1. 國立台灣大學資訊管理研究所
碩士論文口試審查
達成資訊洩露程度最小化之 近似最佳化防禦資源配置策略 Near Optimal Network Defense Resource Allocation Strategies for the Minimization of Information Leakage
記得加上日期
指導教授：林永松 博士
研究生：曾中蓮
中華民國九十五年七月二十七日

2. Outline Introduction Problem Description & Formulation
Solution Approach
Computational Experiments
Conclusion & Future Work
2019/1/1
國立台灣大學 資訊管理研究所

3. Background Information Leakage Survivability Motivation
Introduction
Introduction
Background
Information Leakage
Survivability
Motivation

4. Background Information leakage bites.
Introduction
Background
Information leakage bites.
Theft of proprietary information is one of the top 3 security incidents resulting in serious damage to U.S. organizations.*
It is easily ignored by the victims due to the “silent” attack behavior.
Profound damage and loss will be caused once the stolen information is published or exploited.
說攻擊者拿到的information=所得的profit=對防禦者造成的damage
Proprietary information is private information developed and exclusively owned by an individual or company. This information is not known by others nor is it a part of the public domain.
The other two are Virus($42.8M) and Unauthorized access ($ 31.2M); Theft of proprietary information ($30.9M); Total loss in 2005 is $130.1M, totally 700 company
Leakage是被動的漏洞,當他被利用後就變成了主動的theft( leakage is vulnerability, and theft is attack behavior)
CSI: computer security institute
Hop-site
since there is no direct or immediate impact
*: L.A. Gordon, M.P. Loeb, W. Lucyshyn, and R. Richardson, “2005 CSI/FBI Computer Crime and Security Survey”, Computer Security Institue, 2005,
2019/1/1
國立台灣大學 資訊管理研究所

5. Background (Cont’d) Network survivability comes to the front.
Introduction
Background (Cont’d)
Network survivability comes to the front.
There is no error-free or attack-proof system in the world.
Safe/compromised state of security is no longer sufficient to describe the states of a system.
How well can a system sustain normal service under abnormal conditions?*
Unbounded system, and internet
*: “Technical Report on Enhanced Network Survivability Performance,” T1A1.2 Working Group on Network Survivability Performance, February 2001.
2019/1/1
國立台灣大學 資訊管理研究所

6. Background (Cont’d) Security States Survivability States
Introduction
Background (Cont’d)
Security States or
Safe
Safe
Compromised
Compromised
Survivability States
And we can develop many different metrics according this definition
Survivability is the capability of a system (including networks and
large-scale systems) to fulfill its mission, in a timely manner, in the
presence of attacks, failures, or accidents.*
*: R. J. Ellison, D. A. Fisher, R. C. Linger, H. F. Lipson, T. A. Longstaff, and N. R. Mead, “Survivable Network Systems: An Emerging Discipline,” Technical Report CMU/SEI-97-TR-013, Software Engineering Institute, Carnegie Mellon University, November 1997 (Revised: May 1999).
2019/1/1
國立台灣大學 資訊管理研究所

7. Introduction
Motivation
Damage and loss incurred by information theft is unaffordable.
Average loss has exploded from $168.5K in 2004 to $355.5K in 2005*
One of the most critical security issues in next two years.**
What should network operators do to decrease the impact?
Understand the features and vulnerabilities of networks
Grid, random, and scale-free networks
Know your enemy
Little research focuses on modeling attackers’ actions in an abstract and mathematical way.***
@There are three motivations: unendurable loss incurred by information theft, minimize the impact by knowing the enemies, seldom research in attackers’ actions focuses on mathematical model
The other incident that increase is unauthorized access (51.5K~303.2K)
The most critical incidents are Data protection and SW Vul, security, Policy and regulatory compliance, and Identity theft and leakage of private info.
AS-level internet
Past research focuses on case study and methodology, of model of concept, seldom on mathematical form
Grid network是一步一腳印,random network 有許多shortcut, scale-free有shortcut 及樞紐點
@attempts to model attackers’ actions in an abstract, mathematical way and then predict the future actions of attackers based on those models is a non-trivial and unsolved issue
By “A. Stewart, “On Risk: Perception and Direction,” Computers and Security, Volume 23, pp , May 2004.”
@Model of mathematical form is more generic, and can cover more cases, so that we can develop an engine guideline
*: L.A. Gordon, M.P. Loeb, W. Lucyshyn, and R. Richardson, “2005 CSI/FBI Computer Crime and Security Survey”, Computer Security Institute, 2005,
**: L.A. Gordon, M.P. Loeb, W. Lucyshyn, and R. Richardson, “2006 CSI/FBI Computer Crime and Security Survey”, Computer Security Institute, 2006,
***: A. Stewart, “On Risk: Perception and Direction,” Computers and Security, Volume 23, pp , May 2004.”
2019/1/1
國立台灣大學 資訊管理研究所

