V ULNERABILITY BASED ROBUST PROTECTION STRATEGY SELECTION IN SERVICE NETWORKS J OSE E MMANUEL R...

1

VULNERABILITY BASED ROBUST PROTECTION STRATEGY SELECTION IN SERVICE NETWORKSJOSE EMMANUEL RAMIREZ-MARQUEZ , CLAUDIO M. ROCCO

Adviser: Frank, Yeong-Sung Lin

Present by Sean Chou

2

AGENDA

Introduction Literature review Identifying points of vulnerability in networks Optimal protection strategies Experimental results Conclusions

3

AGENDA


4

INTRODUCTION

The intrusion, disruption and attack of one or several critical infrastructures by a foreign entity have developed into a major security concern across different national government agencies. The 2003 Northeast Blackout The 2006 undersea cable network disruption in

Taiwan The 2010 interruption of PayPal, Visa, MasterCard

internet connection

by attacks to their telecommunication infrastructure.

These cases provide strong evidence about the severe economic, social and transnational implications that disruptive events can effect.

5

INTRODUCTION

The United States Department of Energy, estimated the cost of the 2003 Northeast Blackout as roughly 6 billion dollars (Parks, 2003).

The undersea cable cut-off in Taiwan halted Internet communications among Taiwan, Hong Kong, and China for over 12 h with serious economic implications (see also Hsu et al., 2008).

6

INTRODUCTION

Thus infrastructures and the services they provide have become more and more interrelated:

Prezant et al. (2005) analyzed the impact that failures in the power grid had on the New York City health care delivery system

Berdica (2002) illustrated the impact on trade due to disruptions in transportation infrastructure and the port network.

7

INTRODUCTION

A constant and relevant ‘‘lessons-learned’’ conclusion among these studies is that of preparedness.

According to Oxford Dictionary (2011), preparedness is defined as: a state of readiness.

Preparedness in the context of critical infrastructures can be understood as a state of readiness that translates to the development of a plan to support, maintain or restore infrastructure services.

8

INTRODUCTION

From this manuscript, infrastructure preparedness plans are then strongly related to the types of disruptions within the infrastructure: internal or external.

Yet, independent of the type of disruption, network flow models (Ford & Fulkerson, 1962) are commonly used to analyze and describe the performance of services in an infrastructure – where the service of the infrastructure is modeled based on some attributes of the network’s nodes and links.

9

INTRODUCTION

Most of the research literature on external considerations is focused on creating the mathematical frameworks that guarantee the safety and security of critical infrastructures as an ultimate goal.

Currently, one can identify three research streams for addressing the adequate protection of infrastructures against attacks: (i) vulnerability analysis (ii) protection strategy development (iii) attack response strategy

10

INTRODUCTION

Each of these research streams are generally applied independently of each other.

This paper: the lack of interrelation among the three research areas.

The major contribution of this paper is to presents a robust protection analysis approach that ties together vulnerability analysis with protection strategy development.

11

INTRODUCTION

The purpose of the approach is to provide a protection strategy that reduces the points of vulnerability.

This approach considers a flow network under a defender and an attacker contest.

It is assumed the attacker moves first, has knowledge of the network configuration and is intent in maximizing network service damage.

Based on this information, the defender considers a set of cost incurring protections to defend the network (unknown to the attacker).

12

INTRODUCTION

The techniques proposed in this manuscript provide two main contributions to the state-of-the-art: (i) a quantifiable description of network performance

sensitivity to protection investment (ii) the most cost efficient protection strategy for the

maximum reduction in points of vulnerability. Implementations of this approach can be in such

diverse areas as: (1) cyber and border security for the allocation of

resources to detect intrusions (2) the electric power grid to design alternate delivery

paths in case of attacks (3) telecommunications to guarantee uninterrupted

service in the case of severe disruptions of network elements.

13

AGENDA


14

LITERATURE REVIEW

Infrastructure preparedness plans are strongly related to the types of disruptions within the infrastructure: internal or external.

