A stochastic model of active cyber defense dynamics

Abstract

The concept of active cyber defense has appeared in the literature in recent years. However, there are no mathematical models for characterizing the effectiveness of active cyber defense. In this paper, we fill the void by proposing a novel Markov process model that is native to the interaction between cyber attack and active cyber defense. Unfortunately, the native Markov process model cannot be tackled by techniques of which we are aware. We therefore simplify, via mean-field approximation, the Markov process model as a dynamical system model that is amenable to analysis. This allows us to derive a set of valuable analytic results that characterize the effectiveness of four types of active cyber defense dynamics. Simulations show that the analytic results are intrinsic to the native Markov process model, and therefore justify the validity of the dynamical system model. We also discuss side effects of the mean-field approximation and their implications.