A Stochastic Control Approach to a Real-Time Computer
Security Problem
O. Patrick Kreidl
We address the problem of information system survivability, or
dynamically preserving intended functionality and computational
performance, in the face of malicious intrusive activity. A feedback
control approach is proposed that enables tradeoffs between the
failure cost of a compromised information system and the maintenance
cost of ongoing defensive countermeasures. Online implementation
features an inexpensive computation architecture consisting of a
sensor-driven recursive estimator followed by an estimate-driven
response selector. Offline design features a systematic empirical
procedure utilizing a suite of mathematical modeling and numerical
optimization tools. The engineering challenge is to generate domain
models and decision strategies offline via tractable methods while
achieving online effectiveness. We illustrate the approach with (i)
simulation results for a hypothetical computer security scenario and
(ii) experimentation results for a prototype autonomic defense system
that protects its host, a Linux-based web-server, against an automated
Internet worm attack. The overall approach applies to other types of
computer attacks, network-level security and other domains that could
benefit from automatic decision-making based on a sequence of sensor
measurements.