Multiple cyber attacks against a target with observation errors and dependent outcomes: Characterization and optimization
Shouhuai Xu and
Reliability Engineering and System Safety, 2017, vol. 159, issue C, 119-133
In this paper we investigate a cybersecurity model: An attacker can launch multiple attacks against a target with a termination strategy that says that the attacker will stop after observing a number of successful attacks or when the attacker is out of attack resources. However, the attacker's observation of the attack outcomes (i.e., random variables indicating whether the target is compromised or not) has an observation error that is specified by both a false-negative and a false-positive probability. The novelty of the model we study is the accommodation of the dependence between the attack outcomes, because the dependence was assumed away in the literature. In this model, we characterize the monotonicity and bounds of the compromise probability (i.e., the probability that the target is compromised). In addition to extensively showing the impact of dependence on quantities such as compromise probability and attack cost, we give methods for finding the optimal strategy that leads to maximum compromise probability or minimum attack cost. This study highlights that the dependence between random variables cannot be assumed away, because the results will be misleading.
Keywords: Copula; Cybersecurity; Defense; Optimal strategy (search for similar items in EconPapers)
References: View references in EconPapers View complete reference list from CitEc
Citations View citations in EconPapers (4) Track citations by RSS feed
Downloads: (external link)
Full text for ScienceDirect subscribers only
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
Persistent link: https://EconPapers.repec.org/RePEc:eee:reensy:v:159:y:2017:i:c:p:119-133
Access Statistics for this article
Reliability Engineering and System Safety is currently edited by Carlos Guedes Soares
More articles in Reliability Engineering and System Safety from Elsevier
Bibliographic data for series maintained by Dana Niculescu ().