Internal types of disruptions, mainly due to the intrinsic failure of infrastructure elements, fall under the analysis of reliability engineering and risk analysis.

15

LITERATURE REVIEW

Through these methods and frameworks, one can identify (via FMECA Guo, Xiao, Shi, & Lv, 2009

or PRA (Apostolakis, 2008)) prevent (via redundancy allocation (Taboada,

Espiritu, & Coit, 2008) improve (Zio & Podofillini, 2007)) handle (via maintenance techniques (Wang,

2002))

undesired failure events occurring at random within the infrastructure.

16

LITERATURE REVIEW

Research in vulnerability analysis (Crucitti, Latora, & Marchiori, 2005; Mosher et al., 2010; Nagurney & Qiang, 2008; Zhang, Ramirez-Marquez, & Rocco, 2011) has to do with developing approaches that allow quantifying and identify the effects that potential disruptive events (attacks) at the network element level have on specific performance/service function of the network.

17

LITERATURE REVIEW

For example, for energy distribution, vulnerability analysis can help understanding how the disruption of a set of network links (or nodes) impacts the amount of energy transmitted among various sectors of the electric grid.

Immediately, after understanding such effects, the interest extends into identifying the infrastructure elements that when attacked produce the highest damage.

These elements are known as points of infrastructure vulnerability.

18

LITERATURE REVIEW For single points of infrastructure vulnerability,

Crucitti et al. (2005) identified the maximum reduction of telecommunication performance attained when in the presence of a disruptive event for two backbone Internet networks.

Zio, Sansavini, Maja, and Marchionni (2008) evaluated the vulnerability of the road transport network in the Province of Piacenza in Italy with respect to the loss of a road link due to a car accident, roadwork and other jamming disruptions.

Rocco, Ramirez-Marquez, Salazar, and Hernandez (2010) and Ramirez- Marquez and Rocco (2009) have developed mathematical techniques to understand the interaction of multiple points of infrastructure vulnerability via multi-objective (MO) optimization.

19

LITERATURE REVIEW

Research in protection strategy development has to do with the identification of infrastructure elements to protect and the resources spent with the objective of maintaining services/performance at a pre-specified threshold level in the most cost-effective manner.

The research in Apostolakis and Lemon (2005), Bier, Haphuriwat, Menoyo, Zimmerman, and Culpen (2008) allows eliciting some recommendations for the optimal allocation of defense resources to guide homeland security authorities.

20

LITERATURE REVIEW

The area of optimal system protection has considered competitive attacker/defender models for specific system configurations.

These models try to relate actual attacks to the defenders intent of improving the safety and security of systems by adequately building protection, within the system, against natural disasters and/or intentional attacks.

For networks, Ramirez-Marquez, Rocco, and Levitin (2011) have developed mathematical approaches that allow understanding optimal cost-effective protection strategies against a set of visible or potential attacks.

21

LITERATURE REVIEW

The area of attack response strategies is related to the development of actions that identify resources used to restore in a cost-effective manner an infrastructure service that has been affected due to an attack – i.e. restoration policy development.

There are many studies related to this area, at the best of the authors’ knowledge most are management oriented and generally unquantifiable.

22

LITERATURE REVIEW

It should be noted that while there is no cohesive framework for vulnerability analysis and protection approaches in the network service area there is research in the area of facility location (Jia, Ordonez, & Dessouky, 2007) that indirectly consider this rationale for facility location.

23

LITERATURE REVIEW

In summary, while significant research efforts have been spent to understand vulnerability analysis, protection strategy development and, attack response strategies.

There is no unifying strategy that guides the allocation of protection resources and attack response as a function of the knowledge gained from a vulnerability analysis. This paper intends to provide such strategy.

