(1) Field
The disclosed methods and systems relate generally to control systems, and more particularly to control systems using a partially-observable Markov decision process (PO-MDP).
(2) Description of Relevant Art
An increasing reliance on information systems within often critical military and civilian operations, coupled with a proliferation of malicious intrusive electronic activity, provides motivation for continued improvements in computer and other microprocessor-controlled device security. Malicious intrusions can be described and understood at different levels that can include information system impact (e.g., denial of service, theft of service, etc.), and attacker objectives (e.g., defacing a government web server in order to make a political statement). Often, an intelligent attacker can automate successive intrusion attempts, perhaps even mutating certain properties before different attempts to evade or bypass static security mechanisms.
Survivability can be understood as a capability of an information system to dynamically preserve its essential functionality and computational performance in the presence of security intrusions. When considering the dynamic and uncertain nature of security failures due to malicious intrusions, a survivability objective can thus include offline techniques employed during design, which can be supplemented by online techniques employed during operation. Proven design paradigms for fault-tolerant and safety-critical systems also suggest survivability can be achieved through a sequence of system partitioning, subsystem design, and system-wide integration. For example, improved survivability of a single computer within a networked information system can provide a first level of defense to allow upper-level components of a multi-layer security architecture react with more coordinated diagnosis and counter-attack strategies to improve global security.