8. Total Loss Due to Information Theft
Introduction
Motivation (Cont’d)
Model the real offense-defense battle against information leakage (theft) into mathematical formulation.
DRAS model – Defense Resource Allocation Strategy (outer problem)
AS model – Attack Strategy (inner problem)
Propose survivability and susceptibility* metrics to evaluate the performance of defense and attack strategies.
DRAS Model
Defender
Survivability
Total Loss Due to Information Theft
Susceptibility
Attacker
@說一下兩個model的關係,以及解題的流程，重點在於紙上談兵
Game theory 也一樣是紙上談兵,最後只有一個最佳結果,但attack strategy共有2^n,不可能都列出來,所以雖然defense strategy決定後只會有一個最佳attack strategy,但仍要用一些heuristic來找到他,而這個過程就是AS model
但因為attack strategy有
@說明survivability與susceptibility之間的互補關係
AS Model
*: M. Keshtgary, F.A. Al-Zahrani, and A.P. Jayasumana, “Network Survivability Performance Evaluation with Applications in WDM Networks with Wavelength Conversion,” Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks, 2004.
2019/1/1
國立台灣大學 資訊管理研究所

9. Problem Description & Formulation
Problem Notation
Formulations of DRAS &
AS Model

10. Problem Description & Formulation
Total Attack Power
Total Defense Power
Defender has limited defense budget, nodes with different budgets have different defense capabilities
AS-level networks  path constraints; inner domain level, the attacker can not attack any node directly, ex:IP
Limited attack power
If a node is attacked, it can be still functional, and be the hop site; that’s why we only consider node attack, because only nodes can be hop sites
The attacker tries to maximize the total value contained by the attack tree, the defender wants to minimize it
Hop-site
2019/1/1
國立台灣大學 資訊管理研究所

11. Problem Description (Cont’d)
Assumption
The attacker’s objective is to maximize the total damage by constructing an “attack tree” of the targeted network.
The defender’s objective is to minimize the total damage by allocating a different budget to each node in the network.
Both the attacker and the defender have complete information about the network topology.
Both the attacker and the defender have resource budget limitations.
Only node attacks are considered.
Only malicious attacks are considered.
Only AS-level networks are considered.
A node is only subject to attack if a path exists from attacker’s position to that node, and all the intermediate nodes on the path have been compromised.
A node is compromised if the attack resources applied to the node are no less than defense power of the node.
Problem Description & Formulation
Only emphasize on 3,5,6
The attacker has complete information, maybe through getting the topology information or other ways, but he still needs to attack the nodes hop by hop, due to the firewall or other security mechanics
2019/1/1
國立台灣大學 資訊管理研究所

12. Problem Description (Cont’d)
Problem Description & Formulation
Given
Defense resource budget B
Attack resource budget A
Damage di incurred by compromising node i, i.e., the information value held by node i
Attacker’s position s, which is connected to the target network
The network topology and the network size
Objective
To minimize the maximized total damage
Subject to
Total defense cost must be no more than B
Total attack cost must be no more than A
The node to be attacked must be connected to the existing attack tree
To determine
Defender: budget allocation strategy
Attacker: which nodes to attack
Explain B, A, and di
2019/1/1
國立台灣大學 資訊管理研究所

13. Problem Description & Formulation
Problem Notation
Problem Description & Formulation
Decision variables:
Notation
Description ai
Attack power applied to node i, where i  N bi
Budget allocated to protect node i, where i  N
The threshold of the attack power needed to compromise node i ; i.e. the defense capability of node i, where i  N yi
1 if node i is compromised; and 0 otherwise (where i  N) xp
1 if path p is selected as the attack path; and 0 otherwise
(where p  Pw, w  W)
2019/1/1
國立台灣大學 資訊管理研究所

