsten. Enhanced operating system security through efficient and fine-grained address space randomization. In Proceedings of the USENIX Security'12, August 2012.

Digital Library

[6]

Y. Huang, D. Evans, J. Katz, and L. Malka. Faster two-party computation using garbled circuits. In Usenix Security 2011, 2011.

Digital Library

[7]

J. Pineau, J. Gordon, and S. Thrun. Point-based value iteration: An anytime algorithm for pomdps. In Proceedings of the eighteenth international joint conference on artificial intelligence, pages 1025--1032, Acapulco, Mexico, 2003.

Digital Library

[8]

B. Pinkas, T. Schneider, N. P. Smart, and S. C. Williams. Secure two-party computation is practical. In Advances in Cryptology âĂŞ AsiaCrypt 2009, volume 5912/2009, pages 250--267. LNCS, 2009.

Digital Library

[9]

P. Poupart. Exploiting structure to efficiently solve large scale partially observable markov decision processes. Ph. D. Dissertation, 2005.

Digital Library

[10]

B. RAtchev, G. B. M. Hutton, and B. van Antwerpen. Verifying the correctness of fpga logic synthesis algorithms. In Proceedings of the 2003 ACM/SIGADA, pages 84--89. 11th International Symposium on Field Programmable Gate Arrays, 2003.

Digital Library

[11]

T. Smith and R. Simmons. Heuristic search value iteration for pomdps. In Proceedings of the twentieth conference on uncertainty in artificial intelligence, pages 520--527, Banff, Canada, 2004.

Digital Library

[12]

T. Smith and R. Simmons. Point-based pomdp algorithms: Improved analysis and implementation. In Proceedings of the twenty-first conference on uncertainty in artificial intelligence., Edinburgh, Scotland., 2005.

[13]

M. Spaan and N. Vlassis. Perseus: randomized point-based value iteration for pomdps. Journal of Artificial Intelligence Research, 24:195âĂŞ220, 2005.

[14]

P. Szor. The Art of Computer Virus Research and Defense. Addison-Wesley Professional, Upper Saddle River, NJ, 2005.

Digital Library

[15]

Z. Wang, X. Jiang, W. Cui, and X. Wang. Countering persistent kernel rootkits through systematic hook discovery. In Recent Advances in Intrusion Detection, pages 21--38. LNCS, Septermber 2008.

Digital Library

[16]

H. Yu. Approximate solution methods for partially observable markov and semi-markov decision processes. Ph. D. Dissertation, 2004.

Digital Library

Cited By

Yu LBrooks R(2018)Stochastic Tools for Network Intrusion DetectionProceedings of International Symposium on Sensor Networks, Systems and Security10.1007/978-3-319-75683-7_15(197-205)Online publication date: 24-May-2018
https://doi.org/10.1007/978-3-319-75683-7_15
Miehling ERasouli MTeneketzis DCybenko GHuang D(2015)Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack GraphsProceedings of the Second ACM Workshop on Moving Target Defense10.1145/2808475.2808482(67-76)Online publication date: 12-Oct-2015
https://dl.acm.org/doi/10.1145/2808475.2808482

Index Terms

Applying POMDP to moving target optimization

Recommendations

Potential-based reward shaping for finite horizon online POMDP planning

In this paper, we address the problem of suboptimal behavior during online partially observable Markov decision process (POMDP) planning caused by time constraints on planning. Taking inspiration from the related field of reinforcement learning (RL), ...
A POMDP Formulation of Multistep Failure Model with Software Rejuvenation
WOSAR '11: Proceedings of the 2011 IEEE Third International Workshop on Software Aging and Rejuvenation

This paper derives a POMDP (partially observable Markov decision process) formulation for a software rejuvenation model. The POMDP is a generalized framework of MDP that handles the unobserved information. The POMDP gives qualitative insights for the ...
Point-based online value iteration algorithm in large POMDP

Partially observable Markov decision process (POMDP) is an ideal framework for sequential decision-making under uncertainty in stochastic domains. However, it is notoriously computationally intractable to solving POMDP in real-time system. In order to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

January 2013

282 pages

ISBN:9781450316873

DOI:10.1145/2459976

Editors:
Frederick Sheldon
Oak Ridge National Laboratory
,
Annarita Giani
Los Alamos National Laboratory
,
Axel Krings
University of Idaho
,
Robert Abercrombie
Oak Ridge National Laboratory

Copyright © 2013 Authors.

Sponsors

Los Alamos National Labs: Los Alamos National Labs
Sandia National Labs: Sandia National Laboratories
DOE: Department of Energy
Oak Ridge National Laboratory
Lawrence Livermore National Lab.: Lawrence Livermore National Laboratory
BERKELEYLAB: Lawrence National Berkeley Laboratory
Argonne Natl Lab: Argonne National Lab
Idaho National Lab.: Idaho National Laboratory
Pacific Northwest National Laboratory
Nevada National Security Site: Nevada National Security Site

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 January 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

U.S. Department of State
Division of Computer and Network Systems
BMW Manufacturing Corporation
Office of Cyberinfrastructure
Air Force Office of Scientific Research

Conference

CSIIRW '13

Sponsor:

Los Alamos National Labs
Sandia National Labs
DOE
Lawrence Livermore National Lab.
BERKELEYLAB
Argonne Natl Lab
Idaho National Lab.
Nevada National Security Site

CSIIRW '13: Cyber Security and Information Intelligence

January 8 - 10, 2013

Tennessee, Oak Ridge, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
219
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yu LBrooks R(2018)Stochastic Tools for Network Intrusion DetectionProceedings of International Symposium on Sensor Networks, Systems and Security10.1007/978-3-319-75683-7_15(197-205)Online publication date: 24-May-2018
https://doi.org/10.1007/978-3-319-75683-7_15
Miehling ERasouli MTeneketzis DCybenko GHuang D(2015)Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack GraphsProceedings of the Second ACM Workshop on Moving Target Defense10.1145/2808475.2808482(67-76)Online publication date: 12-Oct-2015
https://dl.acm.org/doi/10.1145/2808475.2808482

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten