Data-Driven Cyber-Vulnerability Maintenance Policies
- Autores: Anthony Afful-Dadzie, Theodore T. Allen
- Localización: Journal of quality technology: A quarterly journal of methods applications and related topics, ISSN 0022-4065, Vol. 46, Nº. 3, 2014, págs. 234-250
- Idioma: inglés
- Enlaces
-
Resumen
The frequencies of cyber-attacks and known cyber vulnerabilities continue to increase and there is a need for models to focus limited administrator attention and build cases for additional resources. A related challenge is the scarcity of available data partly because of security concerns. This article proposes a method based on Markov decision processes (MDP) for the generation and graphical evaluation of relevant maintenance policies for cases with limited data availability. The proposed method also provides an estimate of the cost benefit of collecting additional data. Both Bayesian and non-Bayesian formulations of the transition probabilities and cost models are considered. The authors apply the proposed method to a real world cyber-vulnerability dataset and generate specific guidance and cost predictions. The relevance of the proposed method to general MDP modeling is illustrated through the use of a numerical example involving three levels of data scarcity.
