The complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem

The complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem

© Springer International Publishing Switzerland 2015. This paper makes three contributions to cyber-security research. First, we define a model for cyber-security systems and the concept of a cyber-security attack within the model’s framework. The model highlights the importance of game-over compone...

Full description

Saved in:
Bibliographic Details
Main Authors: Geir Agnarsson, Raymond Greenlaw, Sanpawat Kantabutra
Format: Book Series
Published: 2018
Subjects:
Business, Management and Accounting
Computer Science
Decision Sciences
Engineering
Mathematics
Online Access:https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=84946834033&origin=inward
http://cmuir.cmu.ac.th/jspui/handle/6653943832/54235
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Chiang Mai University
id th-cmuir.6653943832-54235
record_format dspace
spelling th-cmuir.6653943832-542352018-09-04T10:20:11Z The complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem Geir Agnarsson Raymond Greenlaw Sanpawat Kantabutra Business, Management and Accounting Computer Science Decision Sciences Engineering Mathematics © Springer International Publishing Switzerland 2015. This paper makes three contributions to cyber-security research. First, we define a model for cyber-security systems and the concept of a cyber-security attack within the model’s framework. The model highlights the importance of game-over components—critical system components which if acquired will give an adversary the ability to defeat a system completely. The model is based on systems that use defense-in-depth/layered-security approaches, as many systems do. In the model we define the concept of penetration cost}, which is the cost that must be paid in order to break into the next layer of security. Second, we define natural decision and optimization problems based on cyber-security attacks in terms of doubly weighted trees, and analyze their complexity. More precisely, given a tree T rooted at a vertex r, a penetrating cost edge function c on T, a target- acquisition vertex function p on T, the attacker's budget and the game-over threshold B ,G∈Q+ respectively, we consider the problem of determining the existence of a rooted subtree T ’ of T within the attacker’s budget (that is, the sum of the costs of the edges in T ’ is less than or equal to B) with total acquisition value more than the game-over threshold (that is, the sum of the target values of the nodes in T ’ is greater than or equal to G). We prove that the general version of this problem is intractable. We also analyze the complexity of three restricted versions of the problems, where the penetration cost is the constant function, integervalued, and rational-valued among a given fixed number of distinct values. Using recursion and dynamic-programming techniques, we show that for constant penetration costs an optimal cyber-attack strategy can be found in polynomial time, and for integer-valued and rational-valued penetration costs optimal cyber-attack strategies can be found in pseudo-polynomial time. Third, we provide a list of open problems relating to the architectural design of cyber-security systems and to the model. 2018-09-04T10:09:52Z 2018-09-04T10:09:52Z 2015-01-01 Book Series 18651348 2-s2.0-84946834033 10.1007/978-3-319-22204-2_6 https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=84946834033&origin=inward http://cmuir.cmu.ac.th/jspui/handle/6653943832/54235
institution Chiang Mai University
building Chiang Mai University Library
country Thailand
collection CMU Intellectual Repository
topic Business, Management and Accounting
Computer Science
Decision Sciences
Engineering
Mathematics
spellingShingle Business, Management and Accounting
Computer Science
Decision Sciences
Engineering
Mathematics
Geir Agnarsson
Raymond Greenlaw
Sanpawat Kantabutra
The complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem
description © Springer International Publishing Switzerland 2015. This paper makes three contributions to cyber-security research. First, we define a model for cyber-security systems and the concept of a cyber-security attack within the model’s framework. The model highlights the importance of game-over components—critical system components which if acquired will give an adversary the ability to defeat a system completely. The model is based on systems that use defense-in-depth/layered-security approaches, as many systems do. In the model we define the concept of penetration cost}, which is the cost that must be paid in order to break into the next layer of security. Second, we define natural decision and optimization problems based on cyber-security attacks in terms of doubly weighted trees, and analyze their complexity. More precisely, given a tree T rooted at a vertex r, a penetrating cost edge function c on T, a target- acquisition vertex function p on T, the attacker's budget and the game-over threshold B ,G∈Q+ respectively, we consider the problem of determining the existence of a rooted subtree T ’ of T within the attacker’s budget (that is, the sum of the costs of the edges in T ’ is less than or equal to B) with total acquisition value more than the game-over threshold (that is, the sum of the target values of the nodes in T ’ is greater than or equal to G). We prove that the general version of this problem is intractable. We also analyze the complexity of three restricted versions of the problems, where the penetration cost is the constant function, integervalued, and rational-valued among a given fixed number of distinct values. Using recursion and dynamic-programming techniques, we show that for constant penetration costs an optimal cyber-attack strategy can be found in polynomial time, and for integer-valued and rational-valued penetration costs optimal cyber-attack strategies can be found in pseudo-polynomial time. Third, we provide a list of open problems relating to the architectural design of cyber-security systems and to the model.
format Book Series
author Geir Agnarsson
Raymond Greenlaw
Sanpawat Kantabutra
author_facet Geir Agnarsson
Raymond Greenlaw
Sanpawat Kantabutra
author_sort Geir Agnarsson
title The complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem
title_short The complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem
title_full The complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem
title_fullStr The complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem
title_full_unstemmed The complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem
title_sort complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem
publishDate 2018
url https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=84946834033&origin=inward
http://cmuir.cmu.ac.th/jspui/handle/6653943832/54235
_version_ 1681424283328315392

Similar Items