Advisor: Yeong-Sung Lin
Presented by Chi-Hsiang Chan
2011/3/28
1
+ Introduction
+ Problem formulation
+ Multi-dimensional D-spectrum
+ F>3 clusters in the network
+ Illustrative example: attack and defense of a network
+ Conclusion
2011/3/28
2
+ Introduction
+ Problem formulation
+ Multi-dimensional D-spectrum
+ F>3 clusters in the network
+ Illustrative example: attack and defense of a network
+ Conclusion
2011/3/28
3
+ Defense against external impacts, and especially against
intentional external impacts, becomes increasingly
important due to the increasing threats of malicious
attacks.
+ The defender’s objective for a system is that it survives
and functions reliably under all circumstances.
+ In order to evaluate the efficiency of defensive measures
the defender should evaluate the effect of these
measures on the expected damage that can be caused by
attacks.
2011/3/28
4
+ Research in network reliability and risk analysis must
help understand how to prevent or mitigate the damage
caused by intentional attacks on the networks.
+ Usually assumed:
– An interdictor is interested in reducing the flow through the
network by interdicting network elements, usually the links.
– The interdictor has limited resources to interdict network
elements and as suck it faces a resource allocation problem,
where the objective is to maximize the damage inflicted to the
network.
2011/3/28
5
+ In the case when the network provides connection
among different terminal nodes corresponding to users
or critical facilities, the damage caused by an attack can
be different depending on the amount of terminals that
become isolated from any other terminal because of link
interdiction.
+ It is important to find a way that evaluates the
probability of network disintegration into disconnected
sub-networks and estimates the associated damage in
order to compare different options of network defense.
2011/3/28
6
+ This work considers the expected damage caused by the
network disintegration into separated clusters (with at
least one terminal node) and presents a novel multidimensional spectra technique for evaluating this
damage.
+ We assume that the damage caused by disintegration is
proportional to the number of clusters and does not
depend on their size.
+ The assumption is relevant for information networks,
where the information can freely flow within each cluster
and the damage is proportional to the effort needed to
restore the inter-cluster connectivity.
2011/3/28
7
+ A network has a node set N, edge (link) set E and a
subset    of special nodes called terminals.
+ All nodes are absolutely reliable while the edges are
subject to failure.
+ Edge(link) failure means its elimination from the network.
+ The attacker strikes the network links trying to cause
damage by disintegrating the network into clusters.
2011/3/28
8
+ Both the attacker and the defender have limited and
fixed resources.
+ The attacker does not know the network structure and
arracks a randomly chosen subset of links distributing its
attack resources evenly among these links.
+ The defender has no information about the subset of
links chosen for the attack. All links are equally protected.
2011/3/28
9
+ The model presented in this paper is based on a multi-
dimensional destruction spectra approach that allows
evaluating the probability of network disintegration into
a given number of clusters when a fixed number of
randomly chosen links is eliminated.
+ It uses the contest success function that evaluates
vulnerability of individual links as a function of per-link
attack and defense efforts.
2011/3/28
10
+ Introduction
+ Problem formulation
+ Multi-dimensional D-spectrum
+ F>3 clusters in the network
+ Illustrative example: attack and defense of a network
+ Conclusion
2011/3/28
11
L
Number of links in the network
f
number of disconnected clusters
F
Number of terminals in the network
d(f)
damage associated with network
disintegration into f disconnected
clusters
k
Number of attacked links
D(k)
expected damage caused by an
attack on k randomly chosen links
R
Entire attacker’s resource
Δ
expected damage for uniformly
distributed number of attacked links
y
Attacker’s impact effort per attacked
link
m
contest intensity
z
Defender’s protection effort per link
p(j,f)
the probability that the network falls
apart into f clusters if j links re
destroyed
P(x)
probability of event x
v(y,z) link vulnerability as a function of
attacker’s and defender’s efforts
q j (k )
2011/3/28
probability that exactly j links are
destroyed after attack on k links
12
+ A network with a given topology contains L protected
links. Each link is protected with effort z.
+ The attacker strikes k randomly chosen links evenly with
resource R. The per-link attack effort is y=R/k.
+ The vulnerability of attacked link is determined by a
contest between the defender and the attacker, form as
ym
v m m
y z
2011/3/28
(1)
13
+ Skaperdas offered three axioms for contest success
functions:
– 1≥v≥0 and the contest success for the defender and the
attacker sum to one.
– ∂v/ ∂y>0 and ∂v/ ∂z<0.
– Each agent’s contest success depends on its effort and not
on the identity of agent or opponent.
2011/3/28
14
+ m ≥0 is a parameter that expresses the intensity of the
+
+
+
+
2011/3/28
contest.
A benchmark intermediate value is m=1, where the
investment have proportional impact on the vulnerability.