14. Problem Formulation – DRAS Model
(IP 2)
(IP 2.1)
(IP 2.2)
(IP 2.3)
(IP 2.4)
(IP 2.5)
(IP 2.6)
(IP 2.7)
(IP 2.8)
(IP 1)
(IP 1.1)
(IP 1.2)
(IP 1.3)
(IP 1.4)
(IP 1.5)
(IP 1.6)
(IP 1.7)
(IP 1.8)
(IP 1.9)
(IP 1.10)
Problem Formulation – DRAS Model
Problem Formulation – AS Model
min –
yi, ai
Objective function:
Problem Description & Formulation
Path Constraints
Subject to:
Budget Constraints
Path constraint就是continuity constraint,說是knapsack problem加上continuity constraint (AS model)
Attack Criterion
2019/1/1
國立台灣大學 資訊管理研究所

15. Solution Approach – AS Model
Solution Approaches
Solution Approach – AS Model
Solution Approach to the
AS Model
Lagrangean Relaxation Method
Getting Primal Feasible Solutions
Solution Approach to the
DRAS Model
Adjustment Procedure
Impact Factor

16. Solution Approach to the AS Model – Lagrangean Relaxation
The Lagrangean relaxation method is applied to solve the AS model.
The primal problem (P) can be transformed to a Lagrangean relaxation problem (LR) by relaxing the complicating constraints to the objective function with associated multipliers.
LR is easier to be solved than the primal problem.
Boundaries of the optimal objective function value to the primal problem can be obtained through the solving process.
Solution Approach – AS Model
2019/1/1
國立台灣大學 資訊管理研究所

17. Solution Approach to the AS Model – Lagrangean Relaxation (Cont’d)
LB <= Optimal Objective Function Value <= UB
Primal Problem (P)
Adjust Lagrangean Multiplier
Solution Approach – AS Model UB LB
Lagrangean Relaxation
Problem (LR)
Lagrangean Dual Problem
使用subgradient的條件是LR問題必須要能被decomposed成子問題，且每個子問題都要能被最佳解，否則multiplier的調整會有誤，且得到的LB是不成立的
調整multiplier後會得到一個對應的LR problem，所以我們要運用調整multiplier來將LR的值最大化，這個部份才叫做解dual problem
Subproblem
Subproblem
Source: M. L. Fisher, “The Lagrangean Relaxation Method for Solving Integer Programming Problems”, Management Science, vol. 27, 1-18, 1981
Optimal Solution
2019/1/1
國立台灣大學 資訊管理研究所

18. Solution Approach to the AS Model – Lagrangean Relaxation (Cont’d)
Z* – Best known feasible solution value of (P) = Initial feasible solution
– Initial multiplier value = 0
k – Iteration count = 0
i – Improvement count = 0
LB – Lower bound of (P) = -∞
– Initial step size coefficient = 2.
Initialization
Solution Approach – AS Model
If i reaches the Improvement Counter Limit, λ = λ / 2, i = 0
uk+1 = max(0, uk + tk (Axk + b))
k = k + 1.
Adjustment of Multiplier
Solve Lagrangean Relaxation Problem
Solve each subproblem of ( ) optimally
Get decision variable xk and optimal value ZD(μk).
Get Primal Feasible Solution
If xk is feasible in (P), the resulting value is a UB of (P)
If xk is not feasible in (P), tune it with proposed heuristics.
強調multiplier的調整是subgradient method,並且之後會再用到
Check Termination
If (|Z* - LB|) / min (|LB|, |Z*|) <  or
k reaches Iteration Counter Limit
LB ≥ Z*?
Update Bounds
Z* = min (Z*, UB)
LB = max (LB, ZD(μk))
i = i + 1 if LB does not change.
STOP
2019/1/1
國立台灣大學 資訊管理研究所

19. Solution Approach to the AS Model – Two-stage Relaxation Procedure (Cont’d)UB
Primal Problem
Lagrangean Relaxation
Problem – Stage 1
Subproblem for xp
Subproblem for ai LB
Subproblem for yi
Stage 1 – Relax Constraints (2.1), (2.2), and (2.8)
Getting Primal Feasible Solutions – Stage 1
O(|N|2)
O(|N|)
Lagrangean Relaxation
Problem – Stage 2 LB
Stage 2 – Relax Constraints (2.1), (2.2), and (2.7)
Getting Primal Feasible Solutions – Stage 2
Subproblem for xp
Subproblem for
yi and ai
O(|N|)
O(|N|2)
Final UB and LB
Two-stage Relaxation Procedure
2019/1/1
國立台灣大學 資訊管理研究所

