TY - GEN
T1 - Minimizing expected maximum risk from cyber-Attacks with probabilistic attack success
AU - Bhuiyan, Tanveer Hossain
AU - Nandi, Apurba K.
AU - Medal, Hugh
AU - Halappanavar, Mahantesh
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/9/14
Y1 - 2016/9/14
N2 - Organizations are being hit by small and large multi-stage cyber-Attacks every day. One tool for integrating and analyzing many potential multi-stage attacks is the attack graph. Nodes of an attack graph represent attack states, and the arcs represent atomic attacks. The attack graph as a whole represents all the potential attack paths to compromise target nodes beginning from a set of initially vulnerable nodes. Given a limited budget, finding an optimal subset of arcs in the attack graph is an important problem in seeking to optimally deploy security countermeasures to minimize risks associated with potential cyber-Attacks. In this research, we develop a stochastic network interdiction model based on a probabilistic attack graph with uncertain attack success probabilities on arcs and formulate it as a two-stage stochastic mixed-integer linear program. We employ the sample average approximation scheme in conjunction with Benders decomposition approach to solve the resulting problem. Our model provides an optimal recommendation for countermeasure deployment in a stochastic environment. Results demonstrate the value of stochastic solutions and the variation of risk with the accuracy of estimates of attack success probabilities.
AB - Organizations are being hit by small and large multi-stage cyber-Attacks every day. One tool for integrating and analyzing many potential multi-stage attacks is the attack graph. Nodes of an attack graph represent attack states, and the arcs represent atomic attacks. The attack graph as a whole represents all the potential attack paths to compromise target nodes beginning from a set of initially vulnerable nodes. Given a limited budget, finding an optimal subset of arcs in the attack graph is an important problem in seeking to optimally deploy security countermeasures to minimize risks associated with potential cyber-Attacks. In this research, we develop a stochastic network interdiction model based on a probabilistic attack graph with uncertain attack success probabilities on arcs and formulate it as a two-stage stochastic mixed-integer linear program. We employ the sample average approximation scheme in conjunction with Benders decomposition approach to solve the resulting problem. Our model provides an optimal recommendation for countermeasure deployment in a stochastic environment. Results demonstrate the value of stochastic solutions and the variation of risk with the accuracy of estimates of attack success probabilities.
KW - attack graph
KW - mixed-integer programming
KW - two-stage stochastic programming
UR - http://www.scopus.com/inward/record.url?scp=84991782461&partnerID=8YFLogxK
U2 - 10.1109/THS.2016.7568892
DO - 10.1109/THS.2016.7568892
M3 - Conference contribution
AN - SCOPUS:84991782461
T3 - 2016 IEEE Symposium on Technologies for Homeland Security, HST 2016
BT - 2016 IEEE Symposium on Technologies for Homeland Security, HST 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2016 IEEE Symposium on Technologies for Homeland Security, HST 2016
Y2 - 10 May 2016 through 11 May 2016
ER -