Adviser: Frank, Yeong-Sung Lin
Presenter: Yi-Cin Lin
NSP_E
Bi-objective

While this formulation has more variables
than our original non-linear formulation, it
should still solve more quickly than its nonlinear counterpart.

Notation

Total of
potential scenarios.

Denote by

Notation

the probability of threat
.
The probability of attack scenario in
the presence of independent threat events is

Notation
◦
indicates that countermeasure
totally
prevents successful attacks of threat .
◦
denotes that countermeasure is totally
incapable of mitigating threat .


Notation
The subset of selected countermeasures
must satisfy the available budget
constraint


This added level of specificity is necessary to
maintain the linearity of the formulation.
Also, it improves the model’s flexibility by
allowing for the possibility of a
countermeasure being implemented at
numerous levels.


Countermeasure
level i.e.,
Notation
is selected at exactly one

Model NSP_E:
Minimize Expected Cost (1)
Subject to
COST
NSP_E
NSP_E
Bi-objective

The nonlinear objective function (1) can be
replaced with a formula

In order to compute
for each threat , a
recursive procedure is proposed below.

For each threat
and countermeasure
can be calculated recursively as follows.

The initial condition is

The remaining terms

In order to eliminate nonlinear terms in the
right-hand side of Eq. (10), define an
auxiliary variable
and, in particular, for

Comparison of Eqs. (12) and (15) produces to
the following relation


The above procedure eliminates all variables
for each .
Summarizing, the proportion of successful
attacks
=
in For each threat can be
calculated recursively, using Eqs. (17), (16)
and (13) with
replaced by
.

Model SP_E:
Minimize Expected Cost (5)
subject to
1. Countermeasure selection constraints
Eqs. (2) and (3).
Subject to
2. Surviving threats balance constraints
(17)
(16)
(15)
NSP_E
NSP_E
Bi-objective


Notation
Model SP_CV:
Minimize
Subject to
1. Countermeasure selection constraints:
Eqs. (2)–(3).
2. Surviving threats balance constraints:
Eqs. (18)–(21).
3. Risk constraints:
4. Non-negativity and integrality conditions:
Eqs. (22)–(24)
Risk-neutral
Minimize
expected cost
Risk-averse
Minimization of
expected worstcase cost
SP_E
SP_E+B
Single-objective
Bi-objective
SP_CV
SP_CV+B

Models SP_E and SP_CV can be enhanced for
simultaneous optimization of the
expenditures on countermeasures and the
cost of losses from successful attacks.
◦ Removed constraints (3)
◦

Model SP_E+B
Minimize Required Budget and Expected Cost
subject to
Eqs. (2), (18)–(24) and (28)

Model SP_CV+B
Minimize Required Budget and CVaR
subject to
Eqs. (2) and (18)–(28)

Introduction

Problem description

Model
◦ Single-objective approach
◦ Bi-objective approach

Computational examples

Conclusion
NSP_E
NSP_E
Bi-objective

In the single objective approach the
countermeasure portfolio is selected by
minimizing either the expected loss (plus the
required budget) or the expected worst-case
loss (plus the required budget).

Model WSP
Minimize
Subject to
Eqs. (2), (5) and (18)–(28)

Decision maker controls
◦ Risk of high losses by choosing the confidence level
α
◦ trade-off between expected and worst-case losses
by choosing the trade-off parameter λ.

Introduction

Problem description

Model
◦ Single-objective approach
◦ Bi-objective approach

Computational examples

Conclusion

The data set is similar to the one presented in
[20], which was based on the threat set
reported on IT security forum
EndpointSecurity.org

= , the number of threats and the number
of countermeasures, were equal to 10, and
the corresponding number
of potential
attack scenarios, was equal to 1024.

For the bi-objective approach, the subsets of
nondominated solutions were computed by
parameterization on
λ∈{0.01,0.10,0.25,0.50,0.75,0.90,0.99} the
weighted-sum program WSP.

A critical issue that needs to be considered
before any practical application of the
proposed models is attempted, however, is
the estimation of probabilities and the
resulting losses associated with each type of
threats and countermeasures.


In practice, threat likelihood estimates are
provided by security experts (e.g., [24]) and
complete distributional information is not
available.
However, the proposed scenario-based
approach does not require such a complete
information to be available and only assumes
independence of different threat events.

The computational experiments prove that
for a limited number of attack scenarios
considered, the optimal risk-averse portfolio
can be found within CPU seconds, using the
Gurobi solver for mixed integer programming.
Thanks for your listening!