20. Solution Approach – AS Model
Solution Approach to the AS Model – Getting Primal Feasible Solutions of Stage 1
Solutions to the LR problem and Lagrangean multipliers provide good hints and a starting point to get primal feasible solutions.
We derive a primal algorithm by using the solutions of ai and in the dual problem.
Sort all nodes by their weights, and adopt the concept of Prim’s minimum cost spanning tree algorithm.
Compromise nodes with smaller weights but moderate path costs for the most beneficial results.
Solution Approach – AS Model
Time Complexity O(|N|log2|N|)
2019/1/1
國立台灣大學 資訊管理研究所

21. Solution Approach – AS Model
Solution Approach to the AS Model – Getting Primal Feasible Solutions of Stage 1 (Cont’d)
Activate the first half of uncompromised nodes.
Apply Prim’s algorithm to activated nodes.
Compromise an activated node if the attacker has enough power to construct an attack path to that targeted node. s 2 6 1 8 7 3 9 4 5 s
Solution Approach – AS Model
The concept is that we want to compromise nodes with smaller weights first, but we also want the cost of attack paths are reasonable. Thus, we only activate nodes with smaller weights, so that we can ensure that the paths are composed of nodes with small weights.
Assume that each node contains 1 unit of information
Susceptibility = 5/9
Survivability = 1-5/9 = 4/9
Node weight =
2019/1/1
國立台灣大學 資訊管理研究所

22. Solution Approach – AS Model
Solution Approach to the AS Model – Getting Primal Feasible Solutions of Stage 2
The algorithm is derived solutions of xp in the dual problem.
Take the union of attack paths in the dual problem to construct an attack tree.
A node’s weight is calculated by the same function used in the primal algorithm of Stage 1.
Solution Approach – AS Model
Time Complexity O(|N|log|N|)
2019/1/1
國立台灣大學 資訊管理研究所

23. Solution Approach to the AS Model – Getting Primal Feasible Solutions of Stage 2 (Cont’d)6 1 8 7 3 9 4 5 2 6 1 8 7 3 9 4 5
Solution Approach – AS Model
Node weight =
Case 1: total attack cost > total attack budget
2019/1/1
國立台灣大學 資訊管理研究所
Case 2: total attack cost < total attack budget

24. Solution Approach to the DRAS Model – Adjustment Procedure
The adjustment procedure is used to re-allocate defense resources after the attack each time.
Adopt the concept of the subgradient method.
Extract of resources from uncompromised nodes, and allocate them to compromised nodes with reallocation strategy.
 is the step size coefficient.
wi / wmax is the impact factor of node i; wi is the average times which node i is used as a hop-site.
Defender
Adjustment
Procedure
Total Loss Due to Information Theft
Solution Approach – DRAS Model
Lagrangean Relaxation Method
Attacker
AS Model
說這個演算法的概念基礎，就是沒被攻擊的點代表資源太多，所以要抽一些分給被攻擊的點
直接說物理意義,不要說subgradient的意義
Sigma is halved if the solution quality doesn’t improve within a certain iteration count.
The more weight it is, the less proportion of resources it will be extracted if not being compromised
Attacker
Defender
2019/1/1
國立台灣大學 資訊管理研究所

25. Solution Approach to the DRAS Model – Impact Factor4 2 1 s 5 2 3 1 1 2 4
2.5
1.5
0.5 2
Solution Approach – DRAS Model
Extraction = 0.9
Extraction = 0.6
Extraction =
Solve
AS Model
wmax =
(5+5)/2 = 5
wmax = 5
2019/1/1
國立台灣大學 資訊管理研究所

26. Computational Experiments
Experiment Environments
Experimental Results of the
AS Model
DRAS Model
Computational Experiments

27. Experimental Environments
Parameter of the DRAS & AS Model
Parameter
Value
Testing Topology
Grid networks, Random networks, Scale-free networks
Number of Nodes |N|
AS model: 49, 100, 400, 900
DRAS model: 25, 49, 100
Total Defense Budget B
Equal to Number of Nodes
Total Attack Budget A
Equal to Total Defense Budget
Damage Distribution
Random distribution (D1), Degree-based distribution (D2), Uniform distribution (D3)
Budget Allocation Strategy
Uniform allocation (B1), Degree-based allocation (B2), Damage-based allocation (B3)
Budget Reallocation Strategy
Defense Capability
= 2bi + ε, bi is the budget allocated to node i,
Computational Experiments
強調D與B
解釋defense power:2breturn>investment, e node is a shell to information
解釋何謂B3
2019/1/1
國立台灣大學 資訊管理研究所

