Journal
NAVAL RESEARCH LOGISTICS
Volume 66, Issue 5, Pages 411-429Publisher
WILEY
DOI: 10.1002/nav.21859
Keywords
cybersecurity; infrastructure protection; Lagrangian relaxation; network interdiction models
Categories
Funding
- National Science Foundation [1422768]
- Divn Of Social and Economic Sciences
- Direct For Social, Behav & Economic Scie [1422768] Funding Source: National Science Foundation
Ask authors/readers for more resources
Information technology (IT) infrastructure relies on a globalized supply chain that is vulnerable to numerous risks from adversarial attacks. It is important to protect IT infrastructure from these dynamic, persistent risks by delaying adversarial exploits. In this paper, we propose max-min interdiction models for critical infrastructure protection that prioritizes cost-effective security mitigations to maximally delay adversarial attacks. We consider attacks originating from multiple adversaries, each of which aims to find a critical path through the attack surface to complete the corresponding attack as soon as possible. Decision-makers can deploy mitigations to delay attack exploits, however, mitigation effectiveness is sometimes uncertain. We propose a stochastic model variant to address this uncertainty by incorporating random delay times. The proposed models can be reformulated as a nested max-max problem using dualization. We propose a Lagrangian heuristic approach that decomposes the max-max problem into a number of smaller subproblems, and updates upper and lower bounds to the original problem via subgradient optimization. We evaluate the perfect information solution value as an alternative method for updating the upper bound. Computational results demonstrate that the Lagrangian heuristic identifies near-optimal solutions efficiently, which outperforms a general purpose mixed-integer programming solver on medium and large instances.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available