IDEAS home Printed from https://ideas.repec.org/a/eee/reensy/v159y2017icp119-133.html
   My bibliography  Save this article

Multiple cyber attacks against a target with observation errors and dependent outcomes: Characterization and optimization

Author

Listed:
  • Hu, Xiaoxiao
  • Xu, Maochao
  • Xu, Shouhuai
  • Zhao, Peng

Abstract

In this paper we investigate a cybersecurity model: An attacker can launch multiple attacks against a target with a termination strategy that says that the attacker will stop after observing a number of successful attacks or when the attacker is out of attack resources. However, the attacker's observation of the attack outcomes (i.e., random variables indicating whether the target is compromised or not) has an observation error that is specified by both a false-negative and a false-positive probability. The novelty of the model we study is the accommodation of the dependence between the attack outcomes, because the dependence was assumed away in the literature. In this model, we characterize the monotonicity and bounds of the compromise probability (i.e., the probability that the target is compromised). In addition to extensively showing the impact of dependence on quantities such as compromise probability and attack cost, we give methods for finding the optimal strategy that leads to maximum compromise probability or minimum attack cost. This study highlights that the dependence between random variables cannot be assumed away, because the results will be misleading.

Suggested Citation

  • Hu, Xiaoxiao & Xu, Maochao & Xu, Shouhuai & Zhao, Peng, 2017. "Multiple cyber attacks against a target with observation errors and dependent outcomes: Characterization and optimization," Reliability Engineering and System Safety, Elsevier, vol. 159(C), pages 119-133.
    • Handle: RePEc:eee:reensy:v:159:y:2017:i:c:p:119-133
    DOI: 10.1016/j.ress.2016.10.025
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0951832016307232
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ress.2016.10.025?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Vicki Bier & Santiago Oliveros & Larry Samuelson, 2007. "Choosing What to Protect: Strategic Defensive Allocation against an Unknown Attacker," Journal of Public Economic Theory, Association for Public Economic Theory, vol. 9(4), pages 563-587, August.
    2. P.S. Sheeba & Debasish Ghose, 2008. "Optimal resource allocation and redistribution strategy in military conflicts with Lanchester square law attrition," Naval Research Logistics (NRL), John Wiley & Sons, vol. 55(6), pages 581-591, September.
    3. Dhaene, J. & Denuit, M. & Goovaerts, M. J. & Kaas, R. & Vyncke, D., 2002. "The concept of comonotonicity in actuarial science and finance: theory," Insurance: Mathematics and Economics, Elsevier, vol. 31(1), pages 3-33, August.
    4. Kjell Hausken, 2005. "Production and Conflict Models Versus Rent-Seeking Models," Public Choice, Springer, vol. 123(1), pages 59-93, April.
    5. Dhaene, J. & Denuit, M. & Goovaerts, M. J. & Kaas, R. & Vyncke, D., 2002. "The concept of comonotonicity in actuarial science and finance: applications," Insurance: Mathematics and Economics, Elsevier, vol. 31(2), pages 133-161, October.
    6. Bier, Vicki M. & Kosanoglu, Fuat, 2015. "Target-oriented utility theory for modeling the deterrent effects of counterterrorism," Reliability Engineering and System Safety, Elsevier, vol. 136(C), pages 35-46.
    7. Stergios Skaperdas, 1996. "Contest success functions (*)," Economic Theory, Springer;Society for the Advancement of Economic Theory (SAET), vol. 7(2), pages 283-290.
    8. Peng, R. & Zhai, Q.Q. & Levitin, G., 2016. "Defending a single object against an attacker trying to detect a subset of false targets," Reliability Engineering and System Safety, Elsevier, vol. 149(C), pages 137-147.
    9. Hausken, Kjell, 2017. "Defense and attack for interdependent systems," European Journal of Operational Research, Elsevier, vol. 256(2), pages 582-591.
    10. Wang, Shuliang & Hong, Liu & Chen, Xueguang, 2012. "Vulnerability analysis of interdependent infrastructure systems: A methodological framework," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 391(11), pages 3323-3335.
