Presentation is loading. Please wait.

Presentation is loading. Please wait.

REDUNDANCY VS. PROTECTION VS. FALSE TARGETS FOR SYSTEMS UNDER ATTACK Gregory Levitin, Senior Member, IEEE, and Kjell Hausken IEEE Transactions on Reliability.

Published byMyrtle Snow Modified over 9 years ago

Similar presentations

Presentation on theme: "REDUNDANCY VS. PROTECTION VS. FALSE TARGETS FOR SYSTEMS UNDER ATTACK Gregory Levitin, Senior Member, IEEE, and Kjell Hausken IEEE Transactions on Reliability."— Presentation transcript:

1 REDUNDANCY VS. PROTECTION VS. FALSE TARGETS FOR SYSTEMS UNDER ATTACK Gregory Levitin, Senior Member, IEEE, and Kjell Hausken IEEE Transactions on Reliability Vol. 58, No.1, March 2009 Advisor: Frank Yeong-Sung, Lin Presented by : Hui-Yu, Chung 1

2 Agenda Introduction The Model Determining the Optimal Strategies Considering Intervals of the Contest Intensity Conclusions 2

3 Introduction Resources of The Defender ◦ Three measures to remain survivability  Deploying redundant genuine elements (GE)  Deploy false elements (FE) to attract the attacker  Protecting some of the GE Resources of The Attacker ◦ The Attacker’s object is to maximize damage  But the Attacker is expected to expend resources on both GE and FEs. 3

4 Introduction Defender’s strategy ◦ How to allocate its resource between GE, FE, and protect GE Attacker’s strategy ◦ How many elements to attack Two period game with minmax defender strategy ◦ First period: defender, second period: attacker ◦ Minimize the maximum risk 4

5 Basic Aefinition & Acronym Lowest-level part of the system characterized by performance g, and cost x Genuine system element (GE) Imitation of GE that has actual performance 0, and cost y False Elements (FE) Either GE, or FE Element Conditional probability of element destruction even it is attacked Vulnerability Technical or organizational measure aimed at reduction of element vulnerability Protection 5

6 Nomenclatures 6

7 Assumptions The attacker cannot distinguish between GE and FE Both the attacker/defender attacks/protects each element with equal resources Considering a non-strategic attacker (fixed attack or fixed attack probability) Both the attacker and the defender have limited, fixed resources 7

8 Agenda Introduction The Model Determining the Optimal Strategies Considering Intervals of the Contest Intensity Conclusions 8

9 The Model All parameters are known by both the defender and the attacker ◦ except the attacker cannot distinguish GE and FE The system is built to meet a demand H: Minimal elements required: Total resource cannot exceed r: 9

10 The Model The attacker attackselements The attacked unprotected GE can be destroyed with fixed probability b. Using the most conservative defense policy ◦ Assuming a maximum attacker’s budget Defender SideAttacker Side MeasuresIncrease GEDeploy FEProtect GEAttack elements Resource Needed xy 10

11 Contest Success Function Attack success probability (vulnerability) for each protected GE Contest Intensity Parameter m ◦ Reflect how the survivability of the system depends on the resources expanded 11

12 Contest Success Function Contest intensity parameter m: m = 0v = 50% t and T have equal impact on vulnerability 0 < m < 1Disproportional advantage of investing less than the opponent m = 1The investments have proportional impact on vulnerability m > 1Disproportional advantage of investing more effort than opponent (economics of scare) m =Winner-takes-all 12

13 Problem Formulation The prob. that attacker attacks exactly n GE is For any n, the conditional prob. That exactly k out of n attacked GE are protected is The prob. That exactly n GE are attacked, and among them k GE are protected is 13

14 Problem Formulation The conditional prob. That exactly s out of k protected attacked GE are destroyed is The prob. That exactly n GE are attacked, e out of the n - k attacked unprotected elements are destroyed is 14

15 Problem Formulation :The prob. That exactly j elements are destroyed by the attack, which is the sum of prob. Of all possible combinations that produce the same value of j. ( j = s + e) Unprotected elements Destroyed unprotected elements # of attacked GE, n, can range from max{0,Q - F} to min{Q, N} # of protected attacked GE, k, can range from max{0,Q – N + K} to min{n, K} 15

