The fantastic growth in cybersecurity attack frequency and sophistication over the years advances the development of Moving Target Defense (MTD) technology. Migration-based dynamic platform technique (DPT), one of MTD techniques, is expected to significantly improve cyberspace security by migrating service across multiple platforms according to the predefined policy. However, the existing random migration policies cause unnecessary cost when the service platform is not under attack, which indicates the necessity of combining DPT with traditional detection-based defense mechanism to make migration decision. In this paper, we propose a Continuous-Time Markov Decision Process (CTMDP)-based dynamic platform defense model against multi-stage attacks, which can determine the optimal service migration timing based on the system reward. To maximize the expected total discounted reward of the system, we utilize the value iteration algorithm to determine the optimal policy which defines what action to be taken in a specific state. Experiments are carried out to demonstrate that our CTMDP-based dynamic platform defense model obtains higher expected total discounted reward than using random migration policies. We also investigate the effects of platform numbers and discount factors on the system reward.

多年来，网络安全攻击频率和复杂性的惊人增长推动了移动目标防御（MTD）技术的发展。基于迁移的动态平台技术（DPT）是MTD的一种技术，有望通过根据预定义的策略跨多个平台迁移服务来显着提高网络空间安全性。然而，现有的随机迁移策略在服务平台不受攻击时会带来不必要的成本，这表明有必要将DPT与传统的基于检测的防御机制相结合来进行迁移决策。本文提出了一种基于连续时间马尔可夫决策过程（CTMDP）的多阶段攻击动态平台防御模型，可以基于系统奖励确定最佳的服务迁移时机。为了使系统的预期总折价报酬最大化，我们利用价值迭代算法来确定最优策略，该最优策略定义了在特定状态下应采取的措施。实验表明，与使用随机迁移策略相比，基于CTMDP的动态平台防御模型可以获得更高的预期总折价报酬。我们还研究了平台数量和折扣因素对系统奖励的影响。