A Stochastic Network-Interdiction Model For Cyber Security

Abstract

We propose a general defender-attacker model for security of computer networks, using attack graphs to represent the possible attacker strategies and defender options. The defender’s objective is to maximize the security of the network under a limited budget. In computer security, the attacker could be operating from the safety of a foreign country, and the cost of changing attack strategies may be quite low. To capture the ability of the attacker to launch multiple attempts, we represent the attacker’s success on each arc of the attack graph probabilistically, and formulate the resulting problem as a two- stage stochastic NI problem. We solve the resulting problem using two-stage stochastic optimization with recourse, and explore the attacker and defender strategies.