A MOVING TARGET DEFENSE SCHEME WITH OVERHEAD OPTIMIZATION USING PARTIALLY OBSERVABLE MARKOV DECISION PROCESSES WITH ABSORBING STATES

Moving target defense (MTD) is a promising strategy for gaining advantage over cyber attackers, but these dynamic reconfigurations can impose significant overhead. We propose implementing MTD within an optimization framework so that we seize defensive advantage while minimizing overhead. This dissertation presents an MTD scheme that leverages partially observable Markov decision processes (POMDP) with absorbing states to select the optimal defense based on partial observations of the cyber attack phase. In this way, overhead is minimized as reconfigurations are triggered only when the potential benefit outweighs the cost. We formulate and implement a POMDP within a system with Monte-Carlo planning-based decision making configured to reflect defender-defined priorities for the cost-benefit tradeoff. The proposed system also includes a performance -monitoring scheme for continuous validation of the model, critical given attackers' ever-changing techniques. We present simulation results that confirm the system fulfills the design goals, thwarting 99% of inbound attacks while sustaining system availability at greater than 94% even as probability of attack phase detection dropped to 0.74. A comparable system that triggered MTD techniques pseudorandomly maintained just 43% availability when providing equivalent attack suppression, which illustrates the utility of our proposed scheme.Lieutenant Commander, United States NavyApproved for public release. distribution is unlimite

Traffic pattern detection using the Hough transformation for anomaly detection to improve maritime domain awareness

Techniques for anomaly detection in the maritime domain by extracting traffic patterns from ship position data to generate atlases of expected ocean travel are developed in this thesis. An archive of historical data is used to develop a traffic density grid. The Hough transformation is used to extract linear patterns of elevated density from the traffic density grid, which can be considered the highways of the oceans. These highways collectively create an atlas that is used to define geographical regions of expected ship locations. Ship position reports are compared to the atlas of highways to flag as anomalous any ship that is not operating on an expected highway. The atlas generation techniques are demonstrated using automated information system (AIS) ship position data to detect highways in both open-ocean and coastal areas. Additionally, the atlas generation techniques are used to explore variability in ship traffic as a result of extreme weather and seasonal variation. Finally, anomaly detection is demonstrated by comparing AIS data from 2013 to the highways detected in the archive of data from 2012. The development of an automatic atlas generation technique that can be used to develop a definition of normal maritime behavior is the significant result of this thesis.http://archive.org/details/trafficpatternde1094538977Outstanding ThesisLieutenant, United States NavyApproved for public release; distribution is unlimited