0 < m < 1gives a disproportional advantage of investing
less than one’s opponent. m>1 gives a disproportional
advantage of investing more effort than one’s opponent.
m=0 , vulnerability = 50%
m=∞ gives a step function where “ winner-takes-all”.
The parameter m is a characteristic of the contest which
can be illustrated by the history of warfare.
15
+ In the case when the attacker distributes its resource R
among k links the link vulnerability takes the form
ym
1
v( k )  m m 
y z
1  ( zk / R)m
(2)
+ If the attacker attacks k links, it succeeds to destroy
exactly j links with probability
k 
q j (k )    v(k ) j (1  v(k )) k  j
 j
2011/3/28
(3)
16
+ The probability that the network falls apart into f
disconnected clusters as a result of destruction of j
randomly chosen links be p(j,f), and the damage
associated with the network falling apart into f
disconnected clusters be d(f).
+ The expected damage D(k) in the case of attack against k
randomly chosen links is
k
F
j 0
f 2
D( k )   q j ( k )  p ( j , f ) d ( f )
(4)
where F is the maximal number of clusters, which is
equal to the number of terminals.
2011/3/28
17
+ If the defender knows the distribution of k, ε(i)=P(k=i), It
can evaluate the total expected damage as
L
L
i
F
i 1
i 1
j 0
f 2
    (i) D(i)    (i) q j (i) p( j, f )d ( f )
(5)
+ When the defender has no information about the
distribution of k, it assumes that the attacker acts
completely at random and can choose k from 1 to L with
equal probability. The expected damage is
1 L
   D(i )
L i 1
2011/3/28
(6)
18
+ Introduction
+ Problem formulation
+ Multi-dimensional D-spectrum
+ F>3 clusters in the network
+ Illustrative example: attack and defense of a network
+ Conclusion
2011/3/28
19
+ By network N=(V,E,T) we denote an undirected
graph with a node-set V, |V|=n, an edge-set
E,|E|=L, and a set   V of special nodes called
terminals, |T|=F.
+ If all nodes of the network are connected to
each other directly or indirectly, the network
N is called connected.
2011/3/28
20
+ For example, N has 4 nodes V=(a,b,s,t), two terminals
t=(s,t), 2 edges E={(a,s),(b,t)}. Obviously, N is not
connected, it has two components, and each of them
is a cluster.
s
b
a
t
2011/3/28
21
+ The network can be only in two states UP and DOWN,
where the UP state takes place if and only if all terminals
of the network are connected to each other by the
elements which are in the UP state. Otherwise, the
network is DOWN.
+ In this paper we split the DOWN state into several substates according to the number of disconnected clusters
in the network. When F=|T|=3.
– UP => number of cluster=1
– DOWN2 => number of cluster=2
– DOWN3 => number of cluster=3
2011/3/28
22
+ Definition 1. Let 
be a permutation of
network links. Suppose initially that they all are UP. Start
turning them from UP to DOWN by moving π from left to
right.
+ Fixed the first element eir when the network state
become DOWN 2 => r2 ( )  ei ,called the second anchor.
+ Fixed the first elementeig when the network state
become DOWN 3 => r3 ( )  ei ,called the third anchor.
+ Define the probability the probability of the event A(i,j) =
{r2 =i, r3=j} as
 (ei1 , ei2 ,....., eiL )
r
g
# of permutations with r2 ( )  i and r3  j
wi , j  P( A(i, j )) 
L!
2011/3/28
(7)
23
+ Definition 2. The two-dimensional discrete density
function d ={wi,j}, i,j = 1,2,….,L , is called network twodimensional destruction spectrum(D-spectrum).
+ Definition 3. The marginal distribution u  {u1 , u2 ,..., uL }of
the first component of the D-spectrum is called the
second spectrum, and g  {g1 , g2 ,..., g L }is called the third
spectrum.
k
+ U 2 (k )   ui and U (k )   g for k=1,…,L are called the second
i 1
and the third cumulative spectra of the network.
+ U2(L) = U3(L) = 1
k
3
2011/3/28
j 1
i
24
+ The total number of permutations of L=4 links is 4!=24.
(3,4) 4 permutations
(2,4) 8 permutations
(2,3) 12 permutations
1,4,2,3
1,2,4,3
1,2,3,4
w3,4 = 1/6
w2,4 = 2/6
w2,3 = 3/6
+ u1=0,u2=5/6,u3=1/6,u4=0
+ g1=0,g2=0,g3=3/6,g4=3/6
+ U2(1)=0,U2(2)=5/6,
U2(3)=U2(4)=1
+ U3(1)=U3(2)=0,
U3(3)=1/2,U3(4)=1
2011/3/28
25
+ Remark 1. The standard reliability theory deals mostly
with binary systems consisting of binary components.
The system has only one DOWN state, its D-spectrum
becomes a one-dimensional distribution.
