Considering Multi-objective Resource Allocation Strategies under Attack-Defense Roles and Collaborative Attacks 考慮攻防雙角色與協同攻擊情況下之多目標資源分配策略 Advisor: Frank,Yeong-Sung Lin Present by Ying-Ju Chen Presentation date: Dec. 20, 2011

Agenda Problem Description Mathematical Formulation 12/3/2018

Agenda Problem Description Mathematical Formulation 12/3/2018

Problem Description Two players Two roles Defender Attacker (Collaborative attack) Player 1 Player 2 12/3/2018

Two Roles – Attacker & Defender ‧Normal Attack ‧Retaliation Attack Defender Passive Defense ‧Proactive ‧Reactive Active Defense ‧Preventive Strike 12/3/2018

Role - Defender Defense Proactive Reactive Preventive Strike (PS) Uniformly distribute his defense resources to each node. Reactive Allocate reinforced resources to compromised node which has been repaired. Preventive Strike (PS) According to the flow of the attacker, i.e. the greater flow of the node would be allocated more resources. Cause damage to the counterpart’s network and indirectly influence his retaliation ability. 12/3/2018

Role - Defender Reallocation Repair The resources could be reallocated but the discount factor is also considered. Repair The compromised nodes could be repaired. The reward would be retrieved back from another player. 12/3/2018

Role - Defender Update information (Unknown vulnerabilities) Initially, the defender doesn’t know his system vulnerabilities. The nodes successfully compromised last round imply that these nodes have vulnerabilities. The defender can update his information about the unknown vulnerabilities on his nodes after the attacker’s attack. Once the node be repaired, it will be reinforced more defense resources in this round. (Reactive defense) 12/3/2018

Role - Attacker Attack Normal attack Retaliation attack Based on his local view about the vulnerabilities. Retaliation attack Once the node was preventively struck, he must revenge next round. Since the network would be harmed after being preventively struck, the discount factor is considered. 12/3/2018

Role - Attacker Reward Each node in players’ topologies has a reward. Once being successfully compromised, the reward would be gained by the attacker. Once being repaired next round, the reward would be retrieved by the defender. 12/3/2018

Role - Attacker Update information (Unknown vulnerabilities & Defender’s private information) Each attacker has partial information of the defender’s system, which is called a local view. Each attacker’s local view can grow after exploring in the beginning of each round. The explore cost of each attacker is different and is considered. Through the game, each attacker learns more about the defender’s vulnerabilities information and his private information. 12/3/2018

Update information (Both roles) Defender’s information Vulnerabilities All information about the defender’s topology Defender’s private information Attacker ’s knowledge (combined local view) Attacker 1 Attacker 1’s local view Collaborative attack Attacker 2 Attacker 2’s local view … … Attacker N Attacker N’s local view 12/3/2018

Role - Attacker Collaborative attack There’s always a leader in the collaborative attack in every round. Different leaders have different leaderships. Each attacker’s attack power over a node is different. Each attacker’s cooperative effect is different. The synergy of collaborative attack would be influenced by the cooperative effect of each attacker and the leadership of the leader in that round. In each round, each collaborative attacker’s attack power involved and the collaborative synergy will be reflected in contest success function. Collaborative synergy in round r = (∑ cooperative effect of each attacker ) x (The leader’s leadership) 12/3/2018

Problem Description The network survivability is measured by ADOD. The game has two players. Given Both players have incomplete information of each other. Player 1’s total budget. Player 2’s total budget. 12/3/2018

Problem Description – Players Objective Minimize the damage degree of their own networks (ADOD). Maximize the damage degree of the other player’s network (ADOD). Budget constraint deploying the defense budget on nodes of it’s topology repairing the compromised nodes reinforcing defense budget to compromised node which has been retrieved and repaired deploying the attack budget on nodes of the defender’ topology updating information 12/3/2018

