Presentation is loading. Please wait.

Presentation is loading. Please wait.

Optimal Network Protection Against Diverse Interdictor Strategies Jose E. Ramirez-Marquez, Claudio M. Rocco, Gregory Levitin Advisor : Professor Frank.

Published byBerniece Boyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Optimal Network Protection Against Diverse Interdictor Strategies Jose E. Ramirez-Marquez, Claudio M. Rocco, Gregory Levitin Advisor : Professor Frank."— Presentation transcript:

1 Optimal Network Protection Against Diverse Interdictor Strategies Jose E. Ramirez-Marquez, Claudio M. Rocco, Gregory Levitin Advisor : Professor Frank Y.S. Lin Presented by Yu-Pu Wu

2 About  Authors  Jose E. Ramirez-Marquez, Claudio M. Rocco, Gregory Levitin  Title  Optimal Network Protection Against Diverse Interdictor Strategies  Provenance  Reliability Engineering and System Safety 96 (2011), 374-382

3 Agenda  Introduction  Network Protection Background  Optimal Network Protection  Experimental Results  Conclusions

4 Introduction (1/6)  Based on common network models, current research has concentrated on determining the most critical parts of the networks and finding optimal distribution of security investments among these different elements of infrastructures.  NI problems assume that through a network with a known and fixed configuration some consumer product or service is delivered.  Under this setting, an interdictor is interested in reducing the flow of goods through the network by interdicting network elements.

5 Introduction (2/6)  Current NI research is valuable as a means to identify the most important set of components in a network.  Generally, NI models consider a fixed setting in the sense that they are focused on understanding how the network is damaged without any regard to potential defender and interdictor strategies.  These research efforts relate actual interdictor strategies to the defenders intent of improving the safety and security of systems by adequately building protection, within the system, against natural disasters and/or intentional attacks

6 Introduction (3/6)  Ramirez-Marquez et al. [25] have proposed an approach that provides an optimal protection plan to maximize the survivability of a network for a specific network flow when resources are equally distributed to protect network links and under a single pre-specified attacker strategy which considers that the interdictor distributes resources evenly among all network components.  However, the decision in [25] is of binary nature, considering the defense budget is equally distributed among the protected links. Therefore, it has been recognized that the general, and more realistic, problem the defender faces is of a continuous nature and thus, of an infinite solution space. 25 : Ramirez-MarquezJE,RoccoC,LevitinG.Optimalprotectionofgeneralsource- sink networks via evolutionary techniques. Reliability Engineering and System Safety 2009;94(10):1676–84.

7 Introduction (4/6)  There are two contributions. (1/2)  Based on the assumption that link vulnerability is determined by the ratio form of the attacker–defender contest success function as described in [19], a transformed stochastic NI approach [18] is used to maximize the survivability of the network for a given demand while satisfying a defense budget constraint for a set of potential interdictor strategies. 19 : Levitin G, Hausken K. Redundancy versus protection versus false targets for systems under attack. IEEE Transactions on Reliability 2009;58(1):58–68. 18 : Ramirez-MarquezJE,RoccoC.Stochasticnetworkinterdictionoptimizationvia capacitated network reliability modeling and probabilistic solution discovery. Reliability Engineering and System Safety 2009;94(5):913–21.

8 Introduction (5/6)  There are two contributions. (2/2)  The solution approach developed to solve the new optimization model is based on an evolutionary algorithm that allows considering continuous variables. The proposed algorithm is a newly developed continuous version of PSDA [27] that in a probabilistic manner iteratively explores regions of an optimization problem solution space with the intent of identifying an optimal solution. 27 : Concho A, Ramirez-Marquez JE. An evolutionary algorithm for port-of-entry security optimization considering sensor thresholds. Reliability Engineering and System Safety 2010;95(3):255–66.

9 Introduction (6/6)  This research is interest in understanding the optimal defender’s response against a set of visible or potential attacks. 25 : Ramirez-MarquezJE,RoccoC,LevitinG.Optimalprotectionofgeneralsource- sink networks via evolutionary techniques. Reliability Engineering and System Safety 2009;94(10):1676–84.

10 Agenda  Introduction  Network Protection Background  Optimal Network Protection  Experimental Results  Conclusions

11 Network Protection Background(1/1)  There are three parts about Network Protection Background.  Network Representation  Link Vulnerability  Network Vulnerability

12 Network Representation(1/1)  G(N,A) : capacitated network  Known source node s  Known sink node t  N : the set of nodes  A : the set of link  A 1 : = {(s,i), (j,t) | 1< i, j <n}  A 2 : = {(i,j) | 1< i, j <n}  k ijg : element of k ij, the capacity vector of link (i,j). g = 0, 1  a : state vector describe the current capacity of each link in network.  (a s1, a s2,..., a nt )

13 Link Vulnerability (1/3)  v ij (w) : under a given interdictor strategy w, it is described using the ratio form of the attacker–defender contest success function.

