Presentation is loading. Please wait.

Presentation is loading. Please wait.

Redundancy and Defense Resource Allocation Algorithms to Assure Service Continuity against Natural Disasters and Intelligent Attackers Advisor: Professor.

Published byGwenda Charles Modified over 9 years ago

Similar presentations

Presentation on theme: "Redundancy and Defense Resource Allocation Algorithms to Assure Service Continuity against Natural Disasters and Intelligent Attackers Advisor: Professor."— Presentation transcript:

1 Redundancy and Defense Resource Allocation Algorithms to Assure Service Continuity against Natural Disasters and Intelligent Attackers Advisor: Professor Frank Y.S. Lin Ray J.P. Lo 駱睿斌 考量自然災害與智慧型攻擊下 確保服務持續性之冗餘及防禦資源配置演算法

2 2015/12/7NTU IM OPLab2 Agenda  Introduction  Problem Formulation  Lagrangean Relaxation Decomposition Heuristics for Getting Primal Feasible Solutions  Problems

3 2015/12/7NTU IM OPLab3 Agenda  Introduction  Problem Formulation  Lagrangean Relaxation Decomposition Heuristics for Getting Primal Feasible Solutions  Problems

4 2015/12/7NTU IM OPLab4 Background  Business Continuity Management (BCM) Disaster Recovery Planning (DRP)  Redundancy Allocation Problem (RAP)

5 2015/12/7NTU IM OPLab5 Scenario  Considering a network consisted of AS-level nodes: Just one kind of specified function is provided by each node.  The plan about which node providing what kind of function is predefined and consistent. Multiple core nodes

6 2015/12/7NTU IM OPLab6 Defender  The defender hopes to enhance the survivability of whole network by exploiting unified purchase to implement redundancy allocation. There is a product list that is known by both the defender and the attacker.

7 2015/12/7NTU IM OPLab7 Defender (cont ’ d) Redundant Component Choice Sets of Different Functions Defense Mechanism Choice Sets of Different Redundant Components

8 2015/12/7NTU IM OPLab8 Attacker  The attacker also has the perfect knowledge about this target network. The topology of the network The allocation of redundant components and defense mechanisms in each node  Extreme experience accumulation  The attacker ’ s final goal is minimizing the total attack cost of compromising all core nodes by choosing proper nodes to compromise.

9 2015/12/7NTU IM OPLab9 Scenario S C C S C C

10 2015/12/7NTU IM OPLab10 S Scenario S CSCS CSCS S CSCS C prefer S C C

11 2015/12/7NTU IM OPLab11 Agenda  Introduction  Problem Formulation  Lagrangean Relaxation Decomposition Heuristics for Getting Primal Feasible Solutions  Problems

12 2015/12/7NTU IM OPLab12 Assumption  Every node in this network is at AS-level.  No attack on links is considered.  Both the defender and the attacker have perfect knowledge about this network.  Each node in the network must provide just one kind of predefined function.  The defender has limitation of total defense budget.  The requirement of service availability threshold, which defines the minimum expected number of redundant components for every node, must be satisfied.

13 2015/12/7NTU IM OPLab13 Assumption (cont ’ d)  All kinds of redundant components in a choice set provide identical main function.  Other than providing the main function, all kinds of redundant components also have little basic defensive ability.  All redundant components are in hot- standby state.  All compromised redundant components are never repaired.

14 2015/12/7NTU IM OPLab14 Assumption (cont ’ d)  There are several extra defense mechanisms available for further protecting each kind of redundant component.  The defender must decide which extra defense mechanisms to deploy for protecting a redundant component when allocating a redundant component in a node.

15 2015/12/7NTU IM OPLab15 Assumption (cont ’ d)  A node is subject to attack only if a path exists from node s to that node, and all the intermediate nodes on the path have been compromised.  The attacker will compromise just one redundant component, the primary one, in non-core nodes for penetrating, and compromise all redundant components in core nodes for whole dysfunction. A non-core node is compromised if one of redundant components allocated in it has been compromised. A core node is compromised if and only if all redundant components allocated in it have been compromised.

