Premium
Cyber vulnerability maintenance policies that address the incomplete nature of inspection
Author(s) -
Liu Enhao,
Allen Theodore T.,
Roychowdhury Sayak
Publication year - 2019
Publication title -
applied stochastic models in business and industry
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.413
H-Index - 40
eISSN - 1526-4025
pISSN - 1524-1904
DOI - 10.1002/asmb.2487
Subject(s) - markov decision process , computer science , partially observable markov decision process , vulnerability (computing) , computer security , scheduling (production processes) , risk analysis (engineering) , operations research , markov process , business , markov chain , operations management , markov model , economics , engineering , statistics , mathematics , machine learning
In cybersecurity, incomplete inspection, resulting mainly from computers being turned off during the scan, leads to a challenge for scheduling maintenance actions. This article proposes the application of partially observable decision processes to derive cost‐effective cyber maintenance actions that minimize total costs. We consider several types of hosts having vulnerabilities at various levels of severity. The maintenance cost structure in our proposed model consists of the direct costs of maintenance actions in addition to potential incident costs associated with different security states. To assess the benefits of optimal policies obtained from partially observable Markov decision processes, we use real‐world data from a major university. Compared with alternative policies using simulations, the optimal control policies can significantly reduce expected maintenance expenditures per host and relatively quickly mitigate the most important vulnerabilities.