Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin,

Published byAnastasia Paul Modified over 9 years ago

Similar presentations

Presentation on theme: "Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin,"— Presentation transcript:

1 Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin, M. Xie, S.H. Ng 1

2 Agenda 2011/3/07 Introduction The model N genuine elements connected in series Numerical comparison N genuine elements connected in parallel Damage proportional to the loss of demand probability Damage proportional to the unsupplied demand Conclusion 2

3 Agenda 2011/3/07 Introduction The model N genuine elements connected in series Numerical comparison N genuine elements connected in parallel Damage proportional to the loss of demand probability Damage proportional to the unsupplied demand Conclusion 3

4 Introduction 2011/3/07 The classical reliability theory considers providing redundancy and improving the reliability of elements as measures of system reliability enhancement. When survivability of systems exposed to intentional attacks is concerned such measures as protection and deploying false targets (FTs) become essential elements of the defense strategy. Such a focus on strategic interaction between the attacker and the defender suggests a need to assume that both of them are fully strategic optimizing agents with different objectives. 4

5 Introduction 2011/3/07 5 This paper considers the optimal defense resource distribution between two main actions available to the defender for reducing the expected damage associated with an attack: protecting the genuine system elements and deploying the false targets. Usually the defense strategy against intentional attacks is considered for two basic system configurations: series and parallel. This paper analyzes the optimal distribution of defense resources between protecting the genuine system elements and deploying imperfect false targets (FTs) in simple series and parallel systems.

6 Introduction 2011/3/07 6 This paper analyzes a two period minmax game where the defender moves in the first period, and the attacker moves in the second period. The defender moves first by deciding how many FTs to deploy to minimize the expected damage caused by the attacks assuming that the attacker uses the most harmful strategy by choosing the optimal number of targets to attack.

7 Agenda 2011/3/07 Introduction The model N genuine elements connected in series Numerical comparison N genuine elements connected in parallel Damage proportional to the loss of demand probability Damage proportional to the unsupplied demand Conclusion 7

8 The model 2011/3/07 8

9 The model 2011/3/07 9

10 The model 2011/3/07 10 Assumptions: 1. The defender uses identical FTs with the same detection probability. 2. The attacker can detect each FT independently of other FTs. 3. The attacker knows the defender’s effort distribution and number of GEs and FTs and decides how many elements to attack. 4. The attacker distributes its resources evenly among the attacked elements 5. Each element is attacked separately. Single attack cannot destroy more than one element. 6. In parallel system the genuine elements have identical performance. 7. The defender distributes its protection resources evenly among the genuine elements.

11 The model 2011/3/07 11 A system consists of N identical genuine elements(GEs), which are connected either in series or in parallel. All system elements are exposed to intentional attacks. The defender and the attacker’s resources, r and R, are fixed. The defender distributes its resource among deploying H FTs and protecting the GEs. Since an unprotected GE can be destroyed by an arbitrarily small but positive attack effort, the paper assumes that the defender distributes its protection resource evenly among all the GEs.

12 The model 2011/3/07 12 The cost for deploying one FT is s. Therefore, the defender cannot deploy more than r/s FTs. The FTs are imperfect. i.e. the attacker can detect each FT with probability d. If the attacker detects k FTs (with probability ) it ignores the detected FTs and attacks Q k randomly chosen elements out of N+H-k remaining undetected targets, as shown in Fig. 1.

13 The model 2011/3/07 13 The vulnerability (destruction probability) of the attacked element is determined by the attacker–defender contest success function modeled with the common ratio form as When m=0, v=50%. When 0<m<1, there is a disproportional advantage of investing less than one’s opponent. When m=1, the investments have proportional impact on the vulnerability. When m>1, there is a disproportional advantage of investing more than one’s opponent. When m=∞, n is a step function where ‘‘ winner-takes-all’’. T>t, v=100%. T<t, v=0.

14 The model 2011/3/07 14 For each k the attacker solves the optimization problem and chooses the Q k which maximizes the risk D(Q k,H). The entire risk obtained over all possible k is In the two period minmax game the defender moves first and solves the minmax problem: finds integer H (0<=H<=r/s) that minimizes the maximal risk given that for any H the attacker chooses the integer vector (Q 0,…,Q H ) that maximizes the risk.