    11. Hausken, Kjell, 2010. "Defense and attack of complex and dependent systems," Reliability Engineering and System Safety, Elsevier, vol. 95(1), pages 29-42.
    12. K Hausken & G Levitin, 2009. "Parallel systems with different types of defence resource expenditure under two sequential attacks," Journal of Risk and Reliability, , vol. 223(1), pages 71-85, March.
    13. Mo, Huadong & Xie, Min & Levitin, Gregory, 2015. "Optimal resource distribution between protection and redundancy considering the time and uncertainties of attacks," European Journal of Operational Research, Elsevier, vol. 243(1), pages 200-210.
    14. Gregory Levitin & Kjell Hausken, 2012. "Resource Distribution in Multiple Attacks with Imperfect Detection of the Attack Outcome," Risk Analysis, John Wiley & Sons, vol. 32(2), pages 304-318, February.
    15. Gregory Levitin & Kjell Hausken, 2010. "Resource Distribution in Multiple Attacks Against a Single Target," Risk Analysis, John Wiley & Sons, vol. 30(8), pages 1231-1239, August.
    16. Wu, Baichao & Tang, Aiping & Wu, Jie, 2016. "Modeling cascading failures in interdependent infrastructures under terrorist attacks," Reliability Engineering and System Safety, Elsevier, vol. 147(C), pages 1-8.
    17. Levitin, Gregory & Hausken, Kjell, 2009. "Parallel systems under two sequential attacks," Reliability Engineering and System Safety, Elsevier, vol. 94(3), pages 763-772.
    18. Kjell Hausken & Vicki M. Bier & Jun Zhuang, 2009. "Defending Against Terrorism, Natural Disaster, and All Hazards," International Series in Operations Research & Management Science, in: Vicki M. M. Bier & M. Naceur Azaiez (ed.), Game Theoretic Risk Analysis of Security Threats, chapter 4, pages 65-97, Springer.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Wei Wang & Francesco Di Maio & Enrico Zio, 2019. "Adversarial Risk Analysis to Allocate Optimal Defense Resources for Protecting Cyber–Physical Systems from Cyber Attacks," Risk Analysis, John Wiley & Sons, vol. 39(12), pages 2766-2785, December.
    2. Xiao, Hui & Lin, Chen & Kou, Gang & Peng, Rui, 2020. "Optimal resource allocation for defending k-out-of-n systems against sequential intentional and unintentional impacts," Reliability Engineering and System Safety, Elsevier, vol. 201(C).
    3. Li, Yijia & Hu, Xiaoxiao & Zhao, Peng, 2021. "On the reliability of a voting system under cyber attacks," Reliability Engineering and System Safety, Elsevier, vol. 216(C).
    4. Wang, Wei & Cammi, Antonio & Di Maio, Francesco & Lorenzi, Stefano & Zio, Enrico, 2018. "A Monte Carlo-based exploration framework for identifying components vulnerable to cyber threats in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 175(C), pages 24-37.
    5. Krishna Kalyanam & David Casbeer & Meir Pachter, 2020. "A sequential partial information bomber‐defender shooting problem," Naval Research Logistics (NRL), John Wiley & Sons, vol. 67(3), pages 223-235, April.
    6. Ding, Weiyong & Xu, Maochao & Huang, Yu & Zhao, Peng, 2020. "Cyber risks of PMU networks with observation errors: Assessment and mitigation," Reliability Engineering and System Safety, Elsevier, vol. 198(C).
    7. Chen, Die & Xu, Maochao & Shi, Weidong, 2018. "Defending a cyber system with early warning mechanism," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 224-234.
    8. Kim, Hee Eun & Son, Han Seong & Kim, Jonghyun & Kang, Hyun Gook, 2017. "Systematic development of scenarios caused by cyber-attack-induced human errors in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 167(C), pages 290-301.
    9. Zio, E., 2018. "The future of risk assessment," Reliability Engineering and System Safety, Elsevier, vol. 177(C), pages 176-190.
    10. Wu, Di & Xiao, Hui & Peng, Rui, 2018. "Object defense with preventive strike and false targets," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 76-80.
    11. Rui Fang & Xiaohu Li, 2020. "A stochastic model of cyber attacks with imperfect detection," Communications in Statistics - Theory and Methods, Taylor & Francis Journals, vol. 49(9), pages 2158-2175, May.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Qingqing Zhai & Rui Peng & Jun Zhuang, 2020. "Defender–Attacker Games with Asymmetric Player Utilities," Risk Analysis, John Wiley & Sons, vol. 40(2), pages 408-420, February.