16 Problem Formulation If b = 1 → e = n - k 16

17 Algorithm Which obtains the prob. of different number of GE destroyed by attack Q elements 17

18 Measures of risk In terns of expected damage: Damage exists when In terns of system vulnerability: ◦ (prob. Of not meeting the demand) 18

19 Agenda Introduction The Model Determining the Optimal Strategies Considering Intervals of the Contest Intensity Conclusions 19

20 The Optimal Strategies The optimal defender can be a solution of a minmax game that minimize the risk given that for any N, F, K, the attacker chooses Q elements to attack to maximize the risk. 20

21 The Optimal Strategies The risk can be replaced by D or V 21

22 Solutions Solutions for different contest intensities ◦ H = 10, g = 2, y = 1, x = 3, b = 1, R = 10, r = 40 22

23 Solutions The solution of the two measures of risk (considering expected damage and system vulnerability) are similar With small m → Increase system redundancy with minimal protection, and FE is less important. Increasing m → FE becomes more important Larger m → Since attacker only attacks a subset of the elements, FE slightly decreases. 23

24 Agenda Introduction The Model Determining the Optimal Strategies Considering Intervals of the Contest Intensity Conclusions 24

25 Intervals of the Contest Intensity In many practical situations, the values of the contest intensities cannot be exactly determined. Most conservative defense strategy → Consider most favorable m for the attacker The defender’s strategy is to choose N*, F*, K* that minimize the risk under attacker’s optimal strategy Q = Q*(N, K, F, m) in the range 25

26 Intervals of the Contest Intensity Algorithm In this case, 26

27 Optimal defender’s minmax strategies as a function of r H = 10, g = 2, y = 1, b = 1, R = 10, x = 3 27

28 Optimal defender’s minmax strategies as a function of x H = 10, g = 2, y = 1, b = 1, R = 10, r = 50 28

29 Optimal defender’s minmax strategies The influence when increasing the defender’s resource is similar to the influence when decreasing the GE cost. Small m →Need large N → more sensitive to N Intermediate m →Prefer large F → less sensitive to N Large m →Need to protect GE → N decreases 29

30 Optimal defender’s minmax strategies as a function of R H = 10, g = 2, x= 3, y = 1, b = 1, r = 30 30

31 Optimal defender’s minmax strategies as a function of R With the growth of R, the defender must decrease the number of GE and K/N, to allocate more resource to protect some of the GE. Low attacker resource ◦ The defender benefits from high contest intensity High attacker resource ◦ The defender benefits form small contest intensity ◦ The attacker benefits from intermediate contest intensity 31

32 Optimal defender’s minmax strategies as a function of b H = 10, g = 2, x= 3, y = 1, r = 30, R = 10 32

33 Optimal defender’s minmax strategies as a function of b With the growth of b, the importance of protecting GE increases Defender protect more GE → Limits the # of GE that can be deployed → Deploy more FE to compensate K < N → The expected damage increases K = N → No unprotected GE → b has no effect on expected damage 33

34 Considering Optimal FE The number of FE, F, is most sensitive to variation of the game parameter m, x, r, and R. ◦ The cost of FE is lower than GE ◦ Balance? 34

35 Considering Optimal FE F = 10, g = 2, y = 1, x = 3, b = 1, R = 10, 1 < m < 5 35

36 Considering Optimal FE Consider a fixed and optimal number of FE When r grows, the difference between D corresponding to different fixed values of F decreases. ◦ If the defender has enough resources, non- optimal F can be compensated by other defensive measures. 36

37 Agenda Introduction The Model Determining the Optimal Strategies Considering Intervals of the Contest Intensity Conclusions 37

38 Conclusions Using a two-period minmax game to analyze the defender’s strategy. Considering the system redundancy, # of FEs, and protection resource ◦ Small m : high system redundancy with minimum protection, low FE ◦ Intermediate m: redundancy decreased, FE increased, invest more on protection ◦ High m: FE decreases (since attacker attacks only part of the elements) 38

39 Conclusions Considering non-certain determined contest intensities, the influence on defender’s increase of resource is similar to the influence on decrease of the GE cost. Low GE cost/ High defender’s resource: ◦ The defender benefits from extremely low m High GE cost/ Low defender’s resource: ◦ The attacker benefits from intermediate m 39

