1 / 55

Adviser: Frank, Yeong-Sung Lin Present by Sean Chou

Vulnerability based robust protection strategy selection in service networks Jose Emmanuel Ramirez-Marquez , Claudio M. Rocco. Adviser: Frank, Yeong-Sung Lin Present by Sean Chou. Agenda. Introduction Literature review Identifying points of vulnerability in networks

blenda
Télécharger la présentation

Adviser: Frank, Yeong-Sung Lin Present by Sean Chou

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Vulnerability based robust protection strategy selection in service networksJose Emmanuel Ramirez-Marquez , Claudio M. Rocco Adviser: Frank, Yeong-Sung Lin Present by Sean Chou

  2. Agenda • Introduction • Literature review • Identifying points of vulnerability in networks • Optimal protection strategies • Experimental results • Conclusions

  3. Agenda • Introduction • Literature review • Identifying points of vulnerability in networks • Optimal protection strategies • Experimental results • Conclusions

  4. Introduction • The intrusion, disruption and attack of one or several criticalinfrastructures by a foreign entity have developed into a majorsecurity concern across different national government agencies. • The 2003 Northeast Blackout • The 2006 undersea cable networkdisruption in Taiwan • The 2010 interruption of PayPal,Visa,MasterCard internet connection by attacks to their telecommunicationinfrastructure. • These cases provide strong evidence about thesevere economic, social and transnational implications that disruptiveevents can effect.

  5. Introduction • The United States Department of Energy, estimated the cost of the 2003 Northeast Blackout as roughly 6 billion dollars (Parks, 2003). • The undersea cable cut-off in Taiwan halted Internet communications among Taiwan, Hong Kong, and China for over 12 h with serious economic implications (see also Hsu et al., 2008).

  6. Introduction • Thus infrastructures and the services they provide have become more and more interrelated: • Prezant et al. (2005) analyzed the impact that failures in the power grid had on the New York City health care delivery system • Berdica (2002) illustrated the impact on trade due to disruptions in transportation infrastructure and the port network.

  7. Introduction • A constant and relevant ‘‘lessons-learned’’ conclusion amongthese studies is that of preparedness. • According to Oxford Dictionary(2011), preparedness is defined as: a state of readiness. • Preparednessin the context of critical infrastructures can beunderstood as a state of readiness that translates to the developmentof a plan to support, maintain or restore infrastructure services.

  8. Introduction • From this manuscript, infrastructurepreparedness plans are then strongly related to the types of disruptionswithin the infrastructure: internal or external. • Yet, independentof the type of disruption, network flow models (Ford &Fulkerson, 1962) are commonly used to analyze and describe theperformance of services in an infrastructure – where the serviceof the infrastructure is modeled based on some attributes of thenetwork’s nodes and links.

  9. Introduction • Most of the research literature on external considerations is focused on creating themathematical frameworks that guarantee the safety and securityof critical infrastructures as an ultimate goal. • Currently, one canidentify three research streams for addressing the adequate protectionof infrastructures against attacks: • (i) vulnerability analysis • (ii) protection strategy development • (iii) attack response strategy

  10. Introduction • Each of these research streams are generallyapplied independently of each other. • This paper: the lack of interrelationamongthe three research areas. • The major contribution of this paper is to presents a robust protection analysis approach that ties together vulnerability analysis with protection strategy development.

  11. Introduction • The purpose of the approach is to provide a protection strategy that reduces the points of vulnerability. • This approach considers a flow network under a defender and an attacker contest. • It is assumed the attacker moves first, has knowledge of the network configuration and is intent in maximizing network service damage. • Based on this information, the defender considers a set of cost incurring protections to defend the network (unknown to the attacker).

  12. Introduction • The techniques proposed in this manuscript provide two main contributions to the state-of-the-art: • (i) a quantifiable description of network performance sensitivity to protection investment • (ii) the most cost efficient protection strategy for the maximum reduction in points of vulnerability. • Implementations of this approach can be in such diverse areas as: • (1) cyber and border security for the allocation of resources to detect intrusions • (2) the electric power grid to design alternate delivery paths in case of attacks • (3) telecommunications to guarantee uninterrupted service in the case of severe disruptions of network elements.

