1 / 38

Adviser : Frank , Yeong - Sung Lin Present by Jason Chang

Optimal Resource Allocation for Protecting System Availability against Random Cyber Attack International Conference Computer Research and Development(ICCRD) , 2011 3rd Li Wang. Adviser : Frank , Yeong - Sung Lin Present by Jason Chang. Agenda. Introduction Related Work

irisa
Download Presentation

Adviser : Frank , Yeong - Sung Lin Present by Jason Chang

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Optimal Resource Allocation for Protecting System Availability against Random Cyber AttackInternational Conference Computer Research and Development(ICCRD) , 2011 3rdLi Wang Adviser: Frank , Yeong - Sung Lin Present by Jason Chang

  2. Agenda • Introduction • Related Work • System Model and Assumptions • Problem Formulation • Determine the Optimal Solution • Experimentation • Conclusion

  3. Agenda • Introduction • Related Work • System Model and Assumptions • Problem Formulation • Determine the Optimal Solution • Experimentation • Conclusion

  4. Introduction • Many distributed system provide service with different level of criticalities , loss of core service often results in catastrophic consequences. • The time duration in which the system is operating is also the time duration in which attacks make their effort to breach the system. • Under limited resources , how to ensure the availability of system core service within that time duration is a challenging issue.

  5. Introduction • For an attacker , the time to compromise a system component depends on the component’s vulnerabilities and the attacker skill level. • Therefore , in order to increase system availability , it is advisable to: • extend the time needed by the attacker to compromise the component • decrease the probability that critical core components are attacked

  6. Introduction • In general , there are three commonly used approached to improve system availability: • component protection enhancement prevent the attacker from exploiting component’s vulnerabilities and detect external attacks in early stage • creation of redundant components the total time needed to compromise the system is prolonged • introducing camouflage of components decrease the probability that genuine components being attacked

  7. Introduction • Our current work is based on the assumption that some type of technology , such as the one proposed by Wang et. al.[28] , is used and attackers only execute random attack strategy. • In particular , we consider a situation where the defender is allowed to apply the three approaches mentioned before to protect a distributed system but with only limited resources. • We formulate this attacker-defender problem as a defender’s optimization problem and present an algorithm to optimally distribute resources so as to obtain maximum system availability.

  8. Agenda • Introduction • Related Work • System Model and Assumptions • Problem Formulation • Determine the Optimal Solution • Experimentation • Conclusion

  9. Related Work • Differs from other referenced papers in two aspects: • attacker’s model given a fixed amount of time to compromise the system • defender’s model consider a combination of protection approaches that require system configuration change and that do not require system configuration change

  10. Related Work • Differs from Levitin’s work from three aspects: • The system models are different • The attacker has no idea about the defender’s resource • The probability to compromise a component depends on the attack-time units and component protection status

  11. Agenda • Introduction • Related Work • System Model and Assumptions • Problem Formulation • Determine the Optimal Solution • Experimentation • Conclusion

  12. System Model and Assumptions • We assume that: • The criticality of system services varies , and the components which are to provide critical services are called core components. • Service will not be maintained if its components fails. • Failure of any core service results in system failure. • Only one defensive approach can be applied to a component. • Components are independent of each other. • Attacker uses random attack strategy and can only attack one component at each time unit.

  13. System Model and Assumptions

  14. System Model and Assumptions

  15. System Model and Assumptions

  16. Agenda • Introduction • Related Work • System Model and Assumptions • Problem Formulation • Determine the Optimal Solution • Experimentation • Conclusion

  17. Problem Formulation • The distributed system is originally composed of n components which are denoted as 。 • Defender’s resource R is distributed among camouflaged components(nf), protected components(np) , and the creation of r redundant components for each redundant components(nr). • The total number of components on which the redundancy approach or protection approach are applied should be no more than the total number of core components.

  18. Problem Formulation • We can formulate the attacker-defender problem using the balls-and-bins model. • The number of balls in a specific bin follows the Poisson Distribution. • The probability that a component will be attacked k time units is : where Yirefers to the attack-time unit on a specific component Xi, and

  19. Problem Formulation • As component failures are assumed to be independent of each other , the system availability can be represented as: where represents the probability that components Xi is operational

  20. Problem Formulation • As protected components require more than t1attack-time units to be compromised , the probability that the protected component is operational is : • When a redundancy approach is applied to the component , there will be components in total . Therefore , the probability that the composite component is operational is:

  21. Problem Formulation • In addition , when the component is neither protected nor replicated , its probability of being operational is:

  22. Problem Formulation • There are np components under protection and nrcomponents have redundant components. Thus , no defensive approach is applied on core components. • Therefore , the availability of system is:

  23. Problem Formulation • According to the Poisson Distribution: • Therefore , we have: where and

  24. Problem Formulation • The defender’s total resources are R , and . Moreover , np , nr , and nfmust be a non-negative integer. • Thus , the attacker-defender problem is a nonlinear integer programming problem in essence , and it can be expressed as:

  25. Agenda • Introduction • Related Work • System Model and Assumptions • Problem Formulation • Determine the Optimal Solution • Experimentation • Conclusion

  26. Determine the Optimal Solution • The optimal defensive strategy is to choose np , nr , and nf that maximizes the system availability. • Moreover , based on Equation 9 , we know that the system availability function is nonlinear , nonseparable , and nonconvex. • In [4] , Chern proved that the reliability redundancy optimization problem , even in a series system with two constraints , are NP-hard.

  27. Determine the Optimal Solution • Existing methods for solving nonlinear integer programming problems are mainly separated into three categories: • heuristic greatly decrease the computational complexity • approximations performance depends on the system structure • global optimization methods guarantee the optimal solution , but the complexity is relatively high

  28. Determine the Optimal Solution • Global optimization methods: • Dynamic programming not applicable to nonseparableproblem nor suitable for problem with more than two constraints • Branch-and-bound are used to solve problems with a large search space,but the effectiveness of a branch-and-bound procedure relies on the sharpness of the bound • Implicit enumeration very suitable for problems of small scale and with few variants

  29. Determine the Optimal Solution • Ex: • R=600 , D=100 , cf=20 , cr=50 , cp=30 , t1=5 , t0=3 , n=30 , m=10 r=1 • Result: • Maximum system availability is 0.77 where nf=15 , nr=0 , np=10

  30. Agenda • Introduction • Related Work • System Model and Assumptions • Problem Formulation • Determine the Optimal Solution • Experimentation • Conclusion

  31. Experimentation • Experiment 1:the available resources are not fixed

  32. Experimentation • Available resource is low. • Available resource increase. • Available resource reaches 1000

  33. Experimentation • Experiment 2:the total attack time units are not fixed • Total attack time is under 60. • Total attack time is over 70.

  34. Experimentation • Experiment 3:the amount of core components begin with 1 and increase by 2 in the next round. • Core components is less than 13. • Core components is between15 and 19. • Core components exceeds 21.

  35. Agenda • Introduction • Related Work • System Model and Assumptions • Problem Formulation • Determine the Optimal Solution • Experimentation • Conclusion

  36. Conclusion • Three sets of experiments are performed to investigate the relationship between: • available resources and system availability , resources and resources allocations strategies • attack time and resources allocation strategies • resource allocation strategies and the number of core components

  37. Conclusion • In this paper , we did not consider the cost the attacker accrues when attacking different components in the next time unit. • If take into consideration , the optimal problem may be view from two different perspectives: • attacker’s perspective how frequently to switch to another component • defender’s perspective analyze the attacker’s strategy , and take countermeasures to minimize the system damage

  38. Thanks for your listening

More Related