16 2015/12/7NTU IM OPLab16 Assumption (cont ’ d)  While attempting to compromise a non-core node, the attacker can always arbitrarily choose the redundant component with most advantage for minimizing total attack cost to compromise.  A redundant component is subject to attack only if all extra defense mechanisms allocated to protect it have been compromised.  The probability that a redundant component operates properly is independent of whether extra defense mechanisms are deployed to it.

17 2015/12/7NTU IM OPLab17 Assumption (cont ’ d)  If the attacker has compromised the extra defense mechanism d of redundant component m once, he/she then learned some effective skills or developed some powerful hacker tools to deal with this kind of defensive mechanism d of redundant component m. Hence, the attacker can compromise the same kind of defensive mechanism d of the same kind of redundant component m without spending any cost afterward. According to the same reason mentioned above, the attacker can compromise any kind of redundant component which he/she has ever compromised without spending any cost.

18 2015/12/7NTU IM OPLab18 Given  The Core nodes  The initial position of attacker  The topology and size of the network  The total defense budget  The service availability threshold for all nodes in the network  The predefined function of each node

19 2015/12/7NTU IM OPLab19 Given (cont ’ d)  The redundant component choice set of each kind of function  The defense mechanism choice set of each kind of redundant component  The cost of each kind of redundant component  The cost of each kind of extra defense mechanism available for each kind of redundant component  The threshold of compromising each kind of redundant component  The threshold of compromising each kind of extra defense mechanism available for each kind of redundant component  The probability of each kind of redundant component operating properly

20 2015/12/7NTU IM OPLab20 Objective  To maximize the minimized total attack cost  Subjected to The total cost spending on allocating redundant components and extra defense mechanisms must be no more than the limitation of total defense budget. The expected number of redundant components in each node must be no less than the service availability threshold. The node to be attacked must be connected to the existing attack tree.

21 2015/12/7NTU IM OPLab21 To determine  Defender Which redundant components and extra defense mechanisms in which nodes to allocate  Attacker Which redundant components and extra defense mechanisms in which nodes to compromise

22 RAP-EDM Model (Redundancy Allocation Problem with Extra Defense Mechanisms)

23 2015/12/7NTU IM OPLab23 Given parameters B The total defensive budgetary limitation N The index set of all nodes in the network T The index set of all core nodes in the network U The index set of all non-core nodes in the network F The index set of all functions provided by the nodes in the network MfMf The index set of all redundant components which can be selected to provide the same main function f, where f F W The index set of all Origin-Destination (O-D) pairs, where the origin is node s and the destination is the core node t, where t T

24 2015/12/7NTU IM OPLab24 Given parameters (cont ’ d) PwPw The index set of all candidate paths of an O-D pair w, where w W DmDm The index set of all extra defensive mechanisms available for the kind of redundant component m, where m M f, f F α The threshold of service availability assurance that defines the minimum expected number of redundant components for every node σ if The indicator function, which is 1 if node i provides function f, and 0 otherwise (where i N, f F) δ pi The indicator function, which is 1 if node i is on the path p, and 0 otherwise (where i N, p P w, w W)

25 2015/12/7NTU IM OPLab25 Given parameters (cont ’ d) cmcm The cost of the kind of redundant component m, where m M f, f F m (c m ) The threshold of the attack cost required to compromise the kind of redundant component m, where m M f, f F QmQm The probability of the kind of redundant component m that operates properly, where m M f, f F

26 2015/12/7NTU IM OPLab26 Given parameters (cont ’ d) c md The cost of the defensive mechanism d of the kind of redundant component m, where d D m, m M f, f F md (c md ) The threshold of the attack cost required to compromise the defensive mechanism d of the kind of redundant component m, where d D m, m M f, f F

27 2015/12/7NTU IM OPLab27 Decision variables R im 1 if the redundant component m is allocated in node i, and 0 otherwise (where m M f, f F, i N) R imd 1 if the defensive mechanism d of redundant component m is allocated in node i, and 0 otherwise (where d D m, m M f, f F, i N) yiyi 1 if node i is compromised, and 0 otherwise (where i N) y im 1 if the redundant component m in node i is compromised, and 0 otherwise (where m M f, f F, i N) y imd 1 if the defensive mechanism d of redundant component m in node i is compromised, and 0 otherwise (where d D m, m M f, f F, i N)