15 Agenda 2011/3/07 Introduction The model N genuine elements connected in series Numerical comparison N genuine elements connected in parallel Damage proportional to the loss of demand probability Damage proportional to the unsupplied demand Conclusion 15

16 N genuine elements connected in series 2011/3/07 16 The system consists of N GEs connected in series. Destruction of any GE results in the destruction of the entire system. The risk D is defined as the probability of the system destruction. Defender’s resource = r: H (H<=r/s) FTs are deployed, the defense effort exerted on each genuine target is t=(r-Hs)/(Na). Attacker’s resource = R: In the case when k (0<=k<=H) FTs are detected by the attacker, it chooses Q k (1<=Q k <=N+H-k) targets out of N+H-k undetected elements to attack and the attack effort allocated onto each target is T=R/(Q k A).

17 N genuine elements connected in series 2011/3/07 17 The vulnerability of each GE is where ε=A/a. For any k and Q k the random number of attacked GEs can vary from max(0,Q k –H+k) (all FTs are attacked) to min(N,Q k ) (all genuine targets are attacked). The probability φ(Q k,i) that among Q k attacked elements i elements are the genuine ones can be obtained using the hypergeometric distribution:

18 N genuine elements connected in series 2011/3/07 18 The probability that at least one out of i attacked GEs is destroyed is The system vulnerability for any k and Q k can be obtained as The attacker chooses the Q k which maximizes the vulnerability of the system. Thus the most harmful Q k can be expressed by

19 N genuine elements connected in series 2011/3/07 19 N=5, H=5, ε=A/a=1, s=0.1, r=1

20 N genuine elements connected in series 2011/3/07 20 The total expected damage to the entire system is The defender chooses the H which minimizes D(Q 0 *,…,Q H *, H), thus we have the optimal number of deployed FTs

21 N genuine elements connected in series 2011/3/07 21 N=5, R=r=1, ε=A/a=1

22 N genuine elements connected in series 2011/3/07 22 N=5, r=1, ε=A/a=1, s=0.05, d=0.4

23 N genuine elements connected in series 2011/3/07 23 R=r=1, ε=A/a=1, s=0.05, d=0.4

24 N genuine elements connected in series 2011/3/07 24 r=1, ε=A/a=1

25 N genuine elements connected in series 2011/3/07 25 m=2, r=1, ε=A/a=1, N=2

26 N genuine elements connected in series 2011/3/07 26 Numerical comparison s=0.4, d=0.2, N=2, m=5, r=ε=1 Since r/s = 1/0.4 =2, H can take only values of 0, 1, and 2.

27 N genuine elements connected in series 2011/3/07 27 Numerical comparison

28 N genuine elements connected in series 2011/3/07 28 Numerical comparison(R=0.5)

29 N genuine elements connected in series 2011/3/07 29 Numerical comparison(R=1)

30 N genuine elements connected in series 2011/3/07 30 Numerical comparison(R=2)

31 Agenda 2011/3/07 Introduction The model N genuine elements connected in series Numerical comparison N genuine elements connected in parallel Damage proportional to the loss of demand probability Damage proportional to the unsupplied demand Conclusion 31

32 N genuine elements connected in parallel 2011/3/07 32 We consider a system that is built from N identical parallel GEs with the same functionality having performance g each. The system demand is F (F<=Ng). The system fails to meet the demand when at least N-F/g +1 elements are destroyed. Defender’s resource = r: H (H<=r/s) FTs are deployed, the defense effort exerted on each genuine target is t=(r-Hs)/(Na). Attacker’s resource = R: In the case when k (0<=k<=H) FTs are detected by the attacker, it chooses Q k ( N-F/g +1 <=Q k <=N+H-k) targets out of N+H-k undetected elements to attack and the attack effort allocated onto each target is T=R/(Q k A).