28. Computational Results – AS Model
D1: random distribution, D2: degree-based distribution, D3: uniform distribution
B1: uniform allocation, B2: degree-based allocation, B3: damage-based allocation
|N| = 900
Computational Experiments
Consistent to our common sense
Our results can reflect the degree distribution of different topologies
D3 damage distribution is the most robust  all nodes are created equal is the best network
Small grid network is sensitive because nodes with degree 4 aren’t the major group
Damage-based defense budget allocation strategy (B3) causes the lowest susceptibility in all cases.
Networks with uniform damage distribution (D3) are less susceptible than networks with D1 and D2 distribution averagely.
2019/1/1
國立台灣大學 資訊管理研究所

29. Computational Results – AS Model (Cont’d)
Simple algorithm 1 (SA1)
Derived from primal algorithm of stage 1
Node weight =
Simple algorithm 2 (SA2)
Apply Prim’s algorithm to construct the minimum cost spanning tree.
Target the node with the smallest weight, and construct an attack path to it according to the spanning tree.
Stop when the attacker has no spare attacker power.
Simple algorithm 3 (SA3)
Apply the concept of the greedy algorithm to construct an attack tree until the total attack power is consumed.
The attacker only has local information about the network topology.
Time Complexity O(|N|log2|N|)
Computational Experiments
Time Complexity O(|N|log|N|)
Time Complexity O(|N|log|N|)
2019/1/1
國立台灣大學 資訊管理研究所

30. Computational Results – AS Model (Cont’d)
Computational Experiments
Say LR is much more better than other SAs when facing irregular networks, because the topological structure is more complicated
General Trend of Susceptibility:
Grid Networks  Random Networks  Scale-free Networks
2019/1/1
國立台灣大學 資訊管理研究所

31. Computational Results – DRAS Model
D1: random distribution, D2: degree-based distribution, D3: uniform distribution
B1: uniform allocation, B2: degree-based allocation, B3: damage-based allocation
|N| = 49
Initial Budget Allocation Strategy = B3
|N| = 100
B3 reallocation strategy can improve the survivability of random networks and scale-free networks.
The initial survivability of networks under D3 are the most robust, but no further improvement can be made through budget reallocation.
因為在D3時每個點一樣重要,重新分配資源會造成厚此失彼的結果,並無法提升網路的存活度
2019/1/1
國立台灣大學 資訊管理研究所

32. Conclusion & Future Work
Contribution
Future Work
Conclusion & Future Work

33. Conclusion & Future Work
Address the issue of the best resource allocation strategies for the attacker and the defender, so that the result of information theft can be accepted by both sides.
AS model
Damage-based defense resource allocation strategy will cause the lowest susceptibility for the attacker.
Grid networks are the most robust, and scale-free networks are the most vulnerable to information theft.
DRAS model
For random and scale-free networks, “the rich get richer, and the poor get poorer” is the best defense resource allocation strategy.
The result is profit gained by the attacker, and the damage caused to the defender
強調KNAPSACK與此model間之對應
Conclusion & Future Work
2019/1/1
國立台灣大學 資訊管理研究所

34. Conclusion & Future Work
Contribution
Problem formulation and solution approaches to the DRAS model and the AS model
Survivability & susceptibility metrics
Engineering guidelines of defense resource allocation strategy for random and scale-free networks
“The rich get richer, and the poor get poorer.”
attempts to model attackers’ actions in an abstract, mathematical way and then predict the future actions of attackers based on those models is a non-trivial and unsolved issue
By “A. Stewart, “On Risk: Perception and Direction,” Computers and Security, Volume 23, pp , May 2004.”
Model offense-defense scenarios against information leakage (theft) in the real world into mathematical formulation and provide adequate solution approaches to it.
Propose a survivability/susceptibility metric to evaluate the effectiveness of different defense resource allocation strategies and attack strategies.
Propose a engineering guideline of how a network defender should allocate the defense resources.
Conclusion & Future Work
2019/1/1
國立台灣大學 資訊管理研究所

35. Conclusion & Future Work
“Secret sharing scheme” concept
Only if several certain nodes have been all compromised can the attacker gains confidential information and causes extra damage to the defender.
Discussion of special cases
The existence of “choke points”
加強防禦choke points可以有效提升survivability,
但如何確知choke points的存在並找出關鍵的choke points,
仍是一道難題 s
Conclusion & Future Work
2019/1/1
國立台灣大學 資訊管理研究所