28 2015/12/7NTU IM OPLab28 Decision variables (cont ’ d) zmzm 1 if the attacker has compromised the kind of redundant component m so far, and 0 otherwise (where m M f, f F) z md 1 if the attacker has compromised the kind of defensive mechanism d of the kind of redundant component m so far, and 0 otherwise (where d D m, m M f, f F) xpxp 1 if path p is selected as the attack path, and 0 otherwise (where p P w, w W)

29 2015/12/7NTU IM OPLab29 Objective (IP 1) Attack cost for compromising all extra defense mechanisms protecting a redundant component Attack cost for really compromising a redundant component

30 2015/12/7NTU IM OPLab30 Subject to (IP 1.1) (IP 1.2) (IP 1.3) (IP 1.4) (IP 1.5) (IP 1.6) (IP 1.7)

31 2015/12/7NTU IM OPLab31 Subject to (cont ’ d) (IP 1.8) (IP 1.9) (IP 1.10) (IP 1.11) (IP 1.12) (IP 1.13)

32 2015/12/7NTU IM OPLab32 Subject to (cont ’ d) (IP 1.14) (IP 1.15) (IP 1.16) (IP 1.17) (IP 1.18) (IP 1.19)

33 2015/12/7NTU IM OPLab33 Subject to (cont ’ d) (IP 1.20) (IP 1.21)

34 AEA Model (Attack with Experience Accumulation)

35 2015/12/7NTU IM OPLab35 Given parameters B The total defensive budgetary limitation N The index set of all nodes in the network T The index set of all core nodes in the network U The index set of all non-core nodes in the network F The index set of all functions provided by the nodes in the network MfMf The index set of all redundant components which can be selected to provide the same main function f, where f F W The index set of all Origin-Destination (O-D) pairs, where the origin is node s and the destination is the core node t, where t T

36 2015/12/7NTU IM OPLab36 Given parameters (cont ’ d) PwPw The index set of all candidate paths of an O-D pair w, where w W DmDm The index set of all extra defensive mechanisms available for the kind of redundant component m, where m M f, f F σ if The indicator function, which is 1 if node i provides function f, and 0 otherwise (where i N, f F) δ pi The indicator function, which is 1 if node i is on the path p, and 0 otherwise (where i N, p P w, w W)

37 2015/12/7NTU IM OPLab37 Given parameters (cont ’ d) cmcm The cost of the kind of redundant component m, where m M f, f F m (c m ) The threshold of the attack cost required to compromise the kind of redundant component m, where m M f, f F c md The cost of the defensive mechanism d of the kind of redundant component m, where d D m, m M f, f F md (c md ) The threshold of the attack cost required to compromise the defensive mechanism d of the kind of redundant component m, where d D m, m M f, f F

38 2015/12/7NTU IM OPLab38 Given parameters (cont ’ d) R im 1 if the redundant component m is allocated in node i, and 0 otherwise (where m M f, f F, i N) R imd 1 if the defensive mechanism d of redundant component m is allocated in node i, and 0 otherwise (where d D m, m M f, f F, i N)

39 2015/12/7NTU IM OPLab39 Decision variables yiyi 1 if node i is compromised, and 0 otherwise (where i N) y im 1 if the redundant component m in node i is compromised, and 0 otherwise (where m M f, f F, i N) y imd 1 if the defensive mechanism d of redundant component m in node i is compromised, and 0 otherwise (where d D m, m M f, f F, i N)

40 2015/12/7NTU IM OPLab40 Decision variables (cont ’ d) zmzm 1 if the attacker has compromised the kind of redundant component m so far, and 0 otherwise (where m M f, f F) z md 1 if the attacker has compromised the kind of defensive mechanism d of the kind of redundant component m so far, and 0 otherwise (where d D m, m M f, f F) xpxp 1 if path p is selected as the attack path, and 0 otherwise (where p P w, w W)

