540 likes | 624 Views
Optimal Network Protection Against Diverse Interdictor Strategies. Jose E. Ramirez-Marquez, Claudio M. Rocco, Gregory Levitin Advisor : Professor Frank Y.S. Lin Presented by Yu-Pu Wu. About. Authors Jose E. Ramirez-Marquez, Claudio M. Rocco, Gregory Levitin Title
E N D
Optimal Network Protection Against Diverse Interdictor Strategies Jose E. Ramirez-Marquez, Claudio M. Rocco, Gregory Levitin Advisor : Professor Frank Y.S. Lin Presented by Yu-Pu Wu
About • Authors • Jose E. Ramirez-Marquez, Claudio M. Rocco, Gregory Levitin • Title • Optimal Network Protection Against Diverse Interdictor Strategies • Provenance • Reliability Engineering and System Safety 96 (2011), 374-382
Agenda • Introduction • Network Protection Background • Optimal Network Protection • Experimental Results • Conclusions
Introduction(1/6) • Basedoncommonnetworkmodels, current research has concentrated on determining the most critical parts of the networksand finding optimal distribution of security investments among these different elements of infrastructures. • NI problems assume that through a network with a known and fixed configuration some consumer product or service is delivered. • Under this setting, an interdictor is interested in reducing the flow of goods through the network by interdicting network elements.
Introduction(2/6) • Current NI research is valuable as a means to identify the most important set of components in a network. • Generally,NI models consider a fixed setting in the sense that they are focused on understanding how the network is damaged without any regard to potential defender and interdictor strategies. • These research efforts relate actual interdictor strategies to the defenders intent of improving the safety and security of systems by adequately building protection, within the system, against natural disasters and/or intentional attacks
Introduction(3/6) • Ramirez-Marquez et al. [25] have proposed an approach that provides an optimal protection plan to maximize the survivability of a network for a specific network flow when resources are equally distributed to protect network links and under a single pre-specified attacker strategy which considers that the interdictor distributes resources evenly among all network components. • However,the decision in [25] is of binary nature, considering the defense budget is equally distributed among the protected links. Therefore,it has been recognized that the general, and more realistic, problem the defender faces is of a continuous nature and thus, of an infinite solution space. 25:Ramirez-MarquezJE,RoccoC,LevitinG.Optimalprotectionofgeneralsource- sink networks via evolutionary techniques. Reliability Engineering and System Safety 2009;94(10):1676–84.
Introduction(4/6) • Therearetwocontributions.(1/2) • Based on the assumption that link vulnerabilityis determined by the ratio form of the attacker–defender contest success function as described in [19], a transformed stochastic NI approach [18] is used to maximize the survivability of the network for a given demand while satisfying a defense budget constraint for a set of potential interdictor strategies. 19:LevitinG, Hausken K. Redundancy versus protection versus false targets for systems under attack. IEEE Transactions on Reliability 2009;58(1):58–68. 18:Ramirez-MarquezJE,RoccoC.Stochasticnetworkinterdictionoptimizationvia capacitated network reliability modeling and probabilistic solution discovery. Reliability Engineering and System Safety 2009;94(5):913–21.
Introduction(5/6) • Therearetwocontributions.(2/2) • The solution approach developed to solve the new optimization model is based on an evolutionary algorithm that allows considering continuous variables. The proposed algorithm is a newly developed continuous version of PSDA [27] that in a probabilistic manner iteratively explores regions of an optimization problem solution space with the intent of identifying an optimal solution. 27:Concho A, Ramirez-Marquez JE. An evolutionary algorithm for port-of-entry security optimization considering sensor thresholds. Reliability Engineering and System Safety 2010;95(3):255–66.
Introduction(6/6) • Thisresearchisinterestin understanding the optimal defender’s response against a set of visible or potential attacks. 25:Ramirez-MarquezJE,RoccoC,LevitinG.Optimalprotectionofgeneralsource- sink networks via evolutionary techniques. Reliability Engineering and System Safety 2009;94(10):1676–84.
Agenda • Introduction • Network Protection Background • Optimal Network Protection • Experimental Results • Conclusions
Network Protection Background(1/1) • TherearethreepartsaboutNetworkProtectionBackground. • NetworkRepresentation • LinkVulnerability • NetworkVulnerability
NetworkRepresentation(1/1) • G(N,A):capacitatednetwork • Knownsourcenodes • Knownsinknodet • N:thesetofnodes • A:thesetoflink • A1:={(s,i),(j,t)|1<i, j <n} • A2:={(i,j)|1<i, j <n} • kijg:elementofkij,thecapacityvectoroflink(i,j).g=0,1 • a:statevectordescribethecurrentcapacityofeachlinkinnetwork. • (as1,as2,...,ant)
LinkVulnerability(1/3) • vij(w):undera giveninterdictorstrategy w,itis described using the ratio form of the attacker–defender contest success function.
