IDEAS home Printed from https://ideas.repec.org/a/wly/navres/v66y2019i5p411-429.html
   My bibliography  Save this article

Interdiction models for delaying adversarial attacks against critical information technology infrastructure

Author

Listed:
  • Kaiyue Zheng
  • Laura A. Albert

Abstract

Information technology (IT) infrastructure relies on a globalized supply chain that is vulnerable to numerous risks from adversarial attacks. It is important to protect IT infrastructure from these dynamic, persistent risks by delaying adversarial exploits. In this paper, we propose max‐min interdiction models for critical infrastructure protection that prioritizes cost‐effective security mitigations to maximally delay adversarial attacks. We consider attacks originating from multiple adversaries, each of which aims to find a “critical path” through the attack surface to complete the corresponding attack as soon as possible. Decision‐makers can deploy mitigations to delay attack exploits, however, mitigation effectiveness is sometimes uncertain. We propose a stochastic model variant to address this uncertainty by incorporating random delay times. The proposed models can be reformulated as a nested max‐max problem using dualization. We propose a Lagrangian heuristic approach that decomposes the max‐max problem into a number of smaller subproblems, and updates upper and lower bounds to the original problem via subgradient optimization. We evaluate the perfect information solution value as an alternative method for updating the upper bound. Computational results demonstrate that the Lagrangian heuristic identifies near‐optimal solutions efficiently, which outperforms a general purpose mixed‐integer programming solver on medium and large instances.

Suggested Citation

  • Kaiyue Zheng & Laura A. Albert, 2019. "Interdiction models for delaying adversarial attacks against critical information technology infrastructure," Naval Research Logistics (NRL), John Wiley & Sons, vol. 66(5), pages 411-429, August.
    • Handle: RePEc:wly:navres:v:66:y:2019:i:5:p:411-429
    DOI: 10.1002/nav.21859
    as