41 2015/12/7NTU IM OPLab41 Objective (IP 2)

42 2015/12/7NTU IM OPLab42 Subject to (IP 2.1) (IP 2.2) (IP 2.3) (IP 2.4)

43 2015/12/7NTU IM OPLab43 Subject to (cont ’ d) (IP 2.5) (IP 2.6) (IP 2.7) (IP 2.8) (IP 2.9) (IP 2.10)

44 2015/12/7NTU IM OPLab44 Subject to (cont ’ d) (IP 2.11) (IP 2.12) (IP 2.13) (IP 2.14) (IP 2.15) (IP 2.16)

45 2015/12/7NTU IM OPLab45 Agenda  Introduction  Scenario  Problem Formulation  Lagrangean Relaxation Decomposition Heuristics for Getting Primal Feasible Solutions  Problems

46 2015/12/7NTU IM OPLab46 Lagrangean Relaxation  We turn the primal problem (IP 2) into the Lagrangean relaxation problem (LR 1) by relaxing the constraints (IP 2.1), (IP 2.5), (IP 2.6), (IP 2.7), (IP 2.8), (IP 2.11), (IP 2.12), (IP 2.13), and (IP 2.14).

47 2015/12/7NTU IM OPLab47 Optimization problem (LR 1) Only μ 3 is non-restricted, and all the other multipliers are non-negative.

48 2015/12/7NTU IM OPLab48 Subject to (LR 1.1) (LR 1.2) (LR 1.3) (LR 1.4) (LR 1.5) (LR 1.6) (LR 1.7)

49 2015/12/7NTU IM OPLab49 Decomposition  Subproblem 1.1 (related to decision variable x p )  Subproblem 1.2 (related to decision variable y i )  Subproblem 1.3 (related to decision variable y im, z m )  Subproblem 1.4 (related to decision variable y imd, z md )

50 2015/12/7NTU IM OPLab50 Subproblem 1.1 (related to decision variable x p )  (Sub 1.1)  Subject to: (Sub 1.1.1) (Sub 1.1.2)

51 2015/12/7NTU IM OPLab51 Subproblem 1.2 (related to decision variable y i )  (Sub 1.2)  Subject to (Sub 1.2.1)

52 2015/12/7NTU IM OPLab52 Subproblem 1.3 (related to decision variable y im, z m )  (Sub 1.3)  Subject to (Sub 1.3.1) (Sub 1.3.2)

53 2015/12/7NTU IM OPLab53 Subproblem 1.4 (related to decision variable y imd, z md )  (Sub 1.4)  Subject to (Sub 1.4.1) (Sub 1.4.2)

54 2015/12/7NTU IM OPLab54 Agenda  Introduction  Scenario  Problem Formulation  Lagrangean Relaxation Decomposition Heuristics for Getting Primal Feasible Solutions  Problems

55 2015/12/7NTU IM OPLab55 Heuristics for Getting Primal Feasible Solutions  Step 1 The defender initializes a network that conforms to all the related constraints.  Defense Budget (B)  Functions of nodes  Service continuity requirement (α)

56 2015/12/7NTU IM OPLab56 Heuristics for Getting Primal Feasible Solutions (cont’d)  Step 1.1 Build a tree from node s to all core nodes by using Dijkstra’s algorithm.  Step 1.2 Allocate redundant components to the nodes on the tree.

57 2015/12/7NTU IM OPLab57 Heuristics for Getting Primal Feasible Solutions (cont’d)  Step 1.2 Step 1.2.1  Allocate the combinations of the most expensive redundant components to different-functioned core nodes. Step 1.2.2  Allocate the combinations of the redundant components with the second high level price to 1 hop away non-core nodes from node s. Step 1.2.3  Allocate the combinations of the redundant components with the third high level price to 1 hop away non-core nodes from the core nodes. Step 1.2.4  Allocate the redundant components that were not used in the above steps to the remained non-core nodes.

58 2015/12/7NTU IM OPLab58 Heuristics for Getting Primal Feasible Solutions (cont’d)  Step 1.3 Considering the diversity, allocate the cheapest combinations of redundant components to the remained non-core nodes that were not on the tree.

