Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advisor: Yeong-Sung Lin Presented by Chi-Hsiang Chan 2011/3/281.

Published byAlban Crawford Modified over 8 years ago

Similar presentations

Presentation on theme: "Advisor: Yeong-Sung Lin Presented by Chi-Hsiang Chan 2011/3/281."— Presentation transcript:

1 Advisor: Yeong-Sung Lin Presented by Chi-Hsiang Chan 2011/3/281

2 + Introduction + Problem formulation + Multi-dimensional D-spectrum + F>3 clusters in the network + Illustrative example: attack and defense of a network + Conclusion 2011/3/282

3 + Introduction + Problem formulation + Multi-dimensional D-spectrum + F>3 clusters in the network + Illustrative example: attack and defense of a network + Conclusion 2011/3/283

4 + Defense against external impacts, and especially against intentional external impacts, becomes increasingly important due to the increasing threats of malicious attacks. + The defender’s objective for a system is that it survives and functions reliably under all circumstances. + In order to evaluate the efficiency of defensive measures the defender should evaluate the effect of these measures on the expected damage that can be caused by attacks. 2011/3/284

5 + Research in network reliability and risk analysis must help understand how to prevent or mitigate the damage caused by intentional attacks on the networks. + Usually assumed: – An interdictor is interested in reducing the flow through the network by interdicting network elements, usually the links. – The interdictor has limited resources to interdict network elements and as suck it faces a resource allocation problem, where the objective is to maximize the damage inflicted to the network. 2011/3/285

6 + In the case when the network provides connection among different terminal nodes corresponding to users or critical facilities, the damage caused by an attack can be different depending on the amount of terminals that become isolated from any other terminal because of link interdiction. + It is important to find a way that evaluates the probability of network disintegration into disconnected sub-networks and estimates the associated damage in order to compare different options of network defense. 2011/3/286

7 + This work considers the expected damage caused by the network disintegration into separated clusters (with at least one terminal node) and presents a novel multi- dimensional spectra technique for evaluating this damage. + We assume that the damage caused by disintegration is proportional to the number of clusters and does not depend on their size. + The assumption is relevant for information networks, where the information can freely flow within each cluster and the damage is proportional to the effort needed to restore the inter-cluster connectivity. 2011/3/287

8 + A network has a node set N, edge (link) set E and a subset of special nodes called terminals. + All nodes are absolutely reliable while the edges are subject to failure. + Edge(link) failure means its elimination from the network. + The attacker strikes the network links trying to cause damage by disintegrating the network into clusters. 2011/3/288

9 + Both the attacker and the defender have limited and fixed resources. + The attacker does not know the network structure and arracks a randomly chosen subset of links distributing its attack resources evenly among these links. + The defender has no information about the subset of links chosen for the attack. All links are equally protected. 2011/3/289

10 + The model presented in this paper is based on a multi- dimensional destruction spectra approach that allows evaluating the probability of network disintegration into a given number of clusters when a fixed number of randomly chosen links is eliminated. + It uses the contest success function that evaluates vulnerability of individual links as a function of per-link attack and defense efforts. 2011/3/2810

11 + Introduction + Problem formulation + Multi-dimensional D-spectrum + F>3 clusters in the network + Illustrative example: attack and defense of a network + Conclusion 2011/3/2811

12 LNumber of links in the networkfnumber of disconnected clusters FNumber of terminals in the networkd(f)damage associated with network disintegration into f disconnected clusters kNumber of attacked linksD(k)expected damage caused by an attack on k randomly chosen links REntire attacker’s resourceΔexpected damage for uniformly distributed number of attacked links yAttacker’s impact effort per attacked link mcontest intensity zDefender’s protection effort per linkp(j,f)the probability that the network falls apart into f clusters if j links re destroyed v(y,z)link vulnerability as a function of attacker’s and defender’s efforts P(x)probability of event x probability that exactly j links are destroyed after attack on k links 2011/3/2812

13 + A network with a given topology contains L protected links. Each link is protected with effort z. + The attacker strikes k randomly chosen links evenly with resource R. The per-link attack effort is y=R/k. + The vulnerability of attacked link is determined by a contest between the defender and the attacker, form as (1) 2011/3/2813

