1 / 64

Selection of optimal countermeasure portfolio in IT security planning

Selection of optimal countermeasure portfolio in IT security planning. Author : Tadeusz Sawik Decision Support Systems Volume 55, Issue 1, April 2013, Pages 156–164 Adviser : Frank, Yeong -Sung Lin Presenter: Yi- Cin Lin. Agenda. Introduction Problem description Model

lela
Download Presentation

Selection of optimal countermeasure portfolio in IT security planning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Selection of optimal countermeasure portfolio in IT security planning Author: TadeuszSawik Decision Support Systems Volume 55, Issue 1, April 2013, Pages 156–164 Adviser: Frank, Yeong-Sung Lin Presenter: Yi-Cin Lin

  2. Agenda • Introduction • Problem description • Model • Single-objective approach • Bi-objective approach • Computational examples • Conclusion

  3. Agenda • Introduction • Problem description • Model • Single-objective approach • Bi-objective approach • Computational examples • Conclusion

  4. Introduction • The variousactions developed to prevent intrusions or to mitigate the impact of successful breaches are called controls or countermeasures.

  5. Introduction • In practice, even the most sophisticated countermeasures cannot be expected to completely block attacks. • This paper deals with the optimal selection of countermeasures in IT security planning to prevent or mitigate cyber-threats and a mixed integer programming approach is proposed for the decision making.

  6. Introduction • The problem is formulated as a single- or bi-objective mixed integer program

  7. Introduction • The bi-objective trade-off model provides the decision maker with a simple tool for balancing expected and worst-case losses and for shaping of the resulting cost distribution through the selection of optimal subset of countermeasures.

  8. Agenda • Introduction • Problem description • Models • Single-objective approach • Bi-objective approach • Computational examples • Conclusion

  9. Problem description • The blocking effectiveness of each countermeasure is assumed to be independent whether or not it is used alone or together with other countermeasures.

  10. Problem description • Notation • Total of potential scenarios.

  11. Problem description • Denote by the probability of threat . • Notation • The probability of attack scenario in the presence of independent threat events is

  12. Problem description • Notation • indicates that countermeasure totally prevents successful attacks of threat . • denotes that countermeasure is totally incapable of mitigating threat .

  13. Problem description • The proportion of successful attacks of threats type that survive all countermeasures in the subset of selected countermeasures is • The expected proportion of successful attacks of threat type for the subset of selected countermeasures is

  14. Problem description • Notation • The subset of selected countermeasures must satisfy the available budget constraint

  15. Problem description • The decision maker needs to decide which countermeasures to select to minimize losses from surviving occurrences of threats under limited budget for countermeasures implementation.

  16. Agenda • Introduction • Problem description • Model • Single-objective approach • Bi-objective approach • Computational examples • Conclusion

  17. Model • In a risk-neutral operating condition the overall quality of the selected countermeasure portfolio can be measured by the expected cost of losses from successful attacks.

  18. Minimization of expected cost- NSP_E • Notation • Countermeasure is selected for implementation if , otherwise .

  19. Minimization of expected cost- NSP_E • Countermeasure is selected at exactly one level i.e., • Notation

  20. Minimization of expected cost- NSP_E • The proportion of successful attacks of threats type that survive all selected countermeasures is • As a result, the expected cost of losses from successful attacks is given by a nonlinear formula

  21. Minimization of expected cost- NSP_E • Model NSP_E: Minimize Expected Cost (1) Subject to 1. Countermeasure selection constraints

  22. Minimization of expected cost- NSP_E Subject to 2.Integrality conditions: • The nonlinear integer program NSP_E is computationally hard for solving, even for small size instances of the problem.

  23. Minimization of expected cost- SP_E • The nonlinear objective function (1) can be replaced with a formula

  24. Minimization of expected cost- SP_E • In order to compute for each threat , a recursive procedure is proposed below.

  25. Minimization of expected cost- SP_E • For each threat and countermeasure can be calculatedrecursively as follows. • The initial conditionis • The remaining terms

  26. Minimization of expected cost- SP_E • In order to eliminate nonlinear terms in the right-hand side of Eq. (10), define an auxiliary variable

  27. Minimization of expected cost- SP_E and, in particular, for

  28. Minimization of expected cost- SP_E

  29. Minimization of expected cost- SP_E

  30. Minimization of expected cost- SP_E • Comparison of Eqs. (12) and (15) produces to the following relation

  31. Minimization of expected cost- SP_E

  32. Minimization of expected cost- SP_E • The above procedure eliminates all variables for each. • Summarizing, the proportion of successful attacks = in Foreach threat can be calculated recursively, using Eqs. (17), (16) and(13) with replaced by.

  33. Minimization of expected cost- SP_E • Model SP_E: Minimize Expected Cost (5) subject to 1. Countermeasure selection constraints Eqs. (2) and (3).

  34. Minimization of expected cost- SP_E Subject to 2. Surviving threats balance constraints (17) (16) (15)

  35. Minimization of expected cost- SP_E Subject to 3. Non-negativity and integrality conditions: (4)

  36. Selection of optimal countermeasure portfolio in IT security planning Adviser: Frank, Yeong-Sung Lin Presenter: Yi-Cin Lin

  37. Model • In a risk-neutral operating condition the overall quality of the selected countermeasure portfolio can be measured by the expected cost of losses from successful attacks.

  38. Minimize conditional value-at-risk • Notation • Model SP_CV: Minimize

  39. Minimize conditional value-at-risk Subject to 1. Countermeasure selection constraints: Eqs. (2)–(3). 2. Surviving threats balance constraints: Eqs. (18)–(21). 3. Risk constraints: 4. Non-negativity and integrality conditions: Eqs. (22)–(24)

  40. Minimize conditional value-at-risk • Models SP_E and SP_CV can be enhanced for simultaneous optimization of the expenditures on countermeasures and the cost of losses from successful attacks. • Removed constraints (3)

  41. Minimize conditional value-at-risk • Model SP_E+B Minimize Required Budget and Expected Cost subject to Eqs. (2), (18)–(24) and (28)

  42. Minimize conditional value-at-risk • Model SP_CV+B Minimize Required Budget and CVaR subject to Eqs. (2) and (18)–(28)

  43. Agenda • Introduction • Problem description • Model • Single-objective approach • Bi-objective approach • Computational examples • Conclusion

  44. Bi-objective approach • In the single objective approach the countermeasure portfolio is selected by minimizing either the expected loss (plus the required budget) or the expected worst-case loss (plus the required budget).

  45. Bi-objective approach • Model WSP Minimize Subject to Eqs. (2), (5) and (18)–(28)

  46. Bi-objective approach • Decision maker controls • Risk of high losses by choosing the confidence level α • trade-off between expected and worst-case losses by choosing the trade-off parameter λ.

  47. Agenda • Introduction • Problem description • Model • Single-objective approach • Bi-objective approach • Computational examples • Conclusion

  48. Computational examples • The data set is similar to the one presented in [20], which was based on the threat set reported on IT security forum EndpointSecurity.org

  49. Computational examples • =,the number of threats and the number of countermeasures, were equal to 10, and the corresponding number of potential attack scenarios, was equal to 1024.

More Related