# On defense strategies for system of systems using aggregated correlations

## Abstract

We consider a System of Systems (SoS) wherein each system Si, i = 1; 2; ... ;N, is composed of discrete cyber and physical components which can be attacked and reinforced. We characterize the disruptions using aggregate failure correlation functions given by the conditional failure probability of SoS given the failure of an individual system. We formulate the problem of ensuring the survival of SoS as a game between an attacker and a provider, each with a utility function composed of asurvival probability term and a cost term, both expressed in terms of the number of components attacked and reinforced. The survival probabilities of systems satisfy simple product-form, first-order differential conditions, which simplify the Nash Equilibrium (NE) conditions. We derive the sensitivity functions that highlight the dependence of SoS survival probability at NE on cost terms, correlation functions, and individual system survival probabilities.We apply these results to a simplified model of distributed cloud computing infrastructure.

- Authors:

- ORNL
- Hang Seng Management College, Hon Kong
- University of Stavanger, Norway
- Texas A&M University, Kingsville, TX, USA
- University at Buffalo (SUNY)

- Publication Date:

- Research Org.:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

- Sponsoring Org.:
- USDOE Office of Science (SC), Advanced Scientific Computing Research (ASCR) (SC-21); USDOE National Nuclear Security Administration (NNSA)

- OSTI Identifier:
- 1399527

- DOE Contract Number:
- AC05-00OR22725

- Resource Type:
- Conference

- Resource Relation:
- Conference: 11th Annual IEEE International Systems Conference (SYSCON2017) - Montreal, , Canada - 4/24/2017 4:00:00 AM-4/27/2017 4:00:00 AM

- Country of Publication:
- United States

- Language:
- English

### Citation Formats

```
Rao, Nageswara S., Imam, Neena, Ma, Chris Y. T., Hausken, Kjell, He, Fei, and Zhuang, Jun.
```*On defense strategies for system of systems using aggregated correlations*. United States: N. p., 2017.
Web. doi:10.1109/SYSCON.2017.7934817.

```
Rao, Nageswara S., Imam, Neena, Ma, Chris Y. T., Hausken, Kjell, He, Fei, & Zhuang, Jun.
```*On defense strategies for system of systems using aggregated correlations*. United States. doi:10.1109/SYSCON.2017.7934817.

```
Rao, Nageswara S., Imam, Neena, Ma, Chris Y. T., Hausken, Kjell, He, Fei, and Zhuang, Jun. Sat .
"On defense strategies for system of systems using aggregated correlations". United States.
doi:10.1109/SYSCON.2017.7934817. https://www.osti.gov/servlets/purl/1399527.
```

```
@article{osti_1399527,
```

title = {On defense strategies for system of systems using aggregated correlations},

author = {Rao, Nageswara S. and Imam, Neena and Ma, Chris Y. T. and Hausken, Kjell and He, Fei and Zhuang, Jun},

abstractNote = {We consider a System of Systems (SoS) wherein each system Si, i = 1; 2; ... ;N, is composed of discrete cyber and physical components which can be attacked and reinforced. We characterize the disruptions using aggregate failure correlation functions given by the conditional failure probability of SoS given the failure of an individual system. We formulate the problem of ensuring the survival of SoS as a game between an attacker and a provider, each with a utility function composed of asurvival probability term and a cost term, both expressed in terms of the number of components attacked and reinforced. The survival probabilities of systems satisfy simple product-form, first-order differential conditions, which simplify the Nash Equilibrium (NE) conditions. We derive the sensitivity functions that highlight the dependence of SoS survival probability at NE on cost terms, correlation functions, and individual system survival probabilities.We apply these results to a simplified model of distributed cloud computing infrastructure.},

doi = {10.1109/SYSCON.2017.7934817},

journal = {},

number = ,

volume = ,

place = {United States},

year = {Sat Apr 01 00:00:00 EDT 2017},

month = {Sat Apr 01 00:00:00 EDT 2017}

}