IDEAS home Printed from https://ideas.repec.org/a/taf/uiiexx/v51y2019i12p1303-1317.html
   My bibliography  Save this article

A budgeted maximum multiple coverage model for cybersecurity planning and management

Author

Listed:
  • Kaiyue Zheng
  • Laura A. Albert
  • James R. Luedtke
  • Eli Towle

Abstract

This article studies how to identify strategies for mitigating cyber-infrastructure vulnerabilities. We propose an optimization framework that prioritizes the investment in security mitigations to maximize the coverage of vulnerabilities. We use multiple coverage to reflect the implementation of a layered defense, and we consider the possibility of coverage failure to address the uncertainty in the effectiveness of some mitigations. Budgeted Maximum Multiple Coverage (BMMC) problems are formulated, and we demonstrate that the problems are submodular maximization problems subject to a knapsack constraint. Other variants of the problem are formulated given different possible requirements for selecting mitigations, including unit cost cardinality constraints and group cardinality constraints. We design greedy approximation algorithms for identifying near-optimal solutions to the models. We demonstrate an optimal (1–1/e)-approximation ratio for BMMC and a variation of BMMC that considers the possibility of coverage failure, and a 1/2-approximation ratio for a variation of BMMC that uses a cardinality constraint and group cardinality constraints. The computational study suggests that our models yield robust solutions that use a layered defense and provide an effective mechanism to hedge against the risk of possible coverage failure. We also find that the approximation algorithms efficiently identify near-optimal solutions, and that a Benders branch-and-cut algorithm we propose can find provably optimal solutions to the vast majority of our test instances within an hour for the variations of the proposed models that consider coverage failures.

Suggested Citation

  • Kaiyue Zheng & Laura A. Albert & James R. Luedtke & Eli Towle, 2019. "A budgeted maximum multiple coverage model for cybersecurity planning and management," IISE Transactions, Taylor & Francis Journals, vol. 51(12), pages 1303-1317, December.
    • Handle: RePEc:taf:uiiexx:v:51:y:2019:i:12:p:1303-1317
    DOI: 10.1080/24725854.2019.1584832
    as

    Download full text from publisher

    File URL: http://hdl.handle.net/10.1080/24725854.2019.1584832
    Download Restriction: Access to full text is restricted to subscribers.
    File URL: https://libkey.io/10.1080/24725854.2019.1584832?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Eric DuBois & Ashley Peper & Laura A. Albert, 2023. "Interdicting Attack Plans with Boundedly Rational Players and Multiple Attackers: An Adversarial Risk Analysis Approach," Decision Analysis, INFORMS, vol. 20(3), pages 202-219, September.
    2. Kaiyue Zheng & Laura A. Albert, 2019. "Interdiction models for delaying adversarial attacks against critical information technology infrastructure," Naval Research Logistics (NRL), John Wiley & Sons, vol. 66(5), pages 411-429, August.
    3. Bhuiyan, Tanveer Hossain & Medal, Hugh R. & Nandi, Apurba K. & Halappanavar, Mahantesh, 2021. "Risk-averse bi-level stochastic network interdiction model for cyber-security risk management," International Journal of Critical Infrastructure Protection, Elsevier, vol. 32(C).
    4. Thiago Poleto & Thyago Celso Cavalcante Nepomuceno & Victor Diogho Heuer de Carvalho & Ligiane Cristina Braga de Oliveira Friaes & Rodrigo Cleiton Paiva de Oliveira & Ciro José Jardim Figueiredo, 2023. "Information Security Applications in Smart Cities: A Bibliometric Analysis of Emerging Research," Future Internet, MDPI, vol. 15(12), pages 1-36, December.
    5. Schmidt, Adam & Albert, Laura A. & Zheng, Kaiyue, 2021. "Risk management for cyber-infrastructure protection: A bi-objective integer programming approach," Reliability Engineering and System Safety, Elsevier, vol. 205(C).

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:taf:uiiexx:v:51:y:2019:i:12:p:1303-1317. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Longhurst (email available below). General contact details of provider: http://www.tandfonline.com/uiie .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.