Quantitative analysis of the mission impact for host-level cyber defensive mitigations

Network devices and user accounts often provide an initial entry point for attackers who wish to gain a foothold on a network, pivot to other hosts, and ultimately disrupt an organizational mission and/or steal valuable network resources. Several host-level cyber defensive measures have been proposed to mitigate this threat. Although these mitigations are intuitively appealing from a security perspective, there is a lack of quantitative analysis addressing their effectiveness with respect to the network as a whole and the mission that the network supports. Testing these mitigations in an operational setting is prohibitively expensive, and thus modeling and simulation approaches are sought, due to their relative low cost. Our goal is to investigate the network-scale effects of various host-level defensive mitigations both from the standpoint of cyber security and mission impact. Our approach utilizes a hierarchical framework to model a complex cyber system at multiple, appropriate scales. Experiments serve to provide quantitative assessment of host-level mitigations from a complete network system perspective.