14 Link Vulnerability (2/3)  & describe the attacker’s and defender’s resource allocation for attacking/defending the link between nodes i and j.  m : the contest intensity.  m=0  0<m<1 (entrenchment + machine gun)  1<m<∞ (airplanes + tanks)  m=1 32 : Hirshleifer J. Anarchy and its breakdown. Journal of Political Economy 1995;103(1):26–52.

15 Link Vulnerability (3/3)  t(w) : defense strategy vector  t(w) = (t s1 (w),..., t nt (w))  t ij (w) : a non-negative continuous variable representing the amount of resources allocated to defend link (i,j) under attack strategy w.

16 Network Vulnerability (1/1)  the function map a vector state vector into a network flow between s and t. Means network s–t flow under a  the survivability of the network under defense strategy vector t’(w) for a given s–t flow d and under attack strategy w can be defined as

17 Agenda  Introduction  Network Protection Background  Optimal Network Protection  Experimental Results  Conclusions

18 Optimal Network Protection (1/2)  12 objective function

19 Optimal Network Protection (2/2)  The PSDA was originally developed to provide high quality solutions for integer and/or binary variable decision optimization problems.  t ij (w), the proposed version of PSDA initially defines a range of values for the defense of each arc as dictated by and then, based on the fitness of solutions generated iteratively reduces the length of the initial range until its value equals zero or a stopping rule is enforced.  pseudo-code in three main steps

20 Step 1 : Defense Strategy Development  Generate a specified number (called SAMPLE) of potential network defense strategies via Monte Carlo simulation. .  h means one of SAMPLE, one king of strategy. . the is vector of initial range of values for the defense of each arc. .

21 Step 1 : Defense Strategy Development  The algorithm will stop whenever vector can no longer be updated or when a user specified number of cycles, u has been reached.

22 Step 2 : Strategy analysis  Analyzes the defense resources allocated to each element of and then estimates the survivability 1.  MC simulation along with the Ford–Fulkerson procedure.  Once the survivability for each potential defense strategy has been obtained each strategy, needs to be analyzed for its fitness.  Immediately afterwards, the solution are ranked from highest to lowest with respect to the penalize survivability

23 Step 2 : Strategy analysis 11

24 Step 3 : Solution discovery  In the third and final step, of PSDA, a subset of size S of the set of ordered defense strategies (a set of size SAMPLE) is used to update the range of values for the defense of each arc.  This new vector is sent to Step 1 to check for termination or to guide the evolutionary search into potentially higher quality solutions.  The best feasible solution obtained in the cycle is stored in set K.

25 Step 3 : Solution discovery 11

26 Discussion of PSDA parameters (1/3)  The continuous version of PSDA requires four user input parameters.  Namely U, S, SAMPLE, and NSIMUL.  While smaller values of the parameter SAMPLE can lead to a faster convergence of the final defense strategy, the bigger its size the more likely a diverse number of solutions will be generated and usually the better the solution quality.

27 Discussion of PSDA parameters (2/3)  S effectively drives the solution space  Previous experimentation has found that good solutions can be obtained when it is within 20% of the parameter SAMPLE.  U define the total number of runs for the PSDA.  NSIMUL define the total number of runs for the reliability estimation routine.

28 Discussion of PSDA parameters (3/3)  There is certainty about a single attack strategy such a model suffices.  Whenever intelligence provides more than one potential attack strategy, the defender faces a decision on which of the optimal defense strategies developed for each attack strategies to select.

29 Defense Strategy Selection (1/2)  In this paper, the rationale regarding attack strategies is that while visible there is no knowledge about the underlying likelihood of each attack strategy.  That probabilities of occurrence for each attack strategy can be obtained then, the survivability of the network can be computed equivalently as a weighted average.  Let R be defined as a payoff matrix where element aooooooooooooooooooo represents the survivability of the network for a given flow d when under defense strategy t*(w’) and attack strategy w.

30 Defense Strategy Selection (2/2)  Based on matrix R then the best defense strategy is given by

31 Agenda  Introduction  Network Protection Background  Optimal Network Protection  Experimental Results  Conclusions

32 Experimental Results (1/1)  Two example  The first example is a simple network to provide in-depth discussion about Model Vulnerability and the continuous version of PSDA.  The second example is a larger two terminal network originally presented in [34].  Dai & Poh network 34 : Dai Y, Poh K. Solving the network interdiction problem with genetic algorithms. In: Proceedings of the fourth Asia-Pacific conference on industrial engineering and management system, Taipei, December 18–20, 2002.