36. Thank You!!

37. Extra Notations Given Parameter: Decision Variable: Notation
Description G
The index set of all sensitive information groups in the network sg
Damage incurred by compromising all members of group g, where g G
gi
An indicator function, which is 1 if node i is in sensitive information group g, and 0 otherwise (where iN, g G)
Notation
Description zg
1 if all members of group g are compromised, and 0 otherwise (where g G)
2019/1/1
國立台灣大學 資訊管理研究所

38. Problem Formulation of Extended Model
(IP 3)
(IP 3.1)
(IP 3.2)
(IP 3.3)
(IP 3.4)
(IP 3.5)
(IP 3.6)
(IP 3.7)
(IP 3.8)
(IP 3.9)
(IP 3.10)
(IP 3.11)
(IP 3.12)
Problem Formulation of Extended Model
Objective function:
Problem Description & Formulation
Subject to:
2019/1/1
國立台灣大學 資訊管理研究所

39. DRAS Model in Game Theory
Defender
A asymmetric, zero-sum, and sequential game with perfect information
The attacker’s actions consist of a set of feasible attack trees.
The defender’s actions consist of a set of defense strategies.
Defense Strategy 1
Defense Strategy 2
Defense Strategy 3 …
Attack Tree A
Survivability 1A
Survivability 2A
Survivability 3A
Attack Tree B
Survivability 1B
Survivability 2B
Survivability 3B
Attack Tree C
Survivability 1C
Survivability 2C
Survivability 3C
Attacker
Defense strategy means which nodes to protect. Although the strategies are continuous, similar strategies will result in the same defense effect. Thus, we can divide the strategies into finite number of groups
We can describe DRAS model by game theory, however, we can’t finish the payoff matrix unless we find all the attack trees and defense strategies, which is impractical.
Thus, although this problem can be modeled by game theory, it can be solved through game theory.
Defender’s Payoff Matrix
2019/1/1
國立台灣大學 資訊管理研究所

40. Concave Function for Defense Capability
2019/1/1
國立台灣大學 資訊管理研究所

41. Background (Cont’d) Scale-free networks imply Achilles’ Heel.
Introduction
Background (Cont’d)
Scale-free networks imply Achilles’ Heel.
Degree distribution P(k) decays as a power-law distribution
Ex: Internet, citation networks
The features of scale-free networks
Growth
Preferential attachment
“Hub” – Achilles’ Heel
Low network diameter k
P(k)
強調AS level
舉citation network為例
強調low diameter, connectivity由hubs maintain
解釋何謂scale-free (it means that there’s no end for the fat tail),描述各個網路的degree特性
In the past, networks are divided into regular( grid, ring, cube…) and irregular--random
2<r<3
Internet:r=2.48
*: R. Albert, H. Jeong, and A.-L. Barabási, “Error and Attack Tolerance of Complex Networks,” Nature, Volume 406, pp , July 2000.
2019/1/1
Grid Network
Random Network*
國立台灣大學 資訊管理研究所
Scale-free Network*

42. Problem Description & Formulation
Problem Notation
Problem Description & Formulation
Given parameters:
Notation
Description N
The index set of all nodes in the network W
The set of all O-D pairs, where the origin is node s and the destinations are the nodes of positive di , where i, s  N di
Damage incurred by compromising node i, where i  N Pw
The index set of all candidate paths for O-D pair w, where w  W A
The total attack power B
The total defense budget
δpi
The indicator function which is 1 if node i is on path p; and 0 otherwise (where i  N, p  Pw, w  W)
The damage to the network is equal to the profit gained by the attacker
2019/1/1
國立台灣大學 資訊管理研究所

43. Solution Approach to the AS Model – Problem Decomposition of Stage 1
By applying the Lagrangean relaxation method, the primal problem (IP 2) can be transformed into a Lagrangean relaxation problem (LR 1) where Constraints (2.1), (2.2), and (2.8) are relaxed.
Optimization Problem (LR 1):
The LR problem is further decomposed into three (xp, yi, ai) independent sub-problems.
Solution Approach – AS Model
2019/1/1
國立台灣大學 資訊管理研究所

