Advisor: Frank,Yeong-Sung Lin 碩一 冠廷 1

 1.Introduction  2.The attack model 2.1. Even resource distribution between two attacks 2.2. Uneven resource distribution between two attacks 2.3. Uneven resource distribution between two attacks and between elements  3.General model of the optimal attack  4.Defender’s minmax strategy  5.Conclusions 2

 1.Introduction  2.The attack model 2.1. Even resource distribution between two attacks 2.2. Uneven resource distribution between two attacks 2.3. Uneven resource distribution between two attacks and between elements  3.General model of the optimal attack  4.Defender’s minmax strategy  5.Conclusions 3

 An attacker tries to maximize the system vulnerability.  The attacker distributes its constrained resource optimally across two attacks.  The attacker can choose the number of elements to be attacked in the first attack.  The attacker observes which elements are destroyed and not destroyed in the first attack, and applies its remaining resource into attacking the remaining elements in the second attack. 4

 We consider a 1-out-of-N system which means that all elements have to be destroyed to ensure a non-functioning system.  The defender distributes its constrained resource between deploying redundant elements and protecting them against the attack. 5

6

 1.Introduction  2.The attack model 2.1. Even resource distribution between two attacks 2.2. Uneven resource distribution between two attacks 2.3. Uneven resource distribution between two attacks and between elements  3.General model of the optimal attack  4.Defender’s minmax strategy  5.Conclusions 7

 The vulnerability of an element that is attacked is determined by a contest between the defender and the attacker.  Contest success function ： 8

 1.Introduction  2.The attack model 2.1. Even resource distribution between two attacks 2.2. Uneven resource distribution between two attacks 2.3. Uneven resource distribution between two attacks and between elements  3.General model of the optimal attack  4.Defender’s minmax strategy  5.Conclusions 9

 Two identical separated parallel elements. (N=2)  The total attacker’s resource equals the total defender’s resource: r=R.  The defender allocates the same resource r/2 to protection of each element.  If the attacker attacks several elements, it distributes its resource evenly among the elements 10

 First scenario ： the attacker uses all its resources in the single attack. 1.The element vulnerability is 2.The probability that both elements are destroyed is v 2 =

R DefenderAttacker N =2 Entire defender’s resource=r Entire attacker’s resource=R t=r/2 T=R/2 12

 Second scenario ： the attacker distributes its resources evenly between two attacks. 1.The element vulnerability is 2. Three possible outcomes of attack A. Two elements are destroyed of first attack with probability w 2. 13

DefenderAttacker N =2 Entire defender’s resource=r Entire attacker’s resource=R t=r/2 T=R/4 R/2 14

2. Three possible outcomes of attack B. One element is destroyed of first attack with probability 2(1-w)w. One element is destroyed of second attack with probability v.(Attacker attacks the remaining single element with all its remaining resource R/2) Both attack with probability 2(1-w)w‧v=(1-w)w 15

DefenderAttacker N =2 Entire defender’s resource=r Entire attacker’s resource=R t=r/2 T=R/4 R/2 T=R/2 16

2. Three possible outcomes of attack C. Two elements are not destroyed of first attack with probability (1-w) 2. Two elements are destroyed of second attack with probability w 2. Both attack with probability (1-w) 2 w 2. 17

DefenderAttacker N =2 Entire defender’s resource=r Entire attacker’s resource=R t=r/2 T=R/4 R/2 T=R/4 18

 Since three possible outcomes of attack are mutually exclusive scenarios, the overall probability of system destruction in a double attack is  The double attack with even resource distribution is beneficial if the system vulnerability in double attack exceeds this probability in single attack: 19

 It can be seen that the double attack with even resource distribution is beneficial for m<= m=1.82 r/R=1

 1.Introduction  2.The attack model 2.1. Even resource distribution between two attacks 2.2. Uneven resource distribution between two attacks 2.3. Uneven resource distribution between two attacks and between elements  3.General model of the optimal attack  4.Defender’s minmax strategy  5.Conclusions 21

 The attacker allocates a part xR of its resource in the first attack, and the remaining part (1-x)R in the second attack. (0< x <=1)  The element vulnerability in the first attack is  If one element is destroyed in the first attack, the remaining attacker’s resource per element is (1-x)R. 22

DefenderAttacker Entire attacker’s resource=R t=r/2 T=xR/2 xR (1-x)R 23 N =2 Entire defender’s resource=r