14 + Skaperdas offered three axioms for contest success functions: – 1≥v≥0 and the contest success for the defender and the attacker sum to one. – ∂v/ ∂y>0 and ∂v/ ∂z<0. – Each agent’s contest success depends on its effort and not on the identity of agent or opponent. 2011/3/2814

15 + m ≥0 is a parameter that expresses the intensity of the contest. + A benchmark intermediate value is m=1, where the investment have proportional impact on the vulnerability. 0 1 gives a disproportional advantage of investing more effort than one’s opponent. + m=0, vulnerability = 50% + m=∞ gives a step function where “ winner-takes-all”. + The parameter m is a characteristic of the contest which can be illustrated by the history of warfare. 2011/3/2815

16 + In the case when the attacker distributes its resource R among k links the link vulnerability takes the form (2) + If the attacker attacks k links, it succeeds to destroy exactly j links with probability (3) 2011/3/2816

17 + The probability that the network falls apart into f disconnected clusters as a result of destruction of j randomly chosen links be p(j,f), and the damage associated with the network falling apart into f disconnected clusters be d(f). + The expected damage D(k) in the case of attack against k randomly chosen links is (4) where F is the maximal number of clusters, which is equal to the number of terminals. 2011/3/2817

18 + If the defender knows the distribution of k, ε(i)=P(k=i), It can evaluate the total expected damage as (5) + When the defender has no information about the distribution of k, it assumes that the attacker acts completely at random and can choose k from 1 to L with equal probability. The expected damage is (6) 2011/3/2818

19 + Introduction + Problem formulation + Multi-dimensional D-spectrum + F>3 clusters in the network + Illustrative example: attack and defense of a network + Conclusion 2011/3/2819

20 + By network N=(V,E,T) we denote an undirected graph with a node-set V, |V|=n, an edge-set E,|E|=L, and a set of special nodes called terminals, |T|=F. + If all nodes of the network are connected to each other directly or indirectly, the network N is called connected. 2011/3/2820

21 + For example, N has 4 nodes V=(a,b,s,t), two terminals t=(s,t), 2 edges E={(a,s),(b,t)}. Obviously, N is not connected, it has two components, and each of them is a cluster. s a b t 2011/3/2821

22 + The network can be only in two states UP and DOWN, where the UP state takes place if and only if all terminals of the network are connected to each other by the elements which are in the UP state. Otherwise, the network is DOWN. + In this paper we split the DOWN state into several sub- states according to the number of disconnected clusters in the network. When F=|T|=3. – UP => number of cluster=1 – DOWN2 => number of cluster=2 – DOWN3 => number of cluster=3 2011/3/2822

23 + Definition 1. Let be a permutation of network links. Suppose initially that they all are UP. Start turning them from UP to DOWN by moving π from left to right. + Fixed the first element when the network state become DOWN 2 =>,called the second anchor. + Fixed the first element when the network state become DOWN 3 =>,called the third anchor. + Define the probability the probability of the event A(i,j) = {r 2 =i, r 3 =j} as (7) 2011/3/2823

24 + Definition 2. The two-dimensional discrete density function d ={w i,j }, i,j = 1,2,….,L, is called network two- dimensional destruction spectrum(D-spectrum). + Definition 3. The marginal distribution of the first component of the D-spectrum is called the second spectrum, and is called the third spectrum. + and for k=1,…,L are called the second and the third cumulative spectra of the network. + U 2 (L) = U 3 (L) = 1 2011/3/2824

25 + The total number of permutations of L=4 links is 4!=24. + u 1 =0,u 2 =5/6,u 3 =1/6,u 4 =0 + g 1 =0,g 2 =0,g 3 =3/6,g 4 =3/6 + U 2 (1)=0,U 2 (2)=5/6, U 2 (3)=U 2 (4)=1 + U 3 (1)=U 3 (2)=0, U 3 (3)=1/2,U 3 (4)=1 (3,4) 4 permutations(2,4) 8 permutations(2,3) 12 permutations 1,4,2,31,2,4,31,2,3,4 w 3,4 = 1/6w 2,4 = 2/6w 2,3 = 3/6 2011/3/2825

