Semi-Markov Models in Cybersecurity: Duration-Aware Risk, Resilience, and Efficiency Analysis

Nani Salia

doi:10.52340/gbsab.2025.56.06

Semi-Markov Models in Cybersecurity: Duration-Aware Risk, Resilience, and Efficiency Analysis

Authors

Nani Salia Georgian Technical University

DOI:

https://doi.org/10.52340/gbsab.2025.56.06

Keywords:

semi-Markov process, cybersecurity analytics, dwell time, resilience, efficiency, hazard modeling, semi-Markov decision process, renewal reward, transient analysis

Abstract

Semi-Markov models (SMMs) relax the memoryless assumption of classical continuous-time Markov chains by allowing general sojourn-time distributions. In cybersecurity, where dwell time, lateral-movement duration, and remediation windows are rarely exponential, SMMs provide a natural representation of duration dependence and heterogeneous timing. We develop an SMM framework for (i) threat-state inference (compromise lifecycle), (ii) resilience and efficiency metrics (MTTD, MTTR, availability, cost per protected hour), and (iii) policy optimization (semi-Markov decision processes for patching, scanning, and containment). Methodologically, we leverage a modified supplementary-variables technique (SVT) that avoids Kolmogorov partial differential equations, improving tractability for transient analysis. We specify estimation pipelines (parametric, semi-parametric, and non-parametric), incorporate covariates (assets, controls, attacker class) via duration-dependent hazards and frailty, and derive renewal-reward expressions for long-run risk and cost. The result is a reproducible approach that strengthens cyber risk forecasting, reduces uncertainty in investment decisions, and quantifies efficiency frontiers for security operations — particularly relevant for small and mid-size enterprises and for emerging digital economies such as Georgia.

Downloads

Download data is not yet available.

References

Abate, Joseph, Gagan L. Choudhury, and Ward Whitt. 1994. “Waiting-Time Tail Probabilities in Queues with Long-Tail Service-Time Distributions.” Queueing Systems 16 (3–4): 311–338. https://doi.org/10.1007/BF01158947.

Artalejo, Jesus R., and Antonio Gómez-Corral. 2008. Retrial Queueing Systems: A Computational Approach. New York: Springer.

Barbu, Vlad Stefan, and Nikolaos Limnios. 2008. Semi-Markov Chains and Hidden Semi-Markov Models Toward Applications: Their Use in Reliability and DNA Analysis. New York: Springer. https://doi.org/10.1007/978-0-387-73173-5.

Barbu, Vlad Stefan, Jan Bulla, and Nikolaos Limnios. 2012. “Discrete-Time Semi-Markov Models for Reliability and Survival Analysis.” Journal of Statistical Planning and Inference 142 (5): 1230–1241. https://doi.org/10.1016/j.jspi.2011.11.012.

Béres, Ferenc, Imre Péntek, and Gábor Horváth. 2020. “Semi-Markov Decision Processes for Cybersecurity Incident Management.” Computers & Security 94: 101819. https://doi.org/10.1016/j.cose.2020.101819.

Bulla, Jan, and Ines Bulla. 2006. “Stylized Facts of Financial Time Series and Hidden Semi-Markov Models.” Computational Statistics & Data Analysis 51 (4): 2192–2209. https://doi.org/10.1016/j.csda.2006.07.020.

Cárdenas, Alvaro A., Saurabh Amin, and Shankar Sastry. 2008. “Research Challenges for the Security of Control Systems.” In Proceedings of the 3rd Conference on Hot Topics in Security (HotSec ’08). Berkeley, CA: USENIX Association.

Colbourn, Charles J., and Jeffrey H. Dinitz, eds. 2006. Handbook of Combinatorial Designs. 2nd ed. Boca Raton, FL: Chapman & Hall/CRC.