33 N genuine elements connected in parallel 2011/3/07 33 The vulnerability of each GE is where ε=A/a. For any k and Q k the random number of attacked GEs can vary from max(0, Q k –H+k) (all FTs are attacked) to min(N,Q k ) (all genuine targets are attacked). The probability φ(Q k,i) that among Q k attacked elements i elements are the genuine ones can be obtained using the hypergeometric distribution:

34 N genuine elements connected in parallel 2011/3/07 34 The probability θ(i,j) that among the i attacked GEs j elements are destroyed is Expected damage 1. Damage proportional to the loss of demand probability 2. Damage proportional to the unsupplied demand

35 N genuine elements connected in parallel 2011/3/07 35 1. Damage proportional to the loss of demand probability If the system totally fails when the demand is not met, the expected damage is proportional to the loss of demand probability. The demand is not met if the number of destroyed GEs j is greater than N-F/g. In this case the risk can be obtained as the system vulnerability:

36 N genuine elements connected in parallel 2011/3/07 36 1. Damage proportional to the loss of demand probability Thus the most harmful Q k can be expressed by The total risk overall k is obtained using The defender chooses the H which minimizes D(H), thus we have the optimal number of deployed FTs

37 N genuine elements connected in parallel 2011/3/07 37 1. Damage proportional to the loss of demand probability N=8, R=r=1, ε=A/a=1, F=4, g=1

38 N genuine elements connected in parallel 2011/3/07 38 1. Damage proportional to the loss of demand probability N=8, r=1, ε=A/a=1, s=0.04, d=0.4, F=4, g=1

39 N genuine elements connected in parallel 2011/3/07 39 1. Damage proportional to the loss of demand probability R=r=1, ε=A/a=1, s=0.05, d=0.4, F=4, g=1

40 N genuine elements connected in parallel 2011/3/07 40 1. Damage proportional to the loss of demand probability r=1, ε=A/a=1, F=4, g=1

41 N genuine elements connected in parallel 2011/3/07 41 2. Damage proportional to the unsupplied demand When j GEs are destroyed the amount of unsupplied demand is equal to max(0,F-(N-j)g). The unsupplied demand becomes positive The expected unsupplied demand can be obtained as The attacker chooses The total expected damage to the system is obtained using The defender chooses the H which minimizes D(H):

42 N genuine elements connected in parallel 2011/3/07 42 2. Damage proportional to the unsupplied demand N=8, R=r=1, e=1, F=4, g=1

43 N genuine elements connected in parallel 2011/3/07 43 2. Damage proportional to the unsupplied demand N=8, r=1, ε =1, s=0.04, d=0.4, F=4, g=1

44 N genuine elements connected in parallel 2011/3/07 44 2. Damage proportional to the unsupplied demand R=r=1, ε =1, s=0.05, d=0.4, F=4, g=1

45 N genuine elements connected in parallel 2011/3/07 45 2. Damage proportional to the unsupplied demand F=4, g=1, r=1, ε =1

46 Agenda 2011/3/07 Introduction The model N genuine elements connected in series Numerical comparison N genuine elements connected in parallel Damage proportional to the loss of demand probability Damage proportional to the unsupplied demand Conclusion 46

47 Conclusion 2011/3/07 47 This paper considers defending series and parallel systems against intentional attacks. The risk for the series system is proportional to the probability of system destruction. Depending on the type of system the risk for the parallel system is either proportional to the loss of demand probability or equal to the unsupplied demand. The paper demonstrates the methodology of analysis of optimal defense strategy as function of different parameters (number of GEs, contest intensity, total attacker’s resource).

48 Conclusion 2011/3/07 48 It presents the decision curves that can be used for the making a decision about efficiency of deploying FTs depending on their cost and detection probability. The presented model uses the contest intensity parameter m that cannot be exactly evaluated in practice. Two ways of handling the uncertainty of the contest intensity can be outlined: 1. m can be defined as a fuzzy variable and fuzzy logic model can be studied. 2. the range of possible variation of m can be determined and the most conservative ‘‘worst case’’ defense strategy can be obtained under the assumption that m takes the values that are most favorable for the attacker.

49 Thanks for your listening. 2011/3/07 49

Download ppt "Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin,"

Similar presentations

Multi‑Criteria Decision Making

Multi‑Criteria Decision Making
 Introduction  Simple Framework: The Margin Rule  Model with Product Differentiation, Variable Proportions and Bypass  Model with multiple inputs.

