Protection vs. false targets in series systems Reliability Engineering and System Safety(2009) Kjell Hausken, Gregory Levitin Advisor: Frank,Yeong-Sung.

Protection vs. false targets in series systems

Reliability Engineering and System Safety(2009)

Kjell Hausken , Gregory Levitin Advisor: Frank,Yeong-Sung Lin

Presented by Jia-Ling Pan2010/3/30 1NTU IM OPLab

Agenda

•Introduction•The model •Scenario 1:The attacker attacks one

element •Scenario 2:The attacker evenly attacks all

elements •Scenario 3:The attacker evenly attacks a

subset of the elements •Conclusion

2010/3/30

2

NTU OPLab

2010/3/30 NTU OPLab 1

Agenda





2010/3/30

3

NTU OPLab

2010/3/30 NTU OPLab 1

Introduction

•The paper analyses the optimal distribution of the defense resources between protecting the genuine system elements and deploying false elements in a series system which is destroyed when any genuine element is destroyed.

•False and genuine elements cannot be distinguished by the attacker.

2010/3/30NTU OPLab

4

Introduction• The probability of element destruction in the case

of attack is defined as a contest function depending on the ratio of the defender’s and attacker’s effort and on a contest intensity parameter.

• The dependence of the minmax defense strategy (number of false elements) and the most harmful attack strategy (number of attacked elements) on the amount of resources available to the counterparts, on the number of genuine system elements and on the contest intensity is analyzed

2010/3/30NTU OPLab

5

Agenda





2010/3/30

6

NTU OPLab

2010/3/30 NTU OPLab 1

The model

2010/3/30NTU OPLab

7

The model

•The system consists of N genuine elements connected in series.

•Destruction of any GE causes destruction of the entire system.

•Defender protects all GEs, and distributes the protection resource among the GEs evenly.

•The even resource distribution appears to be optimal if the protection effort cost is the same for different GEs .

2010/3/30NTU OPLab

8

The model •The attacker is not able to distinguish

GEs and FEs.•Both the defender and the attacker have

complete information about the structure of the game, the strategy sets, and all parameters, and are fully rational.

•The defender’s one free-choice variable is the number of false targets H.

•The attacker’s one free-choice variable is the number of elements to attack Q.

2010/3/30NTU OPLab

9

The model

•The defender’s resource is r ▫The resource needed to deploy one FE is x

where 0<x<r . ▫If the defender deploys H FEs, the resource

remaining for the protection is r-Hx.▫The maximum number of deployed FEs is

H=[r/x].▫The defender allocates its protection

resource r-Hx evenly among N GEs achieving protection effort t=(r-Hx)/N per element.

2010/3/30NTU OPLab

10

The model •The attacker’s resource is R

▫If the attacker attacks Q elements out of N+H, it achieves the per element effort TQ =R/Q.

•The vulnerability of any attacked GE is determined by the ratio form of the attacker–defender contest success function.

• where m ≥ 0 , ∂v/∂T > 0 and ∂v/∂t < 0.

2010/3/30NTU OPLab

11

Agenda





2010/3/30

13

NTU OPLab

2010/3/30 NTU OPLab 1

Scenario 1:The attacker attacks one element •Attacker has the ability to attack only

once against any one of the N+H elements.

•The probability that the attacked element is a GE is p = N/(N+H).

• When one element is attacked, Q = 1 ,

2010/3/30NTU OPLab

14

Scenario 1:The attacker attacks one element • This paper assume m = 1 first because it is

the most natural choice if a choice is to be made, and second because it is usually the easiest case to handle analytically.

• Although this does not allow generalization to ma1,thepresenceof m in the exponent in (1) shows that, especially when t and TQ have similar sizes, the vulnerability changes moderately as m increases moderately above or below m = 1,and changes more extensively as m approaches infinity or 0.

2010/3/30NTU OPLab

15

Scenario 1:The attacker attacks one element •When m = 1,differentiating V with respect

to H and equating the derivative with zero gives the interior solution.

•The second-order derivative is positive at the interior minimum.

2010/3/30NTU OPLab

16

Scenario 1:The attacker attacks one element •Property 1.

▫When m = 1 ,at the interior solution the optimal number H of deployed FEs decreases in the deployment cost x, increases in both the defender’s and the attacker’s resource r and R, and in the ratio r/R, increases in the number N of GEs when R>x, and decreases in N when R<x.

2010/3/30NTU OPLab

17

Scenario 1:The attacker attacks one element

• Fig. 1. Optimal number H* of deployed FEs and vulnerability V* as functions of r/R for different m, where N =5 and x/R =0.5. The stepwise movement follows since H* can take only

integer values

2010/3/30NTU OPLab

18

r/R=5.85r/R=5.85


• Fig. 2. System vulnerability V as a function of H for various r/R, where m = 3, N = 5, and x/R = 0.5.

2010/3/30NTU OPLab

19

r/R=6,V(1)>V(12)

r/R=8,V(1)<V(12)


Fig. 3. (r/R)* asafunctionof m, x/R, and N.

2010/3/30NTU OPLab

20

m=2


Fig. 4. Optimal H* and V* as functions of N for different values of m, where r/R = 5 and x/R = 0.5.

2010/3/30NTU OPLab

21


• Fig. 5. System vulnerability V as a function of H for various N when m = 3 and0.7,where r/R = 5 and x/R = 0.5.

2010/3/30NTU OPLab

22


Fig. 4. Optimal H* and V* as functions of N for different values of m, where r/R = 5 and x/R = 0.5.

2010/3/30NTU OPLab

23

Agenda


element •Scenario 2:The attacker evenly

attacks all elements •Scenario 3:The attacker evenly attacks a


2010/3/30

24

NTU OPLab

2010/3/30 NTU OPLab 1

Scenario 2:The attacker evenly attacks all elements•Attacker attacks all Q = N+H elements

evenly distributing its resource among them.

