TY - GEN

T1 - Minimizing expected maximum risk from cyber-Attacks with probabilistic attack success

AU - Bhuiyan, Tanveer Hossain

AU - Nandi, Apurba K.

AU - Medal, Hugh

AU - Halappanavar, Mahantesh

N1 - Publisher Copyright:
© 2016 IEEE.

PY - 2016/9/14

Y1 - 2016/9/14

N2 - Organizations are being hit by small and large multi-stage cyber-Attacks every day. One tool for integrating and analyzing many potential multi-stage attacks is the attack graph. Nodes of an attack graph represent attack states, and the arcs represent atomic attacks. The attack graph as a whole represents all the potential attack paths to compromise target nodes beginning from a set of initially vulnerable nodes. Given a limited budget, finding an optimal subset of arcs in the attack graph is an important problem in seeking to optimally deploy security countermeasures to minimize risks associated with potential cyber-Attacks. In this research, we develop a stochastic network interdiction model based on a probabilistic attack graph with uncertain attack success probabilities on arcs and formulate it as a two-stage stochastic mixed-integer linear program. We employ the sample average approximation scheme in conjunction with Benders decomposition approach to solve the resulting problem. Our model provides an optimal recommendation for countermeasure deployment in a stochastic environment. Results demonstrate the value of stochastic solutions and the variation of risk with the accuracy of estimates of attack success probabilities.

AB - Organizations are being hit by small and large multi-stage cyber-Attacks every day. One tool for integrating and analyzing many potential multi-stage attacks is the attack graph. Nodes of an attack graph represent attack states, and the arcs represent atomic attacks. The attack graph as a whole represents all the potential attack paths to compromise target nodes beginning from a set of initially vulnerable nodes. Given a limited budget, finding an optimal subset of arcs in the attack graph is an important problem in seeking to optimally deploy security countermeasures to minimize risks associated with potential cyber-Attacks. In this research, we develop a stochastic network interdiction model based on a probabilistic attack graph with uncertain attack success probabilities on arcs and formulate it as a two-stage stochastic mixed-integer linear program. We employ the sample average approximation scheme in conjunction with Benders decomposition approach to solve the resulting problem. Our model provides an optimal recommendation for countermeasure deployment in a stochastic environment. Results demonstrate the value of stochastic solutions and the variation of risk with the accuracy of estimates of attack success probabilities.

KW - attack graph

KW - mixed-integer programming

KW - two-stage stochastic programming

UR - http://www.scopus.com/inward/record.url?scp=84991782461&partnerID=8YFLogxK

U2 - 10.1109/THS.2016.7568892

DO - 10.1109/THS.2016.7568892

M3 - Conference contribution

AN - SCOPUS:84991782461

T3 - 2016 IEEE Symposium on Technologies for Homeland Security, HST 2016

BT - 2016 IEEE Symposium on Technologies for Homeland Security, HST 2016

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2016 IEEE Symposium on Technologies for Homeland Security, HST 2016

Y2 - 10 May 2016 through 11 May 2016

ER -