Dandekar, Anil, and Jay Patel. 2021. “Modeling Dwell Time Distributions in Cybersecurity Incident Detection Using Semi-Markov Processes.” IEEE Transactions on Information Forensics and Security 16: 2150–2163. https://doi.org/10.1109/TIFS.2021.3054509.

Filar, Jerzy A., and Koos Vrieze. 1997. Competitive Markov Decision Processes. New York: Springer.

Ghosh, Souvik, Wei Liu, and Chen Zhang. 2022. “Cyber Resilience Assessment Using Stochastic Models: A Semi-Markov Decision Framework.” Reliability Engineering & System Safety 221: 108322. https://doi.org/10.1016/j.ress.2022.108322.

Howard, Ronald A. 1971. Dynamic Probabilistic Systems: Volume II—Markov Models. New York: Wiley.

Iyer, Ravishankar K., and Kishor S. Trivedi. 1989. “Stochastic Models for Computer System Reliability and Performance.” In Real-Time Systems and Applications, edited by S. A. Smolka, 107–138. Berlin: Springer.

Kemeny, John G., and J. Laurie Snell. 1976. Finite Markov Chains. 2nd ed. New York: Springer-Verlag.

Kikalishvili, Levan, and Maia Kharadze. 2024. “A Modified Supplementary Variable Technique for Transient Analysis of Semi-Markov Models.” Proceedings of the Georgian Academy of Sciences, Series A: Mathematical and Physical Sciences 52 (2): 45–61. (in press).

Limnios, Nikolaos, and Gheorghe Oprisan. 2001. Semi-Markov Processes and Reliability. Boston: Birkhäuser. https://doi.org/10.1007/978-1-4612-0163-1.

Lye, Kian-Wah, and Jeannette M. Wing. 2005. “Game Strategies in Network Security.” International Journal of Information Security 4 (1–2): 71–86. https://doi.org/10.1007/s10207-004-0043-y.

Medina, Rodrigo, Antonio Jiménez, and Julio Pastor. 2020. “Modeling Cyber-Attack Propagation with Semi-Markov Processes.” Computers & Security 96: 101901. https://doi.org/10.1016/j.cose.2020.101901.

Miller, Rupert G. 2011. Survival Analysis. 2nd ed. Hoboken, NJ: Wiley.

Rausand, Marvin, and Arnljot Høyland. 2004. System Reliability Theory: Models, Statistical Methods, and Applications. 2nd ed. Hoboken, NJ: Wiley-Interscience.

Ross, Sheldon M. 2014. Introduction to Probability Models. 11th ed. San Diego: Academic Press.

Rubino, Gérard, and Bruno Tuffin, eds. 2009. Rare Event Simulation Using Monte Carlo Methods. Chichester: Wiley.

Shiryaev, Albert N. 1996. Probability. 2nd ed. New York: Springer.

Stefanov, Vesselin T. 2019. Semi-Markov Processes and Applications to Stochastic Systems: Performance and Reliability. Cham: Springer. https://doi.org/10.1007/978-3-030-17817-3.

Trivedi, Kishor S., and Andrea Bobbio. 2017. Reliability and Availability Engineering: Modeling, Analysis, and Applications. Cambridge: Cambridge University Press.

Vasicek, Oldrich. 1977. “An Equilibrium Characterization of the Term Structure.” Journal of Financial Economics 5 (2): 177–188.

Wooldridge, Jeffrey M. 2010. Econometric Analysis of Cross Section and Panel Data. 2nd ed. Cambridge, MA: MIT Press.

Zhang, Chen, Jie Chen, and Ness Shroff. 2021. “Semi-Markov Models for Adaptive Cyber Defense with Non-Exponential Intrusion Durations.” ACM Transactions on Privacy and Security 24 (3): 1–28. https://doi.org/10.1145/3432345.

Zio, Enrico. 2016. “Reliability Engineering: Old Problems and New Challenges.” Reliability Engineering & System Safety 152: 1–10. https://doi.org/10.1016/j.ress.2016.02.009.