+ Gertsbakh and Shpungin and Samaniego considered the
case of i.i.d. continuous component lifetimes Xi, i=1,…,k
and defined the r-th element of the signature as the
probability that system failure coincides with the r-th
order statistic in a sample of X1,X2,…,Xk.
+ The considered two-dimensional signature is an
extension of the one-dimensional situation.
2011/3/28
26
+ Denote by p(j,f) the probability that elimination of
exactly j links causes network disintegration into f
clusters. The principal probabilities which we need in the
context of the present paper take the following form:
p( j, 2)  p( j,3)  U 2 ( j ); p( j,3)  U 3 ( j )
2011/3/28
(8)
27
+ Remark 2. Suppose that all network links have i.i.d.
continuous lifetime τ with cumulative distribution
function (CDF) Q(t). Let τnet be the random network
lifetime, Denote by Qnet(t) its CDF. The probability that a
link is UP at time t0. We can get:
L
Qnet (t0 )   u j Q( j ) (t0 )
j 1
(9)
where Q(j)(t0) is the CDF of the j-th order statistic from
the random sample of link lifetimes τ1, τ2,…, τL.
2011/3/28
28
+ Substituting into(9) the well-known expression for Q(j)(t0)
and rearranging the terms in the sum, can get:
L
P( net  t0 )   C ( j )(1  p) j p ( L j )
j 1
(10)
where
 L
C( j)  U 2 ( j)  
k
(11)
+ From (10) it follows that C(j) is the number of network
failure sets with exactly j links being down. Therefore, (11)
implies that the ratio of the number of all j-link failures
sets to the total number of randomly chosen sets of j
links out of L, equals U3(j).
2011/3/28
29
+ Introduction
+ Problem formulation
+ Multi-dimensional D-spectrum
+ F>3 clusters in the network
+ Illustrative example: attack and defense of a network
+ Conclusion
2011/3/28
30
+ When F>3, the system has states UP and DOWN J,
J=2,3,…,F, where DOWN J is the state with J clusters,
having J-th anchor rJ(π).
+ We can get the J-th cumulative spectrum of the network
p( x, J )  p( x, J  1)  ...  p( x, F )  U J ( x), J  2,..., F
+ It is easy to derive that
p( x, J )  U J ( x)  U J 1 ( x), J  2,..., F
2011/3/28
(12)
31
+ The calculation of he spectrum is an NP-hard
combinatorial problem. We suggest using a Mont Carlo
procedure for its numerical estimation.
+ The most time consuming step of the procedure is
checking the number of clusters in the network after a
link is being erased. To do it efficiently, the so-called
disjoint set structure is used.
2011/3/28
32
+ Using DSS takes O(L*logL)on each step, so the algorithm
complexity as O(M*L*logL).
2011/3/28
33
+ Introduction
+ Problem formulation
+ Multi-dimensional D-spectrum
+ F>3 clusters in the network
+ Illustrative example: attack and defense of a network
+ Conclusion
2011/3/28
34
+ 17nodes, 3terminals, 34links
+ Two and three clusters caused
defender damage d(2)=1000,
d(3)=3000.
+ Defender can add four
additional links to enhance the
network connectivity.
2011/3/28
35
2011/3/28
36
z/R=0.01
2011/3/28
37
+ Assume that the defender can spend the same budget
that is needed for adding four links on enhancing
protection of all the links.
+ The cost of the protection effort unit is c and the defense
budget B can be use d for increasing the protection effort.
The defender’s per-link protection effort z increases from
z0 to z0+B/c, which causes the increase of effort ratio
from z0/R to z0/R+B/cr=z0/r+1/c*, where c*=cr/B is the
normalized cost of protection effort unit.
2011/3/28
38
+ With increase of the contest intensity the influence of the
protection on the link vulnerability and damage increase,
which makes the link protection option more beneficial for
greater values of the
protection cost.
+
+
2011/3/28
Bold linesprotection enhancement
Thin linesaddition of four links.
39
+ To evaluate the effectiveness of a mixed defense strategy
with both links addition and protection enhancement,
considering the case when the defender splits its budget
evenly between the two types.
+ F (3,11) (7,10)
+ G (3,11) (2,15)
+ H (5,8) (7,10)
2011/3/28
40
+ The protection effort increases from z0 to z0+B/(2c).
2011/3/28
41
+ Introduction
+ Problem formulation
+ Multi-dimensional D-spectrum
+ F>3 clusters in the network
+ Illustrative example: attack and defense of a network
+ Conclusion
2011/3/28
42
+ The paper suggests a computationally effective algorithm
for evaluating the damage inflicted to interconnected
networks by intentional attack on randomly chosen links.
+ The suggested algorithm is based on a multi-dimensional
spectra approach.
+ The presented method allows analysts to evaluate and
compare different options.
+ The presented example of a network with three
terminals illustrates the practical methodology of
choosing the most effective defense strategy.
2011/3/28
43
2011/3/28
44