 Introduction  Simple Framework: The Margin Rule  Model with Product Differentiation, Variable Proportions and Bypass  Model with multiple inputs.
Optimal redundancy allocation for information technology disaster recovery in the network economy Benjamin B.M. Shao IEEE Transaction on Dependable and.

Optimal redundancy allocation for information technology disaster recovery in the network economy Benjamin B.M. Shao IEEE Transaction on Dependable and.
Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/9/13 Modeling secrecy and deception in a multiple- period attacker–defender signaling game 1.

Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/9/13 Modeling secrecy and deception in a multiple- period attacker–defender signaling game 1.
DATA SURVIVABILITY VS. SECURITY IN INFORMATION SYSTEMS Gregory Levitin a,b,n, Kjell Hausken c, Heidi A. Taboada d, David W. Coit Presented by Chia-Ling.

DATA SURVIVABILITY VS. SECURITY IN INFORMATION SYSTEMS Gregory Levitin a,b,n, Kjell Hausken c, Heidi A. Taboada d, David W. Coit Presented by Chia-Ling.
Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/10/25 1 Research Direction Introduction.

Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/10/25 1 Research Direction Introduction.
Robust Allocation of a Defensive Budget Considering an Attacker’s Private Information Mohammad E. Nikoofal and Jun Zhuang Presenter: Yi-Cin Lin Advisor:

Robust Allocation of a Defensive Budget Considering an Attacker’s Private Information Mohammad E. Nikoofal and Jun Zhuang Presenter: Yi-Cin Lin Advisor:
CPSC 335 Computer Science University of Calgary Canada.

CPSC 335 Computer Science University of Calgary Canada.
Defending Complex System Against External Impacts Gregory Levitin (IEC, UESTC)

Defending Complex System Against External Impacts Gregory Levitin (IEC, UESTC)
Detection of Nuclear Threats: Defending Multiple Ports Jeffrey Victor Truman 17 July 2009.

Detection of Nuclear Threats: Defending Multiple Ports Jeffrey Victor Truman 17 July 2009.
Who and How And How to Mess It up

Who and How And How to Mess It up
Sampling.

Sampling.
Maximizing Classifier Utility when Training Data is Costly Gary M. Weiss Ye Tian Fordham University.

Maximizing Classifier Utility when Training Data is Costly Gary M. Weiss Ye Tian Fordham University.
Unintentional vs. intentional impacts No impact strategy Attacker’s strategy maximizing the expected damage.

Unintentional vs. intentional impacts No impact strategy Attacker’s strategy maximizing the expected damage.
Company Enterprise Risk Management & Stress Testing Case Study.

Company Enterprise Risk Management & Stress Testing Case Study.
Tirgul 8 Universal Hashing Remarks on Programming Exercise 1 Solution to question 2 in theoretical homework 2.

Tirgul 8 Universal Hashing Remarks on Programming Exercise 1 Solution to question 2 in theoretical homework 2.
Finite Mathematics & Its Applications, 10/e by Goldstein/Schneider/SiegelCopyright © 2010 Pearson Education, Inc. 1 of 68 Chapter 9 The Theory of Games.

Finite Mathematics & Its Applications, 10/e by Goldstein/Schneider/SiegelCopyright © 2010 Pearson Education, Inc. 1 of 68 Chapter 9 The Theory of Games.
Optimal Survivability Enhancement in Complex Vulnerable systems Gregory Levitin The Israel Electric Corporation Ltd.

Optimal Survivability Enhancement in Complex Vulnerable systems Gregory Levitin The Israel Electric Corporation Ltd.
Reliability-Redundancy Allocation for Multi-State Series-Parallel Systems Zhigang Tian, Ming J. Zuo, and Hongzhong Huang IEEE Transactions on Reliability,

Reliability-Redundancy Allocation for Multi-State Series-Parallel Systems Zhigang Tian, Ming J. Zuo, and Hongzhong Huang IEEE Transactions on Reliability,
Game theoretic models for detecting network intrusions OPLab 1.

Game theoretic models for detecting network intrusions OPLab 1.

Similar presentations

Ads by Google