  13. Agenda • Introduction • Literature review • Identifying points of vulnerability in networks • Optimal protection strategies • Experimental results • Conclusions

  14. Literature review • Infrastructure preparedness plans are strongly related to the types of disruptions within the infrastructure: internal or external. • Internal types of disruptions, mainly due to the intrinsic failure of infrastructure elements, fall under the analysis of reliability engineering and risk analysis.

  15. Literature review • Through these methods and frameworks,one can • identify (via FMECA Guo, Xiao, Shi, & Lv, 2009 orPRA (Apostolakis, 2008)) • prevent (via redundancy allocation(Taboada, Espiritu, & Coit, 2008) • improve (Zio & Podofillini,2007)) • handle (via maintenancetechniques (Wang, 2002)) undesired failure events occurring at random within theinfrastructure.

  16. Literature review • Research in vulnerability analysis (Crucitti, Latora, & Marchiori,2005; Mosher et al., 2010; Nagurney & Qiang, 2008; Zhang,Ramirez-Marquez, & Rocco, 2011) has to do with developingapproaches that allow quantifying and identify the effects that potentialdisruptive events (attacks) at the network element level haveon specific performance/service function of the network.

  17. Literature review • For example,for energy distribution, vulnerability analysis can help understandinghow the disruption of a set of network links (or nodes)impacts the amount of energy transmitted among various sectorsof the electric grid. • Immediately, after understanding such effects,the interest extends into identifying the infrastructure elementsthat when attacked produce the highest damage. • These elementsare known as points of infrastructure vulnerability.

  18. Literature review • For single points of infrastructure vulnerability, Crucitti et al. (2005)identified the maximum reduction of telecommunication performanceattained when in the presence of a disruptive event for twobackbone Internet networks. • Zio, Sansavini, Maja, and Marchionni (2008) evaluated thevulnerability of the road transport network in the Province ofPiacenza in Italy with respect to the loss of a road link due to a caraccident, roadwork and other jamming disruptions. • Rocco,Ramirez-Marquez, Salazar, and Hernandez (2010) and Ramirez-Marquez and Rocco (2009) have developed mathematicaltechniques to understand the interaction of multiple points of infrastructurevulnerability via multi-objective (MO) optimization.

  19. Literature review • Research in protection strategy development has to do with theidentification of infrastructure elements to protect and theresources spent with the objective of maintaining services/performanceat a pre-specified threshold level in the most cost-effectivemanner. • The research in Apostolakis and Lemon(2005), Bier, Haphuriwat, Menoyo, Zimmerman, and Culpen(2008) allows eliciting some recommendations for the optimalallocation of defense resources to guide homeland security authorities.

  20. Literature review • The area of optimal system protection has consideredcompetitive attacker/defender models for specific system configurations. • These modelstry to relate actual attacks to the defenders intent of improvingthe safety and security of systems by adequately building protection,within the system, against natural disasters and/or intentionalattacks. • For networks, Ramirez-Marquez, Rocco, andLevitin (2011) have developed mathematical approaches that allowunderstanding optimal cost-effective protection strategiesagainst a set of visible or potential attacks.

  21. Literature review • The area of attack response strategies is related to thedevelopment of actions that identify resources used to restore ina cost-effective manner an infrastructure service that has been affecteddue to an attack – i.e. restoration policy development. • There are many studies related to this area, at the best of theauthors’ knowledge most are management oriented and generallyunquantifiable.

  22. Literature review • It should be noted that while there is no cohesive framework forvulnerability analysis and protection approaches in the networkservice area there is research in the area of facility location (Jia,Ordonez, & Dessouky, 2007) that indirectly consider this rationalefor facility location.

