Author: Tadeusz Sawik Decision Support Systems Volume 55, Issue 1, April 2013, Pages 156–164 Adviser: Frank, Yeong-Sung Lin Presenter: Yi-Cin Lin.

Slides:



Advertisements
Similar presentations
Treatments of Risks and Uncertainty in Projects The availability of partial or imperfect information about a problem leads to two new category of decision-making.
Advertisements

Linear Programming (LP) (Chap.29)
1 Chapter 4 Experiments with Blocking Factors The Randomized Complete Block Design Nuisance factor: a design factor that probably has an effect.
Chapter 4 Randomized Blocks, Latin Squares, and Related Designs
1 Helsinki University of Technology Systems Analysis Laboratory Robust Portfolio Modeling for Scenario-Based Project Appraisal Juuso Liesiö, Pekka Mild.
Optimal redundancy allocation for information technology disaster recovery in the network economy Benjamin B.M. Shao IEEE Transaction on Dependable and.
Operations Management Linear Programming Module B - Part 2
Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin,
Robust Allocation of a Defensive Budget Considering an Attacker’s Private Information Mohammad E. Nikoofal and Jun Zhuang Presenter: Yi-Cin Lin Advisor:
Market-Risk Measurement
Evaluating Hypotheses
Dynamic lot sizing and tool management in automated manufacturing systems M. Selim Aktürk, Siraceddin Önen presented by Zümbül Bulut.
CHAPTER 6 Statistical Analysis of Experimental Data
Discrete Probability Distributions
1 Mixed Integer Programming Approaches for Index Tracking and Enhanced Indexation Nilgun Canakgoz, John Beasley Department of Mathematical Sciences, Brunel.
Review of Reservoir Problem OR753 October 29, 2014 Remote Sensing and GISc, IST.
Solver & Optimization Problems n An optimization problem is a problem in which we wish to determine the best values for decision variables that will maximize.
1 Chapter 2 Matrices Matrices provide an orderly way of arranging values or functions to enhance the analysis of systems in a systematic manner. Their.
Reliability-Redundancy Allocation for Multi-State Series-Parallel Systems Zhigang Tian, Ming J. Zuo, and Hongzhong Huang IEEE Transactions on Reliability,
Chapter 3 Introduction to Optimization Modeling
LINEAR PROGRAMMING SIMPLEX METHOD.
Solver & Optimization Problems n An optimization problem is a problem in which we wish to determine the best values for decision variables that will maximize.
Chapter 19 Linear Programming McGraw-Hill/Irwin
Roman Keeney AGEC  In many situations, economic equations are not linear  We are usually relying on the fact that a linear equation.
Some Background Assumptions Markowitz Portfolio Theory
1 Chapter 24 Developing Efficient Algorithms. 2 Executing Time Suppose two algorithms perform the same task such as search (linear search vs. binary search)
LECTURE 22 VAR 1. Methods of calculating VAR (Cont.) Correlation method is conceptually simple and easy to apply; it only requires the mean returns and.
Chapter 6 Linear Programming: The Simplex Method
Quasi-static Channel Assignment Algorithms for Wireless Communications Networks Frank Yeong-Sung Lin Department of Information Management National Taiwan.
Linear Programming McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 2 Risk Measurement and Metrics. Measuring the Outcomes of Uncertainty and Risk Risk is a consequence of uncertainty. Although they are connected,
Scenario Optimization, part 2. Financial Optimization and Risk Management Professor Alexei A. Gaivoronski Contents CVAR portfolio optimization Demo of.
Network Survivability Against Region Failure Signal Processing, Communications and Computing (ICSPCC), 2011 IEEE International Conference on Ran Li, Xiaoliang.
Adviser: Frank, Yeong-Sung Lin Presenter: Yi-Cin Lin.
Linear Programming with Excel Solver.  Use Excel’s Solver as a tool to assist the decision maker in identifying the optimal solution for a business decision.
CHAPTER 5 Inventory Control Subject to Uncertain Demand McGraw-Hill/Irwin Copyright © 2009 by The McGraw-Hill Companies, Inc. All rights reserved.
Minimax Open Shortest Path First (OSPF) Routing Algorithms in Networks Supporting the SMDS Service Frank Yeong-Sung Lin ( 林永松 ) Information Management.
Protection vs. false targets in series systems Reliability Engineering and System Safety(2009) Kjell Hausken, Gregory Levitin Advisor: Frank,Yeong-Sung.
Robustness of complex networks with the local protection strategy against cascading failures Jianwei Wang Adviser: Frank,Yeong-Sung Lin Present by Wayne.
Adviser: Frank, Yeong - Sung Lin Present by Jason Chang 1.
Alaa Mubaied Risk Management Alaa Mubaied
Optimal Resource Allocation for Protecting System Availability against Random Cyber Attack International Conference Computer Research and Development(ICCRD),
REDUNDANCY VS. PROTECTION VS. FALSE TARGETS FOR SYSTEMS UNDER ATTACK Gregory Levitin, Senior Member, IEEE, and Kjell Hausken IEEE Transactions on Reliability.
Approximation Algorithms Department of Mathematics and Computer Science Drexel University.
OR Chapter 8. General LP Problems Converting other forms to general LP problem : min c’x  - max (-c)’x   = by adding a nonnegative slack variable.
1 BA 555 Practical Business Analysis Linear Programming (LP) Sensitivity Analysis Simulation Agenda.
Liang, Introduction to Java Programming, Sixth Edition, (c) 2007 Pearson Education, Inc. All rights reserved Chapter 23 Algorithm Efficiency.
1 Optimizing Decisions over the Long-term in the Presence of Uncertain Response Edward Kambour.
Stochastic Optimization
1 6. Mean, Variance, Moments and Characteristic Functions For a r.v X, its p.d.f represents complete information about it, and for any Borel set B on the.
Introduction to Integer Programming Integer programming models Thursday, April 4 Handouts: Lecture Notes.
Structural & Multidisciplinary Optimization Group Deciding How Conservative A Designer Should Be: Simulating Future Tests and Redesign Nathaniel Price.
OPTIMIZATION PROBLEMS OF ELECTRIC POWER SUPPLY Томский политехнический университет.
F5 Performance Management. 2 Section C: Budgeting Designed to give you knowledge and application of: C1. Objectives C2. Budgetary systems C3. Types of.
Project management. Software project management ■It is the discipline of planning, organizing and managing resources to bring about the successful completion.
O PTIMAL R EPLACEMENT AND P ROTECTION S TRATEGY FOR P ARALLEL S YSTEMS R UI P ENG, G REGORY L EVITIN, M IN X IE AND S ZU H UI N G Adviser: Frank, Yeong-Sung.
CWR 6536 Stochastic Subsurface Hydrology Optimal Estimation of Hydrologic Parameters.
Supplementary Chapter B Optimization Models with Uncertainty
Linear Programming for Solving the DSS Problems
Market-Risk Measurement
Solver & Optimization Problems
6.5 Stochastic Prog. and Benders’ decomposition
Statistical Process Control
Network Optimization Research Laboratory
Department of Information Management National Taiwan University
Adviser: Frank,Yeong-Sung Lin Present by 瀅如
6.5 Stochastic Prog. and Benders’ decomposition
Optimization under Uncertainty
Presentation transcript:

