Cyber defense in breadth: Modeling and analysis of integrated defense systems

Cybersecurity is one of most critical concerns for any organization, as frequency and severity of cyber attacks constantly increase, resulting in loss of vital assets and/or services. To preserve key security goals such as confidentiality, integrity, and availability, a variety of defense techniques have been introduced. While intrusion detection system (IDS) has played a key role in cybersecurity for a long time, recently new proactive defense techniques, called intrusion prevention techniques, have emerged, aiming to resolve the known IDS limitations. The intrusion prevention techniques have been introduced to control actions of attackers as a proactive defense that can be deployed independently or combined with other defense techniques that have the purpose of achieving “Defense in Breadth.” In this work, we develop a probability model using Stochastic Petri Nets that describes an integrated defense system with the defense techniques of both intrusion detection (i.e., IDS) and intrusion prevention (i.e., honeypots and platform migration) and analyze its performance compared to single defense or partially integrated defense approaches. Our result shows that the integrated defense system outperforms the compared approaches by minimizing attack success while maximizing system lifetime (i.e., mean time to security failure). Further, we investigate the effect of the interplay between different defense techniques in terms of the defense cost and attack cost.