LinkVulnerability(2/3) • &describethe attacker’s anddefender’s resource allocation for attacking/defending the linkbetween nodes i and j. • m: the contestintensity. • m=0 • 0<m<1(entrenchment+machinegun) • 1<m<∞(airplanes+tanks) • m=1 32:HirshleiferJ. Anarchy and its breakdown. Journal of Political Economy 1995;103(1):26–52.
LinkVulnerability(3/3) • t(w):defensestrategyvector • t(w)=(ts1(w),...,tnt(w)) • tij(w) :a non-negative continuous variable representing the amount of resources allocated to defend link (i,j) under attack strategy w.
NetworkVulnerability(1/1) • thefunctionmapavectorstatevectorintoanetworkflowbetweensandt.Meansnetwork s–t flow under a • the survivability of the network under defense strategy vector t’(w) for a given s–t flow d and under attack strategy w can be defined as
Agenda • Introduction • Network Protection Background • Optimal Network Protection • Experimental Results • Conclusions
OptimalNetworkProtection(1/2) • 12 objectivefunction
OptimalNetworkProtection(2/2) • The PSDA was originally developed to provide high quality solutions for integer and/or binaryvariable decision optimization problems. • tij(w), theproposed version of PSDA initially defines a rangeof values for thedefense of each arc as dictated by and then, basedon the fitness of solutions generated iteratively reduces the length of the initial range until its value equals zero or a stopping rule is enforced. • pseudo-codeinthreemainsteps
Step1:DefenseStrategyDevelopment • Generate a specified number (called SAMPLE) of potential network defense strategies via Monte Carlo simulation. • . • h means one of SAMPLE, one king of strategy. • . the is vector of initial range of values for the defense of each arc. • .
Step1:DefenseStrategyDevelopment • The algorithm will stop whenever vector can no longer be updated or when a user specified number of cycles, u has been reached.
Step2:Strategy analysis • Analyzes the defense resources allocated to each element of and then estimates the survivability 1 . • MC simulation along with the Ford–Fulkerson procedure. • Once the survivability for each potential defense strategy has been obtained each strategy,needs to be analyzed for itsfitness. • Immediatelyafterwards,thesolution are ranked from highest to lowest with respect to thepenalize survivability
Step3:Solution discovery • In the third and final step, of PSDA, a subset of size S of the set of ordered defense strategies (a set of size SAMPLE) is used to updatetherangeofvaluesforthedefenseofeacharc. • Thisnew vector is sent to Step 1 to check for termination or to guide the evolutionary search into potentially higher quality solutions. • The best feasible solution obtained in the cycle is stored in set K.
Discussion of PSDA parameters(1/3) • The continuous version of PSDA requires four user inputparameters. • Namely U, S, SAMPLE, and NSIMUL. • While smaller values of the parameter SAMPLE can lead to a faster convergence of the final defense strategy, the bigger its size the more likely a diverse number of solutions will be generated and usually the better the solution quality.
Discussion of PSDA parameters(2/3) • S effectively drives the solution space • Previous experimentation has found that good solutions can be obtained when it is within 20% of the parameter SAMPLE. • U define the total number of runs for the PSDA. • NSIMUL define the total number of runs for the reliability estimation routine.
Discussion of PSDA parameters(3/3) • There is certainty about a single attack strategy such a model suffices. • Whenever intelligence provides more than one potential attack strategy,the defender faces a decision on which of the optimal defense strategies developed for each attack strategiestoselect.
DefenseStrategySelection(1/2) • In this paper, the rationale regarding attack strategies is that while visiblethere is no knowledge about the underlying likelihood of each attack strategy. • That probabilities of occurrence for each attack strategy can be obtained then, the survivability of the network can be computed equivalently as a weighted average. • Let R be defined as a payoff matrix where elementaooooooooooooooooooorepresents the survivability of the network for a given flow d when under defense strategy t*(w’) and attack strategy w.