Author: Tadeusz Sawik Decision Support Systems Volume 55, Issue 1, April 2013, Pages 156–164 Adviser: Frank, Yeong-Sung Lin Presenter: Yi-Cin Lin

Introduction Problem description Model  Single-objective approach  Bi-objective approach Computational examples Conclusion

Introduction Problem description Model  Single-objective approach  Bi-objective approach Computational examples Conclusion

The various actions developed to prevent intrusions or to mitigate the impact of successful breaches are called controls or countermeasures. Countermeasures Limit physical access Block access or protect privacy over networks Recovery

In practice, even the most sophisticated countermeasures cannot be expected to completely block attacks. This paper deals with the optimal selection of countermeasures in IT security planning to prevent or mitigate cyber-threats and a mixed integer programming approach is proposed for the decision making.

The problem is formulated as a single- or bi-objective mixed integer program Single-objectiveRisk-neutral Minimize expected cost Risk-averse Minimization of expected worst- case cost

The bi-objective trade-off model provides the decision maker with a simple tool for balancing expected and worst-case losses and for shaping of the resulting cost distribution through the selection of optimal subset of countermeasures.

Introduction Problem description Models  Single-objective approach  Bi-objective approach Computational examples Conclusion

The blocking effectiveness of each countermeasure is assumed to be independent whether or not it is used alone or together with other countermeasures.

Notation Total of potential scenarios.

Denote by the probability of threat. Notation The probability of attack scenario in the presence of independent threat events is

Notation  indicates that countermeasure totally prevents successful attacks of threat.  denotes that countermeasure is totally incapable of mitigating threat.

The proportion of successful attacks of threats type that survive all countermeasures in the subset of selected countermeasures is The expected proportion of successful attacks of threat type for the subset of selected countermeasures is

Notation The subset of selected countermeasures must satisfy the available budget constraint

The decision maker needs to decide which countermeasures to select to minimize losses from surviving occurrences of threats under limited budget for countermeasures implementation.

Introduction Problem description Model  Single-objective approach  Bi-objective approach Computational examples Conclusion

Model  Single-objective approach  Minimization of expected cost  Minimization of expected worst-case cost (Minimize conditional value-at-risk)  Bi-objective approach

In a risk-neutral operating condition the overall quality of the selected countermeasure portfolio can be measured by the expected cost of losses from successful attacks. Single-objectiveRisk-neutral Minimize expected cost SP_E SP_E+B Risk-averse Minimization of expected worst- case cost SP_CV SP_CV+B

Notation Countermeasure is selected for implementation if, otherwise.

Countermeasure is selected at exactly one level i.e., Notation

The proportion of successful attacks of threats type that survive all selected countermeasures is As a result, the expected cost of losses from successful attacks is given by a nonlinear formula

Model NSP_E: Minimize Expected Cost (1) Subject to 1. Countermeasure selection constraints

Subject to 2.Integrality conditions: The nonlinear integer program NSP_E is computationally hard for solving, even for small size instances of the problem. Computing the nonlinear objective function Recursive procedure by using a set of linear equations

The nonlinear objective function (1) can be replaced with a formula

In order to compute for each threat, a recursive procedure is proposed below.