59 2015/12/7NTU IM OPLab59 Heuristics for Getting Primal Feasible Solutions (cont’d)  Step 1.4 Allocate corresponding defense mechanisms for protecting redundant components to the nodes.  Consider the diversity.  Follow the order used in the above steps. The nodes on the tree  The Core nodes  The 1 hop away non-core nodes from node s  The 1 hop away non-core nodes from the core nodes  The remained non-core nodes The other nodes

60 Heuristics for Getting Primal Feasible Solutions (cont’d)  Step 2 The attacker decides the initial attack tree according to the results of solving sub 1.1.  Step 3 Compromise all core nodes, i.e., compromise all redundant components with defense mechanisms within them.  Step 4 According to the results of Step 2 and Step 3, the attacker decides which redundant components (with defense mechanisms) to compromise in the non-core nodes that belong to the initial attack tree.

61 2015/12/7NTU IM OPLab61 Another Heuristics for Getting Primal Feasible Solutions  Step 1 The defender initializes a network just like we mentioned before.  Step 2 Let all the core nodes be compromised.

62 2015/12/7NTU IM OPLab62 Another Heuristics for Getting Primal Feasible Solutions (cont ’ d)  Step 3 Set a weight for each non-core node, and the weight includes three parts:  μ 3 of subproblem 1.2subproblem 1.2  The expected value of attack cost for each non-core node  Each non-core node’s importance of connection

63  The expected value of attack cost for each non-core node Another Heuristics for Getting Primal Feasible Solutions (cont ’ d) 2015/12/7NTU IM OPLab63 Attack cost = 10 Frequency = 5 Attack cost = 3 Frequency = 6 Attack cost= 12 Frequency = 4 Exp(Attack cost) = 10/5 + 3/6 + 12/4 = 5.5 2 2 2 1 3 Total hops = 2+1+2+3+2 = 9

64 2015/12/7NTU IM OPLab64 Another Heuristics for Getting Primal Feasible Solutions (cont ’ d)  Step 4 From each core node, build up an attack path to the starting node s.  Choose a direct neighbor node with smallest weight to compromise each time. If there is a compromised node within direct neighbors, reuse it as a hop site. If a neighbor node includes the kinds of redundant components or defense mechanisms that have been compromised before, their attack cost are then set to 0.

65 2015/12/7NTU IM OPLab65 Agenda  Introduction  Scenario  Problem Formulation  Lagrangean Relaxation Decomposition Heuristics for Getting Primal Feasible Solution  Problems

66 2015/12/7NTU IM OPLab66 Problems  How to properly set those given parameters? The number of different functions The sizes of  redundant component choice set  defense mechanism choice set The relation between c m, m (c m ), and Q m The relation between c md and md (c md )

67 Thanks for your listening!

Download ppt "Redundancy and Defense Resource Allocation Algorithms to Assure Service Continuity against Natural Disasters and Intelligent Attackers Advisor: Professor."

Similar presentations

‧指導教授:林永松 博士 【 Master Thesis 】 Oral Examination A Near-Optimal Redundancy Allocation Policy to Minimize System Vulnerability against Hazardous Events and.

‧指導教授:林永松 博士 【 Master Thesis 】 Oral Examination A Near-Optimal Redundancy Allocation Policy to Minimize System Vulnerability against Hazardous Events and.
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.

Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.
Optimal redundancy allocation for information technology disaster recovery in the network economy Benjamin B.M. Shao IEEE Transaction on Dependable and.

Optimal redundancy allocation for information technology disaster recovery in the network economy Benjamin B.M. Shao IEEE Transaction on Dependable and.
Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.

Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
Routing algorithms, all distinct routes, ksp, max-flow, and network flow LPs W. D. Grover TRLabs & University of Alberta © Wayne D. Grover 2002, 2003 E.

