Optimizing Cyber Security by Implementing Markov Decision Processes
MetadataShow full item record
Series/Report no.:2016 Richard J. and Martha D. Denman Undergraduate Research Forum. 21st
The amount of sensitive data within organizations continues to grow exponentially. This data is being shared between billions of hosts on laptops, smartphones, tablets, control systems, and much more. Cyber criminals are aware of these potential vulnerabilities and are driven by a wide range of motives from financial gain to terrorism. Organizations such as Target and Home Depot have experienced the effects of cyber-attacks. In late 2013, Target fell victim to a massive security breach in which hackers accessed the personal information of as many as 110 million customers. The associated costs with the hacking added up to 148 million dollars. In March of 2014, Home Depot was unknowingly attacked by cyberthieves for five months, which resulted in up to 60 million of their customer credit card numbers being stolen. It has become increasingly difficult to determine which cyber security vulnerabilities to monitor, patch, or disregard. Robust Markov Decision Processes have been developed with the highest severity level within a host as a means to measure the associated risk. Although these methods to tackle cyber security threats could be effective, they are not being implemented within organizations because they are complicated and lack user centered design. The purpose of this research is to evaluate alternative methods to model severity states and develop an applicable policy scalable to organizations. We are currently exploring the use of demerit weighting by analyzing 15 months of Nessus scan data as a method of modeling severity states and implementing naive Markov Decision Processes. Preliminary results have shown demerit weighting is a viable method in measuring the overall severity state of the host. As we continue to explore this data, we intend to form an easily understood decision making policy that can be adopted by organizations and save them millions of dollars in cyber security maintenance.
Engineering (The Ohio State University Denman Undergraduate Research Forum)
Academic Major: Industrial and Systems Engineering
Items in Knowledge Bank are protected by copyright, with all rights reserved, unless otherwise indicated.