26 + Remark 1. The standard reliability theory deals mostly with binary systems consisting of binary components. The system has only one DOWN state, its D-spectrum becomes a one-dimensional distribution. + Gertsbakh and Shpungin and Samaniego considered the case of i.i.d. continuous component lifetimes X i, i=1,…,k and defined the r-th element of the signature as the probability that system failure coincides with the r-th order statistic in a sample of X 1,X 2,…,X k. + The considered two-dimensional signature is an extension of the one-dimensional situation. 2011/3/2826

27 + Denote by p(j,f) the probability that elimination of exactly j links causes network disintegration into f clusters. The principal probabilities which we need in the context of the present paper take the following form: (8) 2011/3/2827

28 + Remark 2. Suppose that all network links have i.i.d. continuous lifetime τ with cumulative distribution function (CDF) Q(t). Let τ net be the random network lifetime, Denote by Q net (t) its CDF. The probability that a link is UP at time t 0. We can get: (9) where Q (j) (t 0 ) is the CDF of the j-th order statistic from the random sample of link lifetimes τ 1, τ 2,…, τ L. 2011/3/2828

29 + Substituting into(9) the well-known expression for Q (j) (t 0 ) and rearranging the terms in the sum, can get: (10) where (11) + From (10) it follows that C(j) is the number of network failure sets with exactly j links being down. Therefore, (11) implies that the ratio of the number of all j-link failures sets to the total number of randomly chosen sets of j links out of L, equals U 3 (j). 2011/3/2829

30 + Introduction + Problem formulation + Multi-dimensional D-spectrum + F>3 clusters in the network + Illustrative example: attack and defense of a network + Conclusion 2011/3/2830

31 + When F>3, the system has states UP and DOWN J, J=2,3,…,F, where DOWN J is the state with J clusters, having J-th anchor r J (π). + We can get the J-th cumulative spectrum of the network + It is easy to derive that (12) 2011/3/2831

32 + The calculation of he spectrum is an NP-hard combinatorial problem. We suggest using a Mont Carlo procedure for its numerical estimation. + The most time consuming step of the procedure is checking the number of clusters in the network after a link is being erased. To do it efficiently, the so-called disjoint set structure is used. 2011/3/2832

33 + Using DSS takes O(L*logL)on each step, so the algorithm complexity as O(M*L*logL). 2011/3/2833

34 + Introduction + Problem formulation + Multi-dimensional D-spectrum + F>3 clusters in the network + Illustrative example: attack and defense of a network + Conclusion 2011/3/2834

35 + 17nodes, 3terminals, 34links + Two and three clusters caused defender damage d(2)=1000, d(3)=3000. + Defender can add four additional links to enhance the network connectivity. 2011/3/2835

36 2011/3/2836

37 z/R=0.01 2011/3/2837

38 + Assume that the defender can spend the same budget that is needed for adding four links on enhancing protection of all the links. + The cost of the protection effort unit is c and the defense budget B can be use d for increasing the protection effort. The defender’s per-link protection effort z increases from z 0 to z 0 +B/c, which causes the increase of effort ratio from z 0 /R to z 0 /R+B/cr=z 0 /r+1/c*, where c*=cr/B is the normalized cost of protection effort unit. 2011/3/2838

39 + With increase of the contest intensity the influence of the protection on the link vulnerability and damage increase, which makes the link protection option more beneficial for greater values of the protection cost. + Bold lines- protection enhancement + Thin lines- addition of four links. 2011/3/2839

40 + To evaluate the effectiveness of a mixed defense strategy with both links addition and protection enhancement, considering the case when the defender splits its budget evenly between the two types. + F (3,11) (7,10) + G (3,11) (2,15) + H (5,8) (7,10) 2011/3/2840

41 + The protection effort increases from z 0 to z 0 +B/(2c). 2011/3/2841

42 + Introduction + Problem formulation + Multi-dimensional D-spectrum + F>3 clusters in the network + Illustrative example: attack and defense of a network + Conclusion 2011/3/2842

43 + The paper suggests a computationally effective algorithm for evaluating the damage inflicted to interconnected networks by intentional attack on randomly chosen links. + The suggested algorithm is based on a multi-dimensional spectra approach. + The presented method allows analysts to evaluate and compare different options. + The presented example of a network with three terminals illustrates the practical methodology of choosing the most effective defense strategy. 2011/3/2843

44 2011/3/2844

Download ppt "Advisor: Yeong-Sung Lin Presented by Chi-Hsiang Chan 2011/3/281."