Routing algorithms, all distinct routes, ksp, max-flow, and network flow LPs W. D. Grover TRLabs & University of Alberta © Wayne D. Grover 2002, 2003 E.
Linear Programming Applications

Linear Programming Applications
Minimum-Cost Multicast Routing for Multi- Layered Multimedia Distribution IM PhD Forum, NTU Minimum-Cost Multicast Routing for Multi- Layered Multimedia.

Minimum-Cost Multicast Routing for Multi- Layered Multimedia Distribution IM PhD Forum, NTU Minimum-Cost Multicast Routing for Multi- Layered Multimedia.
De-Nian Young Ming-Syan Chen IEEE Transactions on Mobile Computing Slide content thanks in part to Yu-Hsun Chen, University of Taiwan.

De-Nian Young Ming-Syan Chen IEEE Transactions on Mobile Computing Slide content thanks in part to Yu-Hsun Chen, University of Taiwan.
Maximization of Network Survivability against Intelligent and Malicious Attacks (Cont’d) Presented by Erion Lin.

Maximization of Network Survivability against Intelligent and Malicious Attacks (Cont’d) Presented by Erion Lin.
SYSTEM RELIABILITY OPTIMIZATION CONSIDERING UNCERTAINTY: MINIMIZATION OF THE COEFFICIENT OF VARIATION FOR SERIES- PARALLEL SYSTEMS Hatice Tekiner-Mogulkoc,

SYSTEM RELIABILITY OPTIMIZATION CONSIDERING UNCERTAINTY: MINIMIZATION OF THE COEFFICIENT OF VARIATION FOR SERIES- PARALLEL SYSTEMS Hatice Tekiner-Mogulkoc,
Optimal resource assignment to maximize multistate network reliability for a computer network Yi-Kuei Lin, Cheng-Ta Yeh Advisor : Professor Frank Y. S.

Optimal resource assignment to maximize multistate network reliability for a computer network Yi-Kuei Lin, Cheng-Ta Yeh Advisor : Professor Frank Y. S.
Network Optimization Problems

Network Optimization Problems
Minimax Open Shortest Path First (OSPF) Routing Algorithms in Networks Supporting the SMDS Service Frank Yeong-Sung Lin ( 林永松 ) Information Management.

Minimax Open Shortest Path First (OSPF) Routing Algorithms in Networks Supporting the SMDS Service Frank Yeong-Sung Lin ( 林永松 ) Information Management.
Protection vs. false targets in series systems Reliability Engineering and System Safety(2009) Kjell Hausken, Gregory Levitin Advisor: Frank,Yeong-Sung.

Protection vs. false targets in series systems Reliability Engineering and System Safety(2009) Kjell Hausken, Gregory Levitin Advisor: Frank,Yeong-Sung.
Optimal Voting Strategy Against Rational Attackers 2011 6th International Conference on Risks and Security of Internet and Systems (CRiSIS) Presenter:

Optimal Voting Strategy Against Rational Attackers th International Conference on Risks and Security of Internet and Systems (CRiSIS) Presenter:
Energy-Efficient Sensor Network Design Subject to Complete Coverage and Discrimination Constraints Frank Y. S. Lin, P. L. Chiu IM, NTU SECON 2005 Presenter:

Energy-Efficient Sensor Network Design Subject to Complete Coverage and Discrimination Constraints Frank Y. S. Lin, P. L. Chiu IM, NTU SECON 2005 Presenter:
DDoS Attack and Defense 郭承賓 (Allen C.B. Kuo). Autonomous System Entry node.

DDoS Attack and Defense 郭承賓 (Allen C.B. Kuo). Autonomous System Entry node.
Simultaneous routing and resource allocation via dual decomposition AUTHOR: Lin Xiao, Student Member, IEEE, Mikael Johansson, Member, IEEE, and Stephen.

Simultaneous routing and resource allocation via dual decomposition AUTHOR: Lin Xiao, Student Member, IEEE, Mikael Johansson, Member, IEEE, and Stephen.
Research Direction Introduction Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang.

Research Direction Introduction Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang.
Column Generation By Soumitra Pal Under the guidance of Prof. A. G. Ranade.

Column Generation By Soumitra Pal Under the guidance of Prof. A. G. Ranade.

Similar presentations

Ads by Google