Agenda Problem Description Mathematical Formulation 12/3/2018

Agenda Problem Description Mathematical Formulation 12/3/2018

Given Parameters Notation Description V Index set of nodes of both players’ topologies VA Index set of nodes of player 1’s topology VB Index set of nodes of player 2’s topology R Index set of rounds in the attack and defense actions VAr Index set of nodes of player 2’s combined local view on player 1’s topology in round r, where r ∈ R and VAr ⊆ VA VBr Index set of nodes of player 1’s combined local view on player 2’s topology in round r, where r ∈ R and VBr ⊆ VB EAr Index set of new explored nodes of player 2’s topology in round r, where r ∈ R and EAr ⊆ VA-VA-1 EBr Index set of new explored nodes of player 1’s topology in round r, where r ∈ R and EBr ⊆ VB-VB-1 KA Index set of collaborative attackers of player 1 KB Index set of collaborative attackers of player 2 12/3/2018

Given Parameters Notation Description gAr Player 1’s group of collaborative attackers in round r-1, where gAr ∈ KA and r ∈ R gBr Player 2’s group of collaborative attackers in round r-1, where gBr ∈ KB and r ∈ R wr The weight of the average DOD in round r, where r ∈ R Total budget of player 1 Total budget of player 2 tki Attacker k’s attack power (resources) when attacking on node i, where k ∈ and i ∈ Ck The cooperative effect of attacker k with other collaborative attackers, where k ∈ Lk The leadership of attacker k, which could be positive or negative, where k ∈

Given Parameters Notation Description The synergy of collaborative attack is as a function of the leader’s leadership and individual collaborative attacker’s cooperative effect, which could be positive or negative, when group of collaborative attackers gAr attack on node i in round r-1, where i ∈ VBr, and r ∈ R The synergy of collaborative attack is as a function of the leader’s leadership and individual collaborative attacker’s cooperative effect, which could be positive or negative, when group of collaborative attackers gBr attack on node i in round r-1, where i ∈ VAr, and r ∈ R θi Existing defense resource allocated on node i, where i ∈ V eri Repair cost of players when node i is dysfunctional in round r-1, where i ∈ V and r ∈ R dri The discount rate of the resources that players reallocate on node i in round r, where i ∈ V and r ∈ R fri The reinforcement rate above 1 represents the players reallocate more resources on the retrieved and repaired node i in round r, where i ∈ V and r ∈ R 12/3/2018

Given Parameters Notation Description lkri Explore cost of attacker k when information of node i is updated in round r, where k ∈ , i ∈ , and r ∈ R. The cost is greatly increasing if the node is not adjacent with combined local view. hkri The discount rate of the attack resources that attacker k allocates on node i in round r, which is gained from exploring, where k ∈ , i ∈ V, and r ∈ R ui The reward of compromising node i, where i ∈ V δri 1 if node i is compromised in round r-1, 0 otherwise, where i ∈ and r ∈ R ρri 1 if the attacker takes retaliation attack on node i in round r after the PS of the defender in round r-1, 0 otherwise, where i ∈ and r ∈ R σri The discount rate of the attack resources in round r after the PS of another player in round r-1, where k ∈ , i ∈ , and r ∈ R α Player 1’s weight of ADOD β Player 2’s weight of ADOD 12/3/2018

Decision variables Notation Description yri Proactive defense budget allocation on node i in round r, where i ∈ V and r ∈ R zri PS defense budget allocation on node i in round r, where i ∈ and r ∈ R sri 1 if node i is retrieved and repaired by another player in round r, 0 otherwise, where i ∈ and r ∈ R Ar Total budget of player 1 in round r, where r ∈ R Br Total budget of player 2 in round r, where r ∈ R Player 1’s budget allocation, which is a vector of cost A1, A2 to Ar in round r, where i ∈ V and r ∈ R Player 2’s budget allocation, which is a vector of cost B1, B2, to Br in round r, where i ∈ V and r ∈ R Player 1’s Average DOD, which is considering under player 1’s and player 2’s budget allocation on player 1’s topology in round r, where r ∈ R Player 2’s Average DOD, which is considering under player 1’s and player 2’s budget allocation on player 2’s topology in round r, where r ∈ R 12/3/2018

Objective function (IP 1) (IP 1’) 12/3/2018

Subject to Player 1 Player 2 (IP 1.1) (IP 1.2) 12/3/2018

Subject to (IP 1.3) (IP 1.4) (IP 1.5) (IP 1.6) 12/3/2018

Thanks so much for your listening.  12/3/2018