  23. Literature review • In summary, while significant research efforts have been spent to understand vulnerability analysis, protection strategy development and, attack response strategies. • There is no unifying strategy that guides the allocation of protection resources and attack response as a function of the knowledge gained from a vulnerability analysis. This paper intends to provide such strategy.

  24. Agenda • Introduction • Literature review • Identifying points of vulnerability in networks • Optimal protection strategies • Experimental results • Conclusions

  25. Identifying points of vulnerability in networks • Network G(N,A) • ‘N’ represents the set of nodes • ‘A’ represents the set of links (i, j) i, j = 1,. . . ,n. • Associated with each link (i, j) is the value aij, describing an attribute of the link (i, j) • defines a figure-of-merit (FOM) that allows assessing the service performance of G(N,A) as a function of aij. • For this manuscript it is assumed that provides the maximum network flow between two specific nodes.

  26. Identifying points of vulnerability in networks • Rocco et al. (2010) defined the point of vulnerability for G(N,A) as the event that maximizes the loss function I(f) as given by Crucitti et al. (2005). • And the vulnerability of the network under event set F, as VF(G(N,A)) mathematically defined by Rocco et al. (2010) as:

  27. Identifying points of vulnerability in networks • Based on the attacker/defender contest previously described, adefender aware of the visibility of the network to the attacker,but unaware about the attacker’s resources, would like understandhow the impact of failure event corresponds to reduction inthe network service performance function. • Since attack resourcesare limited, the defender would like to understand how changesin attacker’s resources impact VF(f*).

  28. Identifying points of vulnerability in networks • Based on this rationale, thedefender is first interested in obtaining: • Rocco et al. (2010) have proposed a multi-objectiveoptimization (MO) approach to solve (4). • The solution to such amodel is a Pareto Front (PF). • In this paper, the PF is used to identifyeach point of vulnerability as dictated by and describe how themaximum network flow between two specific nodes in G(N,A) is affectedas a function of the attacker’s resources.

  29. Agenda • Introduction • Literature review • Identifying points of vulnerability in networks • Optimal protection strategies • Experimental results • Conclusions

  30. Optimal protection strategies • 4.1. Protection analysis • 4.1.1. Multi-objective optimization for protection analysis • 4.1.2. Solution technique • 4.1.2.1. Initialization • 4.1.2.2. Protection strategy development • 4.1.2.3. Protection strategy quality assessment • 4.1.2.4. Pareto analysis of protection strategies and evolution • 4.1.2.5. Protection strategies search evolution • 4.2. Implementation

  31. Optimal protection strategies • 4.1. Protection analysis • The defender can implement activities with the purpose of reducing the points of vulnerability. • Let the vector y = (y1,y2, . . . ,yJ) represent a defending strategy and D(y) its associated cost where: • yj = where dj describes the investment cost of implementing defense option j.

  32. Optimal protection strategies • The quality of a particular defending strategy is evaluated based on how (in this case, maximum network flow between two specific nodes) withstands each and on its cost. • for each particular f i the defender is interested in solving the Defense MO (DMO) optimization problem: Max

  33. Optimal protection strategies • Note that (5) describes the increase in maximum network flow between two specific nodes provides by a particular defense strategy. • A solution to the problem provides a set of solutions, , relating how increases in defense resources decrease the vulnerability of G(N,A) under Θ.

  34. Optimal protection strategies • 4.1.1. Multi-objective optimization for protection analysis • In order to identify the optimal set ,the Pareto optimalitycondition (as per Definition 2) is implemented according to theconcept of Pareto dominance (as described in Definition 1): • Definition 1. A protection strategy y’ dominates y, if the following two conditions are met: • If no protection strategy dominates y, protection strategy y issaid to be non-dominated.

  35. Optimal protection strategies • Definition 2. Protection strategyis a non-dominatedsolution. • In this manuscript y* is a Pareto optimal solution of the bi-objective optimization problem DMO and the true Pareto set.