24

AGENDA

Introduction Literature review Identifying points of vulnerability in

networks Optimal protection strategies Experimental results Conclusions

25

IDENTIFYING POINTS OF VULNERABILITY IN NETWORKS

Network G(N,A) ‘N’ represents the set of nodes ‘A’ represents the set of links (i, j) i, j =

1,. . . ,n. Associated with each link (i, j) is the value aij,

describing an attribute of the link (i, j) defines a figure-of-merit (FOM)

that allows assessing the service performance of G(N,A) as a function of aij.

For this manuscript it is assumed that provides the maximum network flow between two specific nodes.

26


Rocco et al. (2010) defined the point of vulnerability for G(N,A) as the event that maximizes the loss function I(f) as given by Crucitti et al. (2005).

And the vulnerability of the network under event set F, as VF(G(N,A)) mathematically defined by Rocco et al. (2010) as:

27


Based on the attacker/defender contest previously described, a defender aware of the visibility of the network to the attacker, but unaware about the attacker’s resources, would like understand how the impact of failure event

corresponds to reduction in the network service performance function.

Since attack resources are limited, the defender would like to understand how changes in attacker’s resources impact VF(f*).

28


Based on this rationale, the defender is first interested in obtaining:

Rocco et al. (2010) have proposed a multi-objective optimization (MO) approach to solve (4).

The solution to such a model is a Pareto Front (PF).

In this paper, the PF is used to identify each point of vulnerability as dictated by and describe how the maximum network flow between two specific nodes in G(N,A) is affected as a function of the attacker’s resources.

29

AGENDA


30

OPTIMAL PROTECTION STRATEGIES

4.1. Protection analysis 4.1.1. Multi-objective optimization for protection

analysis 4.1.2. Solution technique

4.1.2.1. Initialization 4.1.2.2. Protection strategy development 4.1.2.3. Protection strategy quality assessment 4.1.2.4. Pareto analysis of protection strategies and

evolution 4.1.2.5. Protection strategies search evolution

4.2. Implementation

31


4.1. Protection analysis The defender can implement activities with

the purpose of reducing the points of vulnerability.

Let the vector y = (y1,y2, . . . ,yJ) represent a defending strategy and D(y) its associated cost where:

yj =

where dj describes the investment cost of implementing defense option j.

32


The quality of a particular defending strategy is evaluated based on how (in this case, maximum network flow between two specific nodes) withstands each and on its cost.

for each particular f i the defender is interested in solving the Defense MO (DMO) optimization problem: Max

33


Note that (5) describes the increase in maximum network flow between two specific nodes provides by a particular defense strategy.

A solution to the problem provides a set of solutions, , relating how increases in defense resources decrease the vulnerability of G(N,A) under Θ.

34

OPTIMAL PROTECTION STRATEGIES 4.1.1. Multi-objective optimization for protection

analysis In order to identify the optimal set ,the Pareto

optimality condition (as per Definition 2) is implemented according to the concept of Pareto dominance (as described in Definition 1):

Definition 1. A protection strategy y’ dominates y, if the following two conditions are met:

If no protection strategy dominates y, protection strategy y is said to be non-dominated.

35


Definition 2. Protection strategy is a non-dominated solution.

In this manuscript y* is a Pareto optimal solution of the bi-objective optimization problem DMO and the true Pareto set.

36


4.1.2. Solution technique Usually to solve the DMO problem (and in

general to solve MO problems) a family of algorithms know as MO Evolutionary Algorithms (MOEAs) are implemented.

It use different types of evolutionary intelligence, can handle non-continuous, non-convex and/or non-linear objectives/constraints, and objective functions possibly without a closed form expression.

37


To solve the DMO problem this manuscript develops a new version of the MO–PSDA a simple, intuitive and fast performing EA.

MO–PSDA contains four main steps iterated for each attack strategy as described by : Initialization Protection strategy development Protection strategy quality assessment Pareto analysis of protection strategies and

evolution Protection strategies search evolution

38


4.1.2.1. Initialization Input parameters defined

The total number of cycles U the parameter DESIGN defining the number of

solutions generated the vector of appearance probability

network data (nodes, links, source -sink node demand)

link defense cost. Also the set H, where the Pareto solutions are

recorded, is set to null.

