adviser: frank, yeong-sung lin presenter: yi-cin lin

Selection of optimal countermeasure portfolio in

IT security planningAdviser: Frank, Yeong-Sung Lin

Presenter: Yi-Cin Lin

While this formulation has more variables than our original non-linear formulation, it should still solve more quickly than its non-linear counterpart.

Model

Single-objective

Risk-neutral Minimize expected cost SP_E

Risk-averse Minimization of expected worst-

case cost SP_CV

NSP_E

Bi-objective

Notation

Total of potential scenarios.

Problem description

Denote by the probability of threat .

Notation

The probability of attack scenario inthe presence of independent threat events is

Problem description

Notation

◦ indicates that countermeasure totally

prevents successful attacks of threat .

◦ denotes that countermeasure is totally incapable of mitigating threat .

Problem description

Notation

The subset of selected countermeasures must satisfy the available budget

constraint

Problem description

This added level of specificity is necessary to maintain the linearity of the formulation.

Also, it improves the model’s flexibility by allowing for the possibility of a countermeasure being implemented at numerous levels.

Minimization of expected cost- NSP_E

Countermeasure is selected at exactly one level i.e.,

Notation


Model NSP_E: Minimize Expected Cost (1)

Subject to


COST

Minimization of expected cost- SP_E

Single-objective



case cost SP_CV

NSP_ENSP_E

Bi-objective

The nonlinear objective function (1) can be replaced with a formula


In order to compute for each threat , a recursive procedure is proposed below.


For each threat and countermeasure can be calculated recursively as

follows.

The initial condition is

The remaining terms


In order to eliminate nonlinear terms in the right-hand side of Eq. (10), define an auxiliary variable


and, in particular, for


Comparison of Eqs. (12) and (15) produces to the following relation


The above procedure eliminates all variables

for each .

Summarizing, the proportion of successful attacks = in For each threat can be calculated recursively, using Eqs. (17), (16) and (13) with replaced by .


Model SP_E:Minimize Expected Cost (5)

subject to 1. Countermeasure selection constraints Eqs. (2) and (3).


Subject to 2. Surviving threats balance constraints


(17)

(16)

(15)

Minimize conditional value-at-risk

Single-objective



case cost SP_CV

NSP_ENSP_E

Bi-objective

Notation

Model SP_CV:Minimize


Subject to1. Countermeasure selection constraints:

Eqs. (2)–(3).2. Surviving threats balance constraints:

Eqs. (18)–(21).3. Risk constraints:

4. Non-negativity and integrality conditions: Eqs. (22)–(24)



Single-objective

Risk-neutral Minimize expected cost

SP_ESP_E+B


case cost

SP_CVSP_CV+B

Bi-objective

Models SP_E and SP_CV can be enhanced for simultaneous optimization of the expenditures on countermeasures and the cost of losses from successful attacks.

◦ Removed constraints (3)

◦


Model SP_E+BMinimize Required Budget and Expected Cost

subject to Eqs. (2), (18)–(24) and (28)


Model SP_CV+BMinimize Required Budget and CVaR

subject to Eqs. (2) and (18)–(28)


Introduction

Problem description

Model◦ Single-objective approach◦ Bi-objective approach

Computational examples

Conclusion

Agenda

Bi-objective approach

Single-objective



case cost SP_CV

NSP_ENSP_E

Bi-objective

In the single objective approach the countermeasure portfolio is selected by minimizing either the expected loss (plus the required budget) or the expected worst-case loss (plus the required budget).


Model WSPMinimize

Subject to

Eqs. (2), (5) and (18)–(28)


Decision maker controls ◦ Risk of high losses by choosing the confidence

level α

◦ trade-off between expected and worst-case losses by choosing the trade-off parameter λ.


Introduction

Problem description

Model◦ Single-objective approach◦ Bi-objective approach


Conclusion

Agenda

The data set is similar to the one presented in [20], which was based on the threat set reported on IT security forum EndpointSecurity.org


= , the number of threats and the number of countermeasures, were equal to 10, and the corresponding number of potential attack scenarios, was equal to 1024.


For the bi-objective approach, the subsets of nondominated solutions were computed by parameterization on λ∈{0.01,0.10,0.25,0.50,0.75,0.90,0.99} the weighted-sum program WSP.


A critical issue that needs to be considered before any practical application of the proposed models is attempted, however, is the estimation of probabilities and the resulting losses associated with each type of threats and countermeasures.

Conclusion

In practice, threat likelihood estimates are provided by security experts (e.g., [24]) and complete distributional information is not available.

However, the proposed scenario-based approach does not require such a complete information to be available and only assumes independence of different threat events.

Conclusion

The computational experiments prove that for a limited number of attack scenarios considered, the optimal risk-averse portfolio can be found within CPU seconds, using the Gurobi solver for mixed integer programming.

Conclusion

Thanks for your listening!

adviser: frank, yeong-sung lin presenter: yi-cin lin

Documents

cost of losses

notation model sp

e biobjective23

riskbiobjectivemodels

probability of threat

successful attacks of

conditional value

model nsp