33 Illustrative network (1/13)

34 Illustrative network (2/13)  Each of the links between the nodes has been assigned two values: capacity and index number.  The link between nodes 1 and 2 has a capacity of 20 units and is indexed as link 1.  In the case of no link failures, the network can handle a maximum flow of 45 units between the source node (node 1) and the sink node (node 8).

35 Illustrative network (3/13)  To illustrate the optimization model and its solution as described in Section 3.  two required flows have been considered (d=20, 10)  two attack budgets (B = 520 and 260)  three defense budgets (b = 130, 650, and 1300)  three contest intensities (m=0.3, 1, and 3)  three different attack scenarios.  Following are the three attack scenarios

36 Illustrative network (4/13)  Scenario 1  Attack resources have been equally allocated among the links in the network.  The attacker has no information about the network structure and importance of particular links and tries to destroy every link.  The attacker has no ability to direct the attack against specific links.  The system needs to be protected against natural destructive forces that hit the entire area of the system.

37 Illustrative network (5/13)  Scenario 2  Attack resources have been equally allocated among the network links connected to the source node.  This attack scenario assumes that the attacker has obtained “some” insight about the configuration of the network and decides to allocate resources in an effort to interdict the network flow.  Scenario 3  It assumes that the attacker will target the network links connected to the sink node.

38 Illustrative network (6/13)  The following parameters were used for PSDA  U = 250  S = 140  SAMPLE = 1000  NSIMUL = 2000  Average cpu time per run is 150 seg on a AMD Athlon @ 1.5 Ghz  1 Gb RAM  The network reliability simulation the most time-consuming element.

39

40

41 Illustrative network (9/13)  “Def. Tot.” : the total defense strategy cost  “Net. Surv.” : the network survivability  probability that after the attack the network is able to provide flow from source to sink not less than d  These results provide a good understanding of the defender strategy for maximizing the network survivability.

42 Illustrative network (10/13)  For both demands considered, the network configuration is highly redundant allowing for multiple source-sink paths to satisfy the requirement.  Because of this redundancy the defender can concentrate his effort on protecting only part of links and achieves the resource superiority for the protected links.  The resource superiority is highly related to contest intensity m.

43 Illustrative network (11/13)  When defense resources are scarce (b = 130), the links defended should be those that can guarantee the flow in a single source-sink path.  As defense resources increase (b = 650, 1300) redundant components or paths should also be defended.

44 Illustrative network (12/13)  The expectation was that even resource distribution among the defended links would yield lower network survivability than the unrestricted distribution considered in this manuscript.  However, the results presented indicate that uneven resource distribution does not improve the system survivability considerably.  However, it does yield a more cost effective resource distribution.  If the problem were to minimize the defense cost when considering a survivability requirement, the uneven resource distribution yields better results.

45 Illustrative network (13/13)  From Table 2.  When intelligence about the links to be attacked is available, in the case of scarce defense resources the defender should allocate all resources to a subset of links to be attacked in order to achieve the resource superiority over the attacker.  When the defense resource increases the defender can afford defending more links and protects all links that are to be attacked.

46 Dai & Poh Network (1/4)

47 Dai & Poh Network (2/4)  Single Scenario (scenario 1 of Section 4.1)  Three contest intensities (m = 0.2, 1, and 5)  Three network flows (d = 44, 29, and 11)  Three defense budgets (b = 1000, 3000, and 9000)  Two attack budgets (B = 210 and 600)  The following parameters were used for PSDA  U = 250; S = 140, SAMPLE = 1000, and NSIMUL = 2000  Average cpu time per run is 315 seg on a AMD Athon @ 1.5 Ghz, 1 Gb RAM.

48

49 Dai & Poh Network (4/4)  The total amount of defense resources used when considering continuous allocation of resources is lower than when distributing evenly among the defended links.  An advantage of this approach is to provide a defense strategy that provides desired network survivability by the minimal cost.

50 Agenda  Introduction  Network Protection Background  Optimal Network Protection  Experimental Results  Conclusions

51 Conclusions (1/3)  There is a new network defense model in which a defender allocates protection resources to network links, so as to maximize the probability that a desired network flow can be delivered from source to sink.  the survivability of the network  The optimization model is based on the attacker– defender contest success function that determines the vulnerability of each network link.

52 Conclusions (2/3)  That allowing the defender to distribute resources unevenly does not provide a significant increase in network survivability in the case of different attack scenarios.  However, it does yield a more cost effective allocation.  If the problem is to minimize the defense cost when considering a survivability requirement, the results obtained in this manuscript illustrate that an uneven allocation of resources would yield the better defense resource allocation.

53 Conclusions (3/3)  The uneven allocation of resources becomes important when the vulnerability of the network links is not determined by the same function  allocation of the same attack and defense resources in two different links does not yield the same vulnerability  It may be caused by different link accessibility, different technical, or environmental conditions.