    2. Hausken, Kjell, 2024. "Fifty Years of Operations Research in Defense," European Journal of Operational Research, Elsevier, vol. 318(2), pages 355-368.
    3. Rui Fang & Xiaohu Li, 2020. "A stochastic model of cyber attacks with imperfect detection," Communications in Statistics - Theory and Methods, Taylor & Francis Journals, vol. 49(9), pages 2158-2175, May.
    4. Abdolmajid Yolmeh & Melike Baykal-Gürsoy, 2019. "Two-Stage Invest–Defend Game: Balancing Strategic and Operational Decisions," Decision Analysis, INFORMS, vol. 16(1), pages 46-66, March.
    5. Rui Peng & Di Wu & Mengyao Sun & Shaomin Wu, 2021. "An attack-defense game on interdependent networks," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 72(10), pages 2331-2341, October.
    6. Chen, Die & Xu, Maochao & Shi, Weidong, 2018. "Defending a cyber system with early warning mechanism," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 224-234.
    7. Chen, Shun & Zhao, Xudong & Chen, Zhilong & Hou, Benwei & Wu, Yipeng, 2022. "A game-theoretic method to optimize allocation of defensive resource to protect urban water treatment plants against physical attacks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 36(C).
    8. Hausken, Kjell, 2017. "Defense and attack for interdependent systems," European Journal of Operational Research, Elsevier, vol. 256(2), pages 582-591.
    9. Peiqiu Guan & Meilin He & Jun Zhuang & Stephen C. Hora, 2017. "Modeling a Multitarget Attacker–Defender Game with Budget Constraints," Decision Analysis, INFORMS, vol. 14(2), pages 87-107, June.
    10. Dan Kovenock & Brian Roberson, 2012. "Strategic Defense And Attack For Series And Parallel Reliability Systems: Comment," Defence and Peace Economics, Taylor & Francis Journals, vol. 23(5), pages 507-515, October.
    11. Gregory Levitin & Kjell Hausken, 2012. "Resource Distribution in Multiple Attacks with Imperfect Detection of the Attack Outcome," Risk Analysis, John Wiley & Sons, vol. 32(2), pages 304-318, February.
    12. Di Wu & Xiangbin Yan & Rui Peng & Shaomin Wu, 2020. "Optimal defence-attack strategies between one defender and two attackers," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 71(11), pages 1830-1846, November.
    13. Peng, Rui & Xiao, Hui & Guo, Jianjun & Lin, Chen, 2020. "Defending a parallel system against a strategic attacker with redundancy, protection and disinformation," Reliability Engineering and System Safety, Elsevier, vol. 193(C).
    14. Hannah Lobban & Yasser Almoghathawi & Nazanin Tajik & Kash Barker, 2021. "Community vulnerability perspective on robust protection planning in interdependent infrastructure networks," Journal of Risk and Reliability, , vol. 235(5), pages 798-813, October.
    15. Bose, Gautam & Konrad, Kai A., 2020. "Devil take the hindmost: Deflecting attacks to other defenders," Reliability Engineering and System Safety, Elsevier, vol. 204(C).
    16. Ye, Zhi-Sheng & Peng, Rui & Wang, Wenbin, 2017. "Defense and attack of performance-sharing common bus systemsAuthor-Name: Zhai, Qingqing," European Journal of Operational Research, Elsevier, vol. 256(3), pages 962-975.
    17. Gregory Levitin & Kjell Hausken, 2010. "Resource Distribution in Multiple Attacks Against a Single Target," Risk Analysis, John Wiley & Sons, vol. 30(8), pages 1231-1239, August.
    18. Levitin, Gregory & Hausken, Kjell, 2009. "Intelligence and impact contests in systems with redundancy, false targets, and partial protection," Reliability Engineering and System Safety, Elsevier, vol. 94(12), pages 1927-1941.
    19. Kjell Hausken & Jun Zhuang, 2011. "Governments' and Terrorists' Defense and Attack in a T -Period Game," Decision Analysis, INFORMS, vol. 8(1), pages 46-70, March.
    20. Peiqiu Guan & Jun Zhuang, 2016. "Modeling Resources Allocation in Attacker‐Defender Games with “Warm Up” CSF," Risk Analysis, John Wiley & Sons, vol. 36(4), pages 776-791, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:reensy:v:159:y:2017:i:c:p:119-133. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/reliability-engineering-and-system-safety .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.