Control-theoretic approaches to cyber-security

Abstract

In this chapter, we discuss the control-theoretic approach to cyber-security. Under the control-theoretic approach, the defender prescribes defense actions in response to security alert information that is generated as the attacker progresses through the network. This feedback information is inherently noisy, resulting in the defender being uncertain of the underlying status of the network. Two complementary approaches for handling the defender’s uncertainty are discussed. First, we consider the probabilistic case where the defender’s uncertainty can be quantified by probability distributions. In this setting, the defender aims to specify defense actions that minimize the expected loss. Second, we study the nondeterministic case where the defender is unable to reason about the relative likelihood of events. The appropriate performance criterion in this setting is minimization of the worst-case damage (minmax). The probabilistic approach gives rise to efficient computational procedures (namely sampling-based approaches) for finding an optimal defense policy, but requires modeling assumptions that may be difficult to justify in real-world cyber-security settings. On the other hand, the nondeterministic approach reduces the modeling burden but results in a significantly harder computational problem.