  36. Optimal protection strategies • 4.1.2. Solution technique • Usually to solve the DMO problem (and in general to solve MOproblems) a family of algorithms know as MO EvolutionaryAlgorithms (MOEAs) are implemented. • It usedifferent types of evolutionary intelligence, can handle non-continuous,non-convex and/or non-linear objectives/constraints,and objective functions possibly without a closed form expression.

  37. Optimal protection strategies • To solve the DMO problem this manuscript develops a new versionof the MO–PSDA a simple, intuitive and fast performing EA. • MO–PSDA contains four main steps iterated for each attack strategy as described by : • Initialization • Protection strategy development • Protection strategy quality assessment • Pareto analysis of protection strategies and evolution • Protection strategies search evolution

  38. Optimal protection strategies • 4.1.2.1. Initialization • Input parametersdefined • The total number of cycles U • the parameter DESIGNdefining the number of solutions generated • the vector of appearanceprobability • network data(nodes, links, source -sink node demand) • link defense cost. • Also the set H, where the Pareto solutions are recorded, is set tonull.

  39. Optimal protection strategies • 4.1.2.2. Protection strategy development • Monte-Carlosimulation is used to randomly generate a specified number ofprotection strategies • l = 1,. . . ,DESIGN and u = 1,. . .U,via the vector of appearance probability: • Eachof these randomly generated random vectors identifies which linksin y(l,u) are defended and which are not.

  40. Optimal protection strategies • 4.1.2.3. Protection strategy quality assessment • Each protectionstrategy, y(l,u), previously generated is evaluated for thetwo objectives described in DMO: • Each strategy and its associated objectives are stored in set S.

  41. Optimal protection strategies • 4.1.2.4. Pareto analysis of protection strategies and evolution. • Each of the protection strategies in S are ordered as follows: • Note that set H contains all current potential Pareto optimal protection strategies up to cycle u - 1 plus the solutions in set S. • The solutions in set H are evaluated for Pareto optimality as per Definition 1 and 2 in Section 4.1.1 to generate set

  42. Optimal protection strategies • 4.1.2.5. Protection strategies search evolution • The solutions in set H’contain information regarding DNA of Pareto optimal protection strategies. • As such the vector of appearance probability for cycleu + 1 is updated as follows: • Finally, and the process is repeated fromStep 2.

  43. Optimal protection strategies • 4.2. Implementation • The steps of the mathematical framework implementation from the defender’s stand-point are as follows: • (1) Obtain network configuration parameters: topology, link capacities and, source node to sink node demand • (2) via the algorithm in Rocco et al. (2010) solve (4) • (3) Identify the protection strategies that can be implemented and solve DMO problem: Max via the MO–PSDA. • (4) Based on the PF obtained, identify robust protection strategies as defined by (6).

  44. Agenda • Introduction • Literature review • Identifying points of vulnerability in networks • Optimal protection strategies • Experimental results • Conclusions

  45. Experimental results • Framework implementation • Step 1: Based on the network transformation and the inputparameters (source node capacity, sink node demand and linkcapacity), the maximum load in the network equals 2850 MW. • Step 2: Second step in the framework is to determine the set ofoptimal attacks. This step allows identifying the vulnerability ofthe network by identifying those elements that when eliminatedproduce the highest decrease in electric power load.

  46. Experimental results • The vulnerability analysis is done bysolving the MO problem described in Rocco et al. (2010) yieldingthe Pareto set described in Table 1.

  47. Experimental results • This step is crucial for providing the defender an understandingof the attacker’s tradeoff between network service damage and resourcesspent. • Also, this step allows the defender to understandgroup component importance/criticality ~

  48. Experimental results • Step 3: In step 3 of the framework, thedefender has to select the best defense option to protect the networkagainst each attack and as a function of the defense budget.

  49. Experimental results • Table 3

  50. Experimental results • Step 4: Whenever no knowledge is available regarding attacker’sresources, the defender may be interested in a protection strategythat ‘‘effectively’’ protects across different attacks-asillustrated in Table 4.

More Related