An Optimization-based Methodology for Maximization of Network Survivability against Intelligent Attacks

• Main Authors: Po-Hao (Joseph) Tsang, 臧柏皓
• Other Authors: 林永松
• Format: Others
• Language: en_US
• Published: 2011
• Online Access: http://ndltd.ncl.edu.tw/handle/30094081716751225601

博士 === 國立臺灣大學 === 資訊管理學研究所 === 99 === Since the 9/11 terrorist attacks in the United States, the focus on security has become increasingly global, especially the effective and efficient protection of critical information infrastructures that are crucial to society. From a business perspective and context, information security has expanded to embrace risk management and evolved into a new concept called survivability, which focuses on ensuring the availability of information and the continuity of services. To enhance survivability, a defender (network operator) must invest a fixed amount of resources and distribute it among different defensive measures appropriately. The defender’s strategy should consider that an attacker will constantly adjust his strategy to achieve his goals. In this dissertation, we focus on the crucial research domain that enables defenders to gain a global understanding of how to derive adequate resource allocation strategies against intelligent attackers in the context of network survivability. We also analyze three key characteristics of resource allocation (core node(s), attack action dependency, and defensive investment effectiveness) that defenders should consider when designing their defense strategies. Based on these characteristics, we create an integrated framework, which provides a comprehensive macro view of decision-making for defenders to categorize network survivability problems. We express attack-defense problems in terms of mathematical formulations, solution approaches, and the experimental performance of the approaches. To solve these complicated optimization-based problems, we apply the Lagrangean Relaxation (LR) method as our main solution approach. In addition, we propose several optimization-based techniques and heuristics to address different categories of network survivability problems. The contributions of this dissertation are as follows: a systematic process is adopted to conduct a survey of the literature on network survivability; an integrated framework of network survivability problems is proposed to help defenders design defense resource allocation strategies; a generic optimization model is developed to describe the common assumptions, concepts, and structures in the mathematical formulations; and suitable mathematical formulations are presented to model complex real-world network survivability problems clearly. In addition; based on the LR approach with related Lagrangean multipliers, we have developed several heuristics to solve the optimization problems. The related experiments identify the parameters, variables, issues, and characteristics that should be considered when designing a defense strategy, and also provide engineering guidelines or references for defenders.