 If both elements survive the first attack,the remaining attacker’s resource per element is(1-x)R/2.  The overall system vulnerability 24

25 m 較小時，平均 分配資源至兩次 攻擊 m 較大時，集中資 源至某一次攻擊 m 小m 小 m 大m 大 r=R

for r/R=0.5, m*= 3.06; for r/R=1, m* =1.87;and for r/R=2, m*=1.6 When m>m* the double attack cannot provide greater system vulnerability than single attack for any attacker’s resource distribution x. (ex. r/R=1) 26

presents m* (the maximal value of m when double attack remains beneficial)as a function of r/R. 27 Double attack Single attack

 1.Introduction  2.The attack model 2.1. Even resource distribution between two attacks 2.2. Uneven resource distribution between two attacks 2.3. Uneven resource distribution between two attacks and between elements  3.General model of the optimal attack  4.Defender’s minmax strategy  5.Conclusions 28

 The attacker attacks only one out of two elements.  The first attack allocating the resource xR to one element.  The element vulnerability in the first attack is 29

DefenderAttacker Entire attacker’s resource=R t=r/2 T=xR T=(1-X)R xR (1-x)R 30 N =2 Entire defender’s resource=r

 The overall system vulnerability is ref: 31

32 m 小，攻擊者 會頃向選擇所 有 elements elements m 大，攻擊者 會頃向選擇部 分 elements r/R=1

 1.Introduction  2.The attack model 2.1. Even resource distribution between two attacks 2.2. Uneven resource distribution between two attacks 2.3. Uneven resource distribution between two attacks and between elements  3.General model of the optimal attack  4.Defender’s minmax strategy  5.Conclusions 33

 The attacker chooses x and the number Q of elements to attack in the first attack optimally.  The attacker can distribute its resource unevenly across the two attacks, and evenly across those elements it chooses to attack in each of the two attacks.  The element vulnerability in the first attack is 34

 The probability that exactly j (0<=j<=Q) elements are destroyed by the first attack is  The probability of system destruction is 35

 The attacker seeks for x and Q that maximize V(x,Q). 36

37 1. If m is high, the attacker prefers to attack the partial elements. If m is low, the attacker prefers to attack all elements. 2. A highly intensive contest and constant N the choice of x plays no important role. N=4

38 1. If m is high, the attacker prefers to attack the partial elements. If m is low, the attacker prefers to attack all elements. 2. The attacker’s effort decreases as N increases, but decreasing x* when Q* is constant means that the attacker increases its per element effort in the second attack r/R=1

 if the attacker can choose 1. how many elements to attack in the first attack, 0<=Q<=N, 2. how to distribute its effort between the two attacks, 0<x<=1 then a single attack is never preferable 39

 Concentrating all its resource on a single attack  Hypothetically, it achieves the same per element effort xR/Q=R/N in the first attack (x=Q/N) 40

 which is always greater than V=v(R/N,r/N) N achieved in the single attack. 41 j=Q 時

 1.Introduction  2.The attack model 2.1. Even resource distribution between two attacks 2.2. Uneven resource distribution between two attacks 2.3. Uneven resource distribution between two attacks and between elements  3.General model of the optimal attack  4.Defender’s minmax strategy  5.Conclusions 42

 The defender choose the number of elements N and distribute its resource r between deploying N elements and protecting these N elements.  Observe that 1<=N<= └ r/y ┘, where └ r/y ┘ is the greatest integer that does not exceed r/y.  The resource remaining for protection is r-Ny 43

 The optimal values x*, Q*, and N* are determined by the following enumerative minmax procedure. 44

45 y/R=0.2

46 r/R=2

 1.Introduction  2.The attack model 2.1. Even resource distribution between two attacks 2.2. Uneven resource distribution between two attacks 2.3. Uneven resource distribution between two attacks and between elements  3.General model of the optimal attack  4.Defender’s minmax strategy  5.Conclusions 47

 The attacker can decide whether to concentrate its limited resource on a single attack or distribute it among two attacks.  The defender distributes its limited resource among deploying redundant elements and protecting them against attacks.  The defender chooses the strategy that minimizes the maximal system vulnerability that the attacker can achieve using its optimal strategy. 48

 The presented model uses the contest intensity parameter m that cannot be exactly evaluated in practice.  Two ways of handling the uncertainty of the contest intensity can be outlined ： A. m can be defined as a fuzzy variable and fuzzy logic model can be studied. B. the range of possible variation of m takes the values that are most favorable for the attacker. 49

Thanks for your listening. 50