54 Thanks for your attention

Download ppt "Optimal Network Protection Against Diverse Interdictor Strategies Jose E. Ramirez-Marquez, Claudio M. Rocco, Gregory Levitin Advisor : Professor Frank."

Similar presentations

Linear Programming (LP) (Chap.29)

Linear Programming (LP) (Chap.29)
Optimal redundancy allocation for information technology disaster recovery in the network economy Benjamin B.M. Shao IEEE Transaction on Dependable and.

Optimal redundancy allocation for information technology disaster recovery in the network economy Benjamin B.M. Shao IEEE Transaction on Dependable and.
Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin,

Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/3/07 Defending simple series and parallel systems with imperfect false targets R. Peng, G. Levitin,
Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.

Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
Robust Allocation of a Defensive Budget Considering an Attacker’s Private Information Mohammad E. Nikoofal and Jun Zhuang Presenter: Yi-Cin Lin Advisor:

Robust Allocation of a Defensive Budget Considering an Attacker’s Private Information Mohammad E. Nikoofal and Jun Zhuang Presenter: Yi-Cin Lin Advisor:
Integrating Bayesian Networks and Simpson’s Paradox in Data Mining Alex Freitas University of Kent Ken McGarry University of Sunderland.

Integrating Bayesian Networks and Simpson’s Paradox in Data Mining Alex Freitas University of Kent Ken McGarry University of Sunderland.
Applying Genetic Algorithms to Decision Making in Autonomic Computing Systems Authors: Andres J. Ramirez, David B. Knoester, Betty H.C. Cheng, Philip K.

Applying Genetic Algorithms to Decision Making in Autonomic Computing Systems Authors: Andres J. Ramirez, David B. Knoester, Betty H.C. Cheng, Philip K.
Defending Complex System Against External Impacts Gregory Levitin (IEC, UESTC)

Defending Complex System Against External Impacts Gregory Levitin (IEC, UESTC)
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
Optimal Survivability Enhancement in Complex Vulnerable systems Gregory Levitin The Israel Electric Corporation Ltd.

Optimal Survivability Enhancement in Complex Vulnerable systems Gregory Levitin The Israel Electric Corporation Ltd.
On the Application of Artificial Intelligence Techniques to the Quality Improvement of Industrial Processes P. Georgilakis N. Hatziargyriou Schneider ElectricNational.

On the Application of Artificial Intelligence Techniques to the Quality Improvement of Industrial Processes P. Georgilakis N. Hatziargyriou Schneider ElectricNational.
Reliability-Redundancy Allocation for Multi-State Series-Parallel Systems Zhigang Tian, Ming J. Zuo, and Hongzhong Huang IEEE Transactions on Reliability,

Reliability-Redundancy Allocation for Multi-State Series-Parallel Systems Zhigang Tian, Ming J. Zuo, and Hongzhong Huang IEEE Transactions on Reliability,
Evolutionary Intelligence

Evolutionary Intelligence
March 8, 2006  Yvo Desmedt Robust Operations Research II: Production Networks by Yvo Desmedt University College London, UK.

March 8, 2006  Yvo Desmedt Robust Operations Research II: Production Networks by Yvo Desmedt University College London, UK.
The Multiplicative Weights Update Method Based on Arora, Hazan & Kale (2005) Mashor Housh Oded Cats Advanced simulation methods Prof. Rubinstein.

The Multiplicative Weights Update Method Based on Arora, Hazan & Kale (2005) Mashor Housh Oded Cats Advanced simulation methods Prof. Rubinstein.
Network Aware Resource Allocation in Distributed Clouds.

Network Aware Resource Allocation in Distributed Clouds.
Slides are based on Negnevitsky, Pearson Education, 2005 1 Lecture 12 Hybrid intelligent systems: Evolutionary neural networks and fuzzy evolutionary systems.

Slides are based on Negnevitsky, Pearson Education, Lecture 12 Hybrid intelligent systems: Evolutionary neural networks and fuzzy evolutionary systems.
Introduction A GENERAL MODEL OF SYSTEM OPTIMIZATION.

Introduction A GENERAL MODEL OF SYSTEM OPTIMIZATION.
Linear Programming Data Structures and Algorithms A.G. Malamos References: Algorithms, 2006, S. Dasgupta, C. H. Papadimitriou, and U. V. Vazirani Introduction.

Linear Programming Data Structures and Algorithms A.G. Malamos References: Algorithms, 2006, S. Dasgupta, C. H. Papadimitriou, and U. V. Vazirani Introduction.
Boltzmann Machine (BM) (§6.4) Hopfield model + hidden nodes + simulated annealing BM Architecture –a set of visible nodes: nodes can be accessed from outside.

Boltzmann Machine (BM) (§6.4) Hopfield model + hidden nodes + simulated annealing BM Architecture –a set of visible nodes: nodes can be accessed from outside.

Similar presentations

Ads by Google