44. Solution Approach – AS Model
Solution Approach to the AS Model – Problem Decomposition of Stage 1 (Cont’d)
Subproblem 1.1 (related to decision variable xp )
Subproblem 1.1 can further be decomposed into |W| independent shortest path problems.
Apply Dijkstra’s minimum cost shortest path algorithm once and optimally solve each independent problem.
(Sub 2.1)
(Sub 2.1.2)
(Sub 2.1.1)
Subject to
Solution Approach – AS Model
Time Complexity O(|N|2)
2019/1/1
國立台灣大學 資訊管理研究所

45. Solution Approach – AS Model
Solution Approach to the AS Model – Problem Decomposition of Stage 1 (Cont’d)
Subproblem 1.2 (related to decision variable yi)
Subproblem 1.2 can further be decomposed into |N| independent problems.
Examine the parameter of each yi , and set it to 1 if the result is negative, 0 otherwise.
(Sub 1.2)
Subject to
(Sub 1.2.1)
Solution Approach – AS Model
Time Complexity O(|N|)
2019/1/1
國立台灣大學 資訊管理研究所

46. Solution Approach – AS Model
Solution Approach to the AS Model – Problem Decomposition of Stage 1 (Cont’d)
Subproblem 1.3 (related to decision variable ai)
Subproblem 1.3 can be viewed as a fractional knapsack problem, where is profit, and is weight. It can be solve optimally by the greedy method.
(Sub 1.3)
Subject to
(Sub 1.3.1)
(Sub 1.3.2)
Solution Approach – AS Model
Time Complexity O(|N|2)
2019/1/1
國立台灣大學 資訊管理研究所

47. Solution Approach to the AS Model – Problem Decomposition of Stage 2
By applying the Lagrangean relaxation method, the primal problem (IP 2) can be transformed into a Lagrangean relaxation problem (LR) where Constraints (2.1), (2.2), and (2.7) are relaxed.
Optimization Problem (LR):
The LR problem is further decomposed into two (xp , [yi, ai]) independent sub-problems.
Solution Approach – AS Model
先說relax第1第2及第7條限制式，並有三個multiplier
說拆成兩個sub -problem
2019/1/1
國立台灣大學 資訊管理研究所

48. Solution Approach – AS Model
Solution Approach to the AS Model – Problem Decomposition of Stage 2 (Cont’d)
Subproblem 1.1 (related to decision variable xp )
Subproblem 2.1 can further be decomposed into |W| independent shortest path problems.
Apply Dijkstra’s minimum cost shortest path algorithm once and optimally solve each independent problem.
(Sub 2.1)
(Sub 2.1.2)
(Sub 2.1.1)
Subject to
Solution Approach – AS Model
分成W個問題,是個admission control問題,u1是node成本,u2是路徑的reward,成本小於reward才選路徑,因為大家的source是同一個,相當於找shortest path tree
Time Complexity O(|N|2)
2019/1/1
國立台灣大學 資訊管理研究所

49. Solution Approach – AS Model
Solution Approach to the AS Model – Problem Decomposition of Stage 2 (Cont’d)
Subproblem 1.2 (related to decision variable yi, ai)
Subject to:
Subproblem 1.2 can further be decomposed into |N| independent problems.
Determine the value of each yi and ai by examining its associated parameters.
(Sub 2.2)
(Sub 2.2.1)
(Sub 2.2.2)
(Sub 2.2.3)
Solution Approach – AS Model
先說拆成n個problem
Time Complexity O(|N|)
2019/1/1
國立台灣大學 資訊管理研究所

50. Experimental Environments
Parameters of the Lagrangean Relaxation Method
Parameters
Value
Iteration Counter Limit
2000
Improve Counter Limit 80
Initial UB
Initial Multiplier
Initial Scalar of Step Size  2
Parameters of the Subgradient-based Algorithm
500 20
Initial Scalar of Step Size 
0.5
System Parameters
Test Platform
CPU: INTELTM Pentium 4.3GHz
RAM: 1 GB
OS: Microsoft Windows 2000
Computational Experiments
*: S. Martello & P. Toth, “Upper Bounds and Algorithms for Hard 0-1 Knapsack Problems,” Operations Research, Volume 45, Number 5, pp , September 1997.
2019/1/1
國立台灣大學 資訊管理研究所

51. Computational Results – AS Model (Cont’d)
2019/1/1
國立台灣大學 資訊管理研究所

52. Computational Results – DRAS Model (Cont’d)
2019/1/1
國立台灣大學 資訊管理研究所