    Download full text from publisher

    File URL: https://doi.org/10.1002/nav.21859
    Download Restriction: no
    File URL: https://libkey.io/10.1002/nav.21859?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Kelly J. Cormican & David P. Morton & R. Kevin Wood, 1998. "Stochastic Network Interdiction," Operations Research, INFORMS, vol. 46(2), pages 184-197, April.
    2. Harald Held & Raymond Hemmecke & David L. Woodruff, 2005. "A decomposition algorithm applied to planning the interdiction of stochastic networks," Naval Research Logistics (NRL), John Wiley & Sons, vol. 52(4), pages 321-328, June.
    3. Marshall L. Fisher, 1981. "The Lagrangian Relaxation Method for Solving Integer Programming Problems," Management Science, INFORMS, vol. 27(1), pages 1-18, January.
    4. Marshall L. Fisher, 1985. "An Applications Oriented Guide to Lagrangian Relaxation," Interfaces, INFORMS, vol. 15(2), pages 10-21, April.
    5. Kaiyue Zheng & Laura A. Albert & James R. Luedtke & Eli Towle, 2019. "A budgeted maximum multiple coverage model for cybersecurity planning and management," IISE Transactions, Taylor & Francis Journals, vol. 51(12), pages 1303-1317, December.
    6. Pisinger, David, 1995. "A minimal algorithm for the multiple-choice knapsack problem," European Journal of Operational Research, Elsevier, vol. 83(2), pages 394-410, June.
    7. Kaiyue Zheng & Laura A. Albert, 2019. "A Robust Approach for Mitigating Risks in Cyber Supply Chains," Risk Analysis, John Wiley & Sons, vol. 39(9), pages 2076-2092, September.
    8. James E. Kelley, 1961. "Critical-Path Planning and Scheduling: Mathematical Basis," Operations Research, INFORMS, vol. 9(3), pages 296-320, June.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Beck, Yasmine & Ljubić, Ivana & Schmidt, Martin, 2023. "A survey on bilevel optimization under uncertainty," European Journal of Operational Research, Elsevier, vol. 311(2), pages 401-426.
    2. Schmidt, Adam & Albert, Laura A. & Zheng, Kaiyue, 2021. "Risk management for cyber-infrastructure protection: A bi-objective integer programming approach," Reliability Engineering and System Safety, Elsevier, vol. 205(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Ogbe, Emmanuel & Li, Xiang, 2017. "A new cross decomposition method for stochastic mixed-integer linear programming," European Journal of Operational Research, Elsevier, vol. 256(2), pages 487-499.
    2. S Bilgin & M Azizoǧlu, 2006. "Capacity and tool allocation problem in flexible manufacturing systems," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 57(6), pages 670-681, June.
    3. Peter Francis & Karen Smilowitz & Michal Tzur, 2006. "The Period Vehicle Routing Problem with Service Choice," Transportation Science, INFORMS, vol. 40(4), pages 439-454, November.
    4. Park, Moon-Won & Kim, Yeong-Dae, 2000. "A branch and bound algorithm for a production scheduling problem in an assembly system under due date constraints," European Journal of Operational Research, Elsevier, vol. 123(3), pages 504-518, June.
    5. Raymond K. Cheung & Chung-Lun Li & Wuqin Lin, 2002. "Interblock Crane Deployment in Container Terminals," Transportation Science, INFORMS, vol. 36(1), pages 79-93, February.
    6. Beck, Yasmine & Ljubić, Ivana & Schmidt, Martin, 2023. "A survey on bilevel optimization under uncertainty," European Journal of Operational Research, Elsevier, vol. 311(2), pages 401-426.
    7. Degraeve, Z. & Jans, R.F., 2003. "Improved Lower Bounds For The Capacitated Lot Sizing Problem With Set Up Times," ERIM Report Series Research in Management ERS-2003-026-LIS, Erasmus Research Institute of Management (ERIM), ERIM is the joint research institute of the Rotterdam School of Management, Erasmus University and the Erasmus School of Economics (ESE) at Erasmus University Rotterdam.
    8. Mazzola, Joseph B. & Neebe, Alan W., 1999. "Lagrangian-relaxation-based solution procedures for a multiproduct capacitated facility location problem with choice of facility type," European Journal of Operational Research, Elsevier, vol. 115(2), pages 285-299, June.
    9. Schmidt, Adam & Albert, Laura A. & Zheng, Kaiyue, 2021. "Risk management for cyber-infrastructure protection: A bi-objective integer programming approach," Reliability Engineering and System Safety, Elsevier, vol. 205(C).
    10. Harris, Irina & Mumford, Christine L. & Naim, Mohamed M., 2014. "A hybrid multi-objective approach to capacitated facility location with flexible store allocation for green logistics modeling," Transportation Research Part E: Logistics and Transportation Review, Elsevier, vol. 66(C), pages 1-22.
    11. Huisman, D. & Jans, R.F. & Peeters, M. & Wagelmans, A.P.M., 2003. "Combining Column Generation and Lagrangian Relaxation," ERIM Report Series Research in Management ERS-2003-092-LIS, Erasmus Research Institute of Management (ERIM), ERIM is the joint research institute of the Rotterdam School of Management, Erasmus University and the Erasmus School of Economics (ESE) at Erasmus University Rotterdam.
    12. J. E. Beasley, 1990. "A lagrangian heuristic for set‐covering problems," Naval Research Logistics (NRL), John Wiley & Sons, vol. 37(1), pages 151-164, February.
    13. Arianna Alfieri & Shuyu Zhou & Rosario Scatamacchia & Steef L. van de Velde, 2021. "Dynamic programming algorithms and Lagrangian lower bounds for a discrete lot streaming problem in a two-machine flow shop," 4OR, Springer, vol. 19(2), pages 265-288, June.
    14. Ishfaq, Rafay & Sox, Charles R., 2011. "Hub location-allocation in intermodal logistic networks," European Journal of Operational Research, Elsevier, vol. 210(2), pages 213-230, April.
    15. Chaya Losada & M. Scaparra & Richard Church & Mark Daskin, 2012. "The stochastic interdiction median problem with disruption intensity levels," Annals of Operations Research, Springer, vol. 201(1), pages 345-365, December.
    16. Atoosa Kasirzadeh & Mohammed Saddoune & François Soumis, 2017. "Airline crew scheduling: models, algorithms, and data sets," EURO Journal on Transportation and Logistics, Springer;EURO - The Association of European Operational Research Societies, vol. 6(2), pages 111-137, June.
    17. Lawrence V. Snyder & Mark S. Daskin, 2005. "Reliability Models for Facility Location: The Expected Failure Cost Case," Transportation Science, INFORMS, vol. 39(3), pages 400-416, August.
    18. X-Y Li & Y P Aneja & F Baki, 2010. "An ant colony optimization metaheuristic for single-path multicommodity network flow problems," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 61(9), pages 1340-1355, September.
    19. Drexl, Andreas & Jørnsten, Kurt, 2007. "Pricing the multiple-choice nested knapsack problem," Manuskripte aus den Instituten für Betriebswirtschaftslehre der Universität Kiel 626, Christian-Albrechts-Universität zu Kiel, Institut für Betriebswirtschaftslehre.
    20. Brian Lunday & Hanif Sherali, 2012. "Network interdiction to minimize the maximum probability of evasion with synergy between applied resources," Annals of Operations Research, Springer, vol. 196(1), pages 411-442, July.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wly:navres:v:66:y:2019:i:5:p:411-429. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://doi.org/10.1002/(ISSN)1520-6750 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.