40 Conclusions When the attacker’s resource is high, the defender need to lower the ration of protected GE and deployed GE to make more effort on protecting them. Low attacker resource: ◦ Defender benefits from large m High attacker resource: ◦ The defender benefits from low m ◦ The attacker benefits from intermediate m 40

41 Conclusions The balance between deploying more FE, spending more resources toward protection of the GE, depends on the agents’ resources, the contest intensity, and the relative cost of deploying FE an GE. ◦ While the optimal # of FE provides lowest possible expected damage, some other # of FE may differ from the possible lowest one. Future works can concern on cost and budget issues 41

42 THANKS FOR YOUR LISTENING~!!! 42

Download ppt "REDUNDANCY VS. PROTECTION VS. FALSE TARGETS FOR SYSTEMS UNDER ATTACK Gregory Levitin, Senior Member, IEEE, and Kjell Hausken IEEE Transactions on Reliability."

Similar presentations

Research Direction Introduction Advisor: Frank, Yeong-Sung Lin Presented by Hui-Yu, Chung.

Research Direction Introduction Advisor: Frank, Yeong-Sung Lin Presented by Hui-Yu, Chung.
Design of the fast-pick area Based on Bartholdi & Hackman, Chpt. 7.

Design of the fast-pick area Based on Bartholdi & Hackman, Chpt. 7.
GAME THEORY.

GAME THEORY.
An Introduction to... Evolutionary Game Theory

An Introduction to... Evolutionary Game Theory
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.

Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.
Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.

Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.
Optimal redundancy allocation for information technology disaster recovery in the network economy Benjamin B.M. Shao IEEE Transaction on Dependable and.

Optimal redundancy allocation for information technology disaster recovery in the network economy Benjamin B.M. Shao IEEE Transaction on Dependable and.
Games of Prediction or Things get simpler as Yoav Freund Banter Inc.

Games of Prediction or Things get simpler as Yoav Freund Banter Inc.
DATA SURVIVABILITY VS. SECURITY IN INFORMATION SYSTEMS Gregory Levitin a,b,n, Kjell Hausken c, Heidi A. Taboada d, David W. Coit Presented by Chia-Ling.

DATA SURVIVABILITY VS. SECURITY IN INFORMATION SYSTEMS Gregory Levitin a,b,n, Kjell Hausken c, Heidi A. Taboada d, David W. Coit Presented by Chia-Ling.
Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin,

Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin,
Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.

Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/10/25 1 Research Direction Introduction.

Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/10/25 1 Research Direction Introduction.
Robust Allocation of a Defensive Budget Considering an Attacker’s Private Information Mohammad E. Nikoofal and Jun Zhuang Presenter: Yi-Cin Lin Advisor:

Robust Allocation of a Defensive Budget Considering an Attacker’s Private Information Mohammad E. Nikoofal and Jun Zhuang Presenter: Yi-Cin Lin Advisor:
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 10 The Role of Costs in Pricing Decisions.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 10 The Role of Costs in Pricing Decisions.
Lecture Presentation Software to accompany Investment Analysis and Portfolio Management Seventh Edition by Frank K. Reilly & Keith C. Brown Chapter.

Lecture Presentation Software to accompany Investment Analysis and Portfolio Management Seventh Edition by Frank K. Reilly & Keith C. Brown Chapter.
Defending Complex System Against External Impacts Gregory Levitin (IEC, UESTC)

Defending Complex System Against External Impacts Gregory Levitin (IEC, UESTC)
Unintentional vs. intentional impacts No impact strategy Attacker’s strategy maximizing the expected damage.

Unintentional vs. intentional impacts No impact strategy Attacker’s strategy maximizing the expected damage.
Michael Porter and Strategy ManEc 300 Prof. Bryson.

Michael Porter and Strategy ManEc 300 Prof. Bryson.
Optimal Survivability Enhancement in Complex Vulnerable systems Gregory Levitin The Israel Electric Corporation Ltd.

Optimal Survivability Enhancement in Complex Vulnerable systems Gregory Levitin The Israel Electric Corporation Ltd.
Game Theory.

Game Theory.

Similar presentations

Ads by Google