DefenseStrategySelection(2/2) • Based on matrix R then the best defense strategy is given by
Agenda • Introduction • Network Protection Background • Optimal Network Protection • Experimental Results • Conclusions
Experimental Results(1/1) • Twoexample • Thefirstexampleisasimplenetwork to provide in-depth discussion about Model Vulnerability and the continuous version of PSDA. • The second exampleisa larger two terminal network originally presented in [34]. • Dai&Pohnetwork 34:Dai Y, Poh K. Solving the network interdiction problem with genetic algorithms. In: Proceedings of the fourth Asia-Pacific conference on industrial engineering and management system, Taipei, December 18–20, 2002.
Illustrativenetwork(2/13) • Each of the links between the nodes has been assigned two values: capacity and index number. • The link between nodes 1 and 2 has a capacity of 20 units and is indexed as link 1. • In the case of no link failures, the network can handle a maximum flow of 45 units between the source node (node 1) and the sink node (node 8).
Illustrativenetwork(3/13) • To illustrate the optimization model and its solution as described in Section 3. • two required flows have been considered (d=20, 10) • two attack budgets (B = 520 and 260) • three defense budgets (b = 130, 650, and 1300) • three contest intensities (m=0.3, 1, and 3) • three different attack scenarios. • Followingarethethreeattackscenarios
Illustrativenetwork(4/13) • Scenario1 • Attackresourceshavebeenequallyallocatedamongthelinksin the network. • The attacker has no information about the network structure and importance of particular links and tries to destroy every link. • The attacker has no ability to direct the attack against specific links. • The system needs to be protected against natural destructiveforces that hit the entire area of the system.
Illustrativenetwork(5/13) • Scenario2 • Attack resources have been equally allocated among the network links connected to the source node. • This attack scenario assumes that the attacker has obtained “some”insight about the configuration of the network and decides to allocate resources in an effort to interdict the network flow. • Scenario3 • Itassumes that the attacker will target the network links connected to the sink node.
Illustrativenetwork(6/13) • The following parameters were used for PSDA • U =250 • S = 140 • SAMPLE=1000 • NSIMUL=2000 • Average cpu time per run is 150 seg on a AMD Athlon @ 1.5 Ghz • 1 Gb RAM • The network reliability simulation the most time-consuming element.
Illustrativenetwork(9/13) • “Def.Tot.”:thetotaldefensestrategycost • “Net.Surv.”:thenetworksurvivability • probability that after the attack the network is able to provide flow from source to sink not less than d • These results provide a good understanding of the defender strategy for maximizing the network survivability.
Illustrativenetwork(10/13) • For both demands considered, the network configuration is highly redundant allowing for multiple source-sink paths to satisfy the requirement. • Because of this redundancy the defender can concentrate his effort on protecting only part of links and achieves the resource superiority for the protected links. • Theresourcesuperiorityishighlyrelatedtocontestintensitym.
Illustrativenetwork(11/13) • When defense resources are scarce (b=130), the links defended should be those that can guarantee the flow in a single source-sink path. • As defense resources increase (b=650, 1300) redundant components or paths should also be defended.
Illustrativenetwork(12/13) • The expectation was that even resource distribution among the defended links would yield lower network survivability than the unrestricted distribution considered in this manuscript. • However, the results presented indicate that uneven resource distribution does not improve the system survivability considerably. • However,it does yield a more cost effective resource distribution. • If the problem were to minimize the defense cost when considering a survivability requirement, the uneven resource distribution yields better results.
Illustrativenetwork(13/13) • FromTable2. • When intelligence about the links to be attacked is available, in the case of scarce defense resources the defender should allocate all resources to a subset of links to be attacked in order to achieve the resource superiority over the attacker. • When the defense resource increases the defender can afford defending more links and protects all links that are to be attacked.
Dai&PohNetwork(2/4) • SingleScenario(scenario 1 of Section 4.1) • Threecontestintensities(m=0.2,1,and5) • Threenetwork flows(d = 44,29,and11) • Threedefensebudgets(b = 1000,3000, and 9000) • Two attack budgets (B =210 and 600) • The following parameterswereusedforPSDA • U =250;S =140,SAMPLE =1000, and NSIMUL=2000 • Average cpu time per run is 315 seg on a AMD Athon @ 1.5 Ghz, 1 Gb RAM.
Dai&PohNetwork(4/4) • The total amount of defense resources used when considering continuous allocation of resources is lower than when distributing evenly among the defended links. • An advantage of this approach is toprovide a defense strategy that provides desired network survivability by the minimal cost.
Agenda • Introduction • Network Protection Background • Optimal Network Protection • Experimental Results • Conclusions