Similar presentations

Tests of Hypotheses Based on a Single Sample

Tests of Hypotheses Based on a Single Sample
Risk Modeling The Tropos Approach PhD Lunch Meeting 07/07/2005 Yudistira Asnar –

Risk Modeling The Tropos Approach PhD Lunch Meeting 07/07/2005 Yudistira Asnar –
Random Variables ECE460 Spring, 2012.

Random Variables ECE460 Spring, 2012.
Exact Inference in Bayes Nets

Exact Inference in Bayes Nets
Optimal redundancy allocation for information technology disaster recovery in the network economy Benjamin B.M. Shao IEEE Transaction on Dependable and.

Optimal redundancy allocation for information technology disaster recovery in the network economy Benjamin B.M. Shao IEEE Transaction on Dependable and.
Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin,

Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin,
Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/10/25 1 Research Direction Introduction.

Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/10/25 1 Research Direction Introduction.
Robust Allocation of a Defensive Budget Considering an Attacker’s Private Information Mohammad E. Nikoofal and Jun Zhuang Presenter: Yi-Cin Lin Advisor:

Robust Allocation of a Defensive Budget Considering an Attacker’s Private Information Mohammad E. Nikoofal and Jun Zhuang Presenter: Yi-Cin Lin Advisor:
Cox Model With Intermitten and Error-Prone Covariate Observation Yury Gubman PhD thesis in Statistics Supervisors: Prof. David Zucker, Prof. Orly Manor.

Cox Model With Intermitten and Error-Prone Covariate Observation Yury Gubman PhD thesis in Statistics Supervisors: Prof. David Zucker, Prof. Orly Manor.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
CHAPTER 16 MARKOV CHAIN MONTE CARLO

CHAPTER 16 MARKOV CHAIN MONTE CARLO
Resampling techniques Why resampling? Jacknife Cross-validation Bootstrap Examples of application of bootstrap.

Resampling techniques Why resampling? Jacknife Cross-validation Bootstrap Examples of application of bootstrap.
Defending Complex System Against External Impacts Gregory Levitin (IEC, UESTC)

Defending Complex System Against External Impacts Gregory Levitin (IEC, UESTC)
Unintentional vs. intentional impacts No impact strategy Attacker’s strategy maximizing the expected damage.

Unintentional vs. intentional impacts No impact strategy Attacker’s strategy maximizing the expected damage.
Inferences About Process Quality

Inferences About Process Quality
Optimal Survivability Enhancement in Complex Vulnerable systems Gregory Levitin The Israel Electric Corporation Ltd.

Optimal Survivability Enhancement in Complex Vulnerable systems Gregory Levitin The Israel Electric Corporation Ltd.
Copyright (c) 2004 Brooks/Cole, a division of Thomson Learning, Inc. Chapter 7 Statistical Intervals Based on a Single Sample.

Copyright (c) 2004 Brooks/Cole, a division of Thomson Learning, Inc. Chapter 7 Statistical Intervals Based on a Single Sample.
Copyright (c) 2004 Brooks/Cole, a division of Thomson Learning, Inc. Chapter 8 Tests of Hypotheses Based on a Single Sample.

Copyright (c) 2004 Brooks/Cole, a division of Thomson Learning, Inc. Chapter 8 Tests of Hypotheses Based on a Single Sample.
Game theoretic models for detecting network intrusions OPLab 1.

Game theoretic models for detecting network intrusions OPLab 1.
Short Resume of Statistical Terms Fall 2013 By Yaohang Li, Ph.D.

Short Resume of Statistical Terms Fall 2013 By Yaohang Li, Ph.D.

Similar presentations

Ads by Google