39


4.1.2.2. Protection strategy development Monte-Carlo simulation is used to randomly

generate a specified number of protection strategies

l = 1,. . . ,DESIGN and u = 1,. . .U, via the vector of appearance probability:

Each of these randomly generated random vectors identifies which links in y(l,u) are defended and which are not.

40


4.1.2.3. Protection strategy quality assessment

Each protection strategy, y(l,u), previously generated is evaluated for the two objectives described in DMO:

Each strategy and its associated objectives are stored in set S.

41


4.1.2.4. Pareto analysis of protection strategies and evolution.

Each of the protection strategies in S are ordered as follows:

Note that set H contains all current potential Pareto optimal protection strategies up to cycle u - 1 plus the solutions in set S.

The solutions in set H are evaluated for Pareto optimality as per Definition 1 and 2 in Section 4.1.1 to generate set

42


4.1.2.5. Protection strategies search evolution

The solutions in set H’ contain information regarding DNA of Pareto optimal protection strategies.

As such the vector of appearance probability for cycle u + 1 is updated as follows:

Finally, and the process is repeated from Step 2.

43


4.2. Implementation The steps of the mathematical framework

implementation from the defender’s stand-point are as follows: (1) Obtain network configuration parameters:

topology, link capacities and, source node to sink node demand

(2) via the algorithm in Rocco et al. (2010) solve (4)

(3) Identify the protection strategies that can be implemented and solve DMO problem: Max via the MO–PSDA.

(4) Based on the PF obtained, identify robust protection strategies as defined by (6).

44

AGENDA


45

EXPERIMENTAL RESULTS

Framework implementation Step 1: Based on the network

transformation and the input parameters (source node capacity, sink node demand and link capacity), the maximum load in the network equals 2850 MW.

Step 2: Second step in the framework is to determine the set of optimal attacks. This step allows identifying the vulnerability of the network by identifying those elements that when eliminated produce the highest decrease in electric power load.

46


The vulnerability analysis is done by solving the MO problem described in Rocco et al. (2010) yielding the Pareto set described in Table 1.

47


This step is crucial for providing the defender an understanding of the attacker’s tradeoff between network service damage and resources spent.

Also, this step allows the defender to understand group component importance/criticality

~

48


Step 3: In step 3 of the framework, the defender has to select the best defense option to protect the network against each attack and as a function of the defense budget.

49


Table 3

50


Step 4: Whenever no knowledge is available regarding attacker’s resources, the defender may be interested in a protection strategy that ‘‘effectively’’ protects across different attacks-as illustrated in Table 4.

51


Finally, the defender interested in finding the most economical protection strategy.

52

AGENDA


53

CONCLUSIONS

This paper proposed an approach to tie vulnerability analysis and protection strategies into a new framework to guide the protection of critical infrastructures.

This new framework posits that protecting critical infrastructures can be guided by the solution of defender and attacker contest in a network setting.

54

CONCLUSIONS

The framework described in this paper constitutes a novel contribution given that the infrastructure protector now has the ability to: (1) understand the reduction of flow as a function

of attackers resource capacity (2) identify the key network elements contributing

to vulnerability (3) developing a set of cost effective protection

strategies for each vulnerability set (4) when blind to attackers resources, the protector

can develop a combination of protection strategies that protect across various attacks and finally

(5) the most economical protection strategy with lowest differential flow across attacks.

55

Thanks for your listening.

Date post:	26-Dec-2015
Category:	Documents
Upload:	toby-riley
View:	219 times
Download:	0 times

V ULNERABILITY BASED ROBUST PROTECTION STRATEGY SELECTION IN SERVICE NETWORKS J OSE E MMANUEL R...

Documents