Risk-Averse Bi-Level Stochastic Network Interdiction Model for Cyber-Security Risk Management

Bhuiyan, Tanveer H.; Medal, Hugh; Nandi, Apurba K.; Halappanavar, Mahantesh

doi:10.1016/j.ijcip.2021.100408

Title: Risk-Averse Bi-Level Stochastic Network Interdiction Model for Cyber-Security Risk Management

Journal Article · Mon Mar 01 00:00:00 EST 2021 · International Journal of Critical Infrastructure Protection

DOI:https://doi.org/10.1016/j.ijcip.2021.100408· OSTI ID:1756756

Bhuiyan, Tanveer H. ^[1]; Medal, Hugh ^[2]; Nandi, Apurba K. ^[1];

^[1]

BATTELLE (PACIFIC NW LAB)
Mississippi State University

Security of cyber networks is crucial; recent severe cyber-attacks have had a devastating effect on many large organizations. The attack graph, which maps the potential attack paths of a cyber network, is a popular tool for analyzing cyber system vulnerability. In this study, we propose a bi-level stochastic network interdiction model on an attack graph to enable a risk-averse, resource constrained cyber network defender to optimally deploy security countermeasures that protect against attackers with an uncertain budget. This risk- averse conditional-value-at-risk (CVaR) model minimizes a weighted sum of the expected maximum loss over all scenarios and the expected maximum loss from the most damaging attack scenarios. We develop a customized constraint and column generation algorithm to solve our model as well as several acceleration techniques to improve the computational efficiency. Numerical experiments demonstrate that the acceleration techniques enable the solution of relatively large problems within a reasonable amount of time: applying all the acceleration techniques also reduces the average computation time of the basic algorithm by 71% for 100-node graphs. Using metrics called mean-risk value of stochastic solution and value of risk-aversion, computational results suggest that our stochastic risk-averse model significantly outperforms deterministic and risk-neutral models when 1) the distribution of attacker budget is heavy-right-tailed and 2) the defender is highly risk-averse.

Cite

Export

Save

Research Organization:: Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-76RL01830

OSTI ID:: 1756756

Report Number(s):: PNNL-SA-158981

Journal Information:: International Journal of Critical Infrastructure Protection, Vol. 32

Country of Publication:: United States

Language:: English

Similar Records

Cyber risk assessment and investment optimization using game theory and ML-based anomaly detection and mitigation for wide-area control in smart grids

Other · Mon Aug 01 00:00:00 EDT 2022 · OSTI ID:1756756

Hyder, Burhan

A Risk-Averse Conic Model for Networked Microgrids Planning With Reconfiguration and Reorganizations

Journal Article · Wed Jul 10 00:00:00 EDT 2019 · IEEE Transactions on Smart Grid · OSTI ID:1756756

Cao, Xiaoyu; Wang, Jianxue; Wang, Jianhui; +1 more

Centralized Cryptographic Key Management and Critical Risk Assessment - CRADA Final Report For CRADA Number NFE-11-03562

Technical Report · Wed May 28 00:00:00 EDT 2014 · OSTI ID:1756756

Abercrombie, R. K.; Peters, Scott

Title: Risk-Averse Bi-Level Stochastic Network Interdiction Model for Cyber-Security Risk Management

Citation Formats

Similar Records

Related Subjects