For each threat and countermeasure can be calculated recursively as follows. The initial condition is The remaining terms

In order to eliminate nonlinear terms in the right-hand side of Eq. (10), define an auxiliary variable

and, in particular, for

Comparison of Eqs. (12) and (15) produces to the following relation

The above procedure eliminates all variables for each. Summarizing, the proportion of successful attacks = in For each threat can be calculated recursively, using Eqs. (17), (16) and (13) with replaced by.

Model SP_E: Minimize Expected Cost (5) subject to 1. Countermeasure selection constraints Eqs. (2) and (3).

Subject to 2. Surviving threats balance constraints (17) (16) (15)

Subject to 3. Non-negativity and integrality conditions: (4)

Adviser: Frank, Yeong-Sung Lin Presenter: Yi-Cin Lin

In a risk-neutral operating condition the overall quality of the selected countermeasure portfolio can be measured by the expected cost of losses from successful attacks. Single-objectiveRisk-neutral Minimize expected cost SP_E SP_E+B Risk-averse Minimization of expected worst- case cost SP_CV SP_CV+B

Model  Single-objective approach  Minimization of expected cost  Minimization of expected worst-case cost (Minimize conditional value-at-risk)  Bi-objective approach

Value-at-Risk (VaR) At a 100α% confidence level is the targeted cost of the portfolio such that for 100α% of the scenarios, the outcome will not exceed VaR, i.e., in 100(1−α)% of the scenarios, the outcome may exceed VaR.

Conditional Value-at-Risk (CVaR) At a 100α% confidence level is the approximate or exact expected cost of the portfolio in the worst 100(1−α)% of the cases. We allow 100(1−α)% of the outcomes to exceed VaR, and the mean value of these outcomes is represented by CVaR.

The decision maker controls the risk of high losses caused by operational disruptions by choosing the confidence level α. The greater the confidence level α, the more risk aversive is the decision maker and the smaller percent of the highest cost outcomes is focused on.

The risk aversive decision maker wants to minimize the expected worst-case costs exceeding VaR, by minimizing CVaR, given available budget B for selected countermeasures.

Notation Model SP_CV: Minimize

Subject to 1. Countermeasure selection constraints: Eqs. (2)–(3). 2. Surviving threats balance constraints: Eqs. (18)–(21). 3. Risk constraints: 4. Non-negativity and integrality conditions: Eqs. (22)–(24)

Models SP_E and SP_CV can be enhanced for simultaneous optimization of the expenditures on countermeasures and the cost of losses from successful attacks.  Removed constraints (3) 

Model SP_E+B Minimize Required Budget and Expected Cost subject to Eqs. (2), (18)–(24) and (28)

Model SP_CV+B Minimize Required Budget and CVaR subject to Eqs. (2) and (18)–(28)

Introduction Problem description Model  Single-objective approach  Bi-objective approach Computational examples Conclusion

In the single objective approach the countermeasure portfolio is selected by minimizing either the expected loss (plus the required budget) or the expected worst-case loss (plus the required budget).

The expected cost function that aims at optimizing an average performance of IT security system, virtually neglects the worst-case losses. CVaR that aims at optimizing worst-case performance, focuses on the low probability, high loss outcomes.

Model WSP Minimize Subject to Eqs. (2), (5) and (18)–(28)

Decision maker controls  Risk of high losses by choosing the confidence level α  trade-off between expected and worst- case losses by choosing the trade-off parameter λ.

Introduction Problem description Model  Single-objective approach  Bi-objective approach Computational examples Conclusion

The data set is similar to the one presented in [20], which was based on the threat set reported on IT security forum EndpointSecurity.org

=, the number of threats and the number of countermeasures, were equal to 10, and the corresponding number of potential attack scenarios, was equal to 1024.

Selection of countermeasures Effectiveness of blocking different threats Implementation costs Probability of potential attack scenarios

Figs. 1–4 indicate that the probability measure is concentrated in finitely many points, which is typical for the scenario- based optimization under uncertainty.

For the bi-objective approach, the subsets of nondominated solutions were computed by parameterization on λ∈{0.01,0.10,0.25,0.50,0.75,0.90,0.99} the weighted-sum program WSP.

For problem sizes with more types of threats and countermeasures the scenario-based mixed integer programs proposed may become intractable using Gurobi, if sufficient memory for a branch-and-cut procedure is not available.

The computational experiments prove that for a limited number of attack scenarios considered, the optimal risk- averse portfolio can be found within CPU seconds, using the Gurobi solver for mixed integer programming.

A critical issue that needs to be considered before any practical application of the proposed models is attempted, however, is the estimation of probabilities and the resulting losses associated with each type of threats and countermeasures.

In practice, threat likelihood estimates are provided by security experts (e.g., [24]) and complete distributional information is not available. However, the proposed scenario-based approach does not require such a complete information to be available and only assumes independence of different threat events.

Thanks for your listening!