Risk-averse bi-level stochastic network interdiction model for cyber-security risk management
<p>This research presents a bi-level stochastic network interdiction model on an attack graph to enable a risk-averse resource constrained cyber network defender to optimally deploy security countermeasures to protect against attackers having an uncertain budget. This risk-averse conditional-v...
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | en |
| Published: |
MSSTATE
2018
|
| Subjects: | |
| Online Access: | http://sun.library.msstate.edu/ETD-db/theses/available/etd-06192018-192319/ |
| Summary: | <p>This research presents a bi-level stochastic network interdiction model on an attack
graph to enable a risk-averse resource constrained cyber network defender to optimally
deploy security countermeasures to protect against attackers having an uncertain budget.
This risk-averse conditional-value-at-risk model minimizes a weighted sum of the expected
maximum loss over all scenarios and the expected maximum loss from the most damaging attack scenarios. We develop an exact algorithm to solve our model as well as several
acceleration techniques to improve the computational efficiency. Computational experiments demonstrate that the application of all the acceleration techniques reduces the average computation time of the basic algorithm by 71% for 100-node graphs. Using metrics
called mean-risk value of stochastic solution and value of risk-aversion, numerical results
suggest that our stochastic risk-averse model significantly outperforms deterministic and
risk-neutral models when 1) the distribution of attacker budget is heavy-right-tailed and 2)
the defender is highly risk-averse.</p> |
|---|