•The probability that one GE survives is s=1-v.

•Hence the probability that the system is destroyed is

2010/3/30NTU OPLab

25

Scenario 2:The attacker evenly attacks all elements•When m = 1,differentiating V with respect

to H and equating the derivative with zero gives the interior solution.

•The second-order derivative is positive at the interior minimum.

2010/3/30NTU OPLab

26

Scenario 2:The attacker evenly attacks all elements•Proposition.

▫The optimal number of false elements H is independent of the contest intensity m when the attacker attacks all elements evenly.

2010/3/30NTU OPLab

27

Scenario 2:The attacker evenly attacks all elements•Property2.

▫When m = 1,the defender always deploys fewer FEs when the attacker attacks all elements evenly compared with attacking only one element.

2010/3/30NTU OPLab

28

Scenario 2:The attacker evenly attacks all elements

• Fig. 6. Optimal number of deployed FEs H*, and V*, as functions of r/R, for different m, where N = 5 and x/R = 0.5.

2010/3/30NTU OPLab

29


2010/3/30NTU OPLab

30

Fig.1 attacker attacks one element

Fig.6 attacker evenly attacks all elements


2010/3/30NTU OPLab

31


Fig.6 attacker evenly attacks all elements


Fig. 7. Optimal H* and V* as functions of N for different m, where r/R = 5

and x/R = 0.5.

2010/3/30NTU OPLab

32

Agenda



elements •Scenario 3:The attacker evenly

attacks a subset of the elements •Conclusion

2010/3/30

33

NTU OPLab

2010/3/30 NTU OPLab 1

Scenario 3:The attacker evenly attacks a subset of the elements •Attacker can choose the number of

attacked elements that maximizes the system vulnerability.

•Analyze a two-period minmax game. The defender chooses H in the first period to minimize the maximum vulnerability V that the attacker can inflict in the second period by choosing Q.

2010/3/30NTU OPLab

34

Scenario 3:The attacker evenly attacks a subset of the elements •For any given Q, the number of attacked

GEs q among N+H elements can vary from max{0,Q-H} to min{Q,N}.

•The probability that exactly q GEs are attacked is

2010/3/30NTU OPLab

35

Scenario 3:The attacker evenly attacks a subset of the elements •If exactly q GEs are attacked, the

destruction probability of the series system is

V = 1-sq = 1-(1-v)q, when Q targets are attacked, the total destruction probability of the system is

2010/3/30NTU OPLab

36

Scenario 3:The attacker evenly attacks a subset of the elements• The solution of the minmax game(optimal

values of Q* and H* and corresponding value of the expected vulnerability V*) is obtained by the following enumerative procedure:

1. Assign V* = 1; 2. For each H = 0,…, [r/x]

2.1. Assign Vmax = 0; 2.2. For each Q = 1,…,N+H

2.2.1. Determine V(Q,H) according to(7); 2.2.2. if Vmax<V(Q,H) assign Vmax = V(Q,H) and Qopt =

Q;2.3. if Vmax< V* assign V* = Vmax, Q* = Qopt, H* = H.

2010/3/30NTU OPLab

37

Scenario 3:The attacker evenly attacks a subset of the elements

2010/3/30NTU OPLab

38

Fig. 8. Optimal Q*, H*, and V* as functions of r/R for different m, where N = 5 and x/R = 0.5.


Fig. 8. Optimal Q*, H*, and V* as functions of r/R for different m, where N = 5 and x/R = 0.5.

2010/3/30NTU OPLab

39


2010/3/30NTU OPLab

40

Fig. 9. Optimal Q*, H*, and V* as functions of N for different m, where r/R = 5 and x/R = 0.5.



• Fig. 9. Optimal Q*, H*, and V* as functions of N for different m, where r/R = 5 and x/R = 0.5.

2010/3/30NTU OPLab

41

Fig.9 attacker attacks a subset of the elements



Fig. 10. Best response functions Q*(H) and H*(Q) for various m, assuming N = 5,

r/ R = 5, and x/R = 0.5.

2010/3/30NTU OPLab

42

Agenda





2010/3/30

43

NTU OPLab

2010/3/30 NTU OPLab 1

Conclusion •Series system can be destroyed by an attack

if any one of the elements is destroyed.•To reduce the system vulnerability, the

defender protects the genuine elements and deploys false elements.

•The optimal number of false targets in general depends on the resources available to the attacker and the defender, on the false target cost, on the contest intensity and on the number of the genuine elements.

2010/3/30NTU OPLab

44

Conclusion

•When the attacker attacks only one element, as the attacker’s resource increases, it becomes more important for the defender to deploy more false elements to divert the attacker.▫With low contest intensity, efforts have

modest impact on the outcome of protection and attack, and the defender deploys many false elements to decrease the probability that a genuine element is attacked.

2010/3/30NTU OPLab

45

Conclusion

•With high contest intensity, the attacker easily gets contest success since it attacks only one element, while the defender protects all genuine elements. ▫Defender deploys a maximum number of

false elements when not too resourceful. ▫As the defender becomes more resourceful,

it abruptly decreases the deployment of false elements.

2010/3/30NTU OPLab

46

Conclusion •When the attacker attacks all elements, the

defender always deploys fewer FEs.▫With low contest intensity, this results in

high vulnerability since efforts have low impact, and the attacker is not diverted to too many FEs.

▫With high contest intensity, the vulnerability is low when the defender is sufficiently resourceful, The optimal number of FEs does not depend of the m and strictly decreases with the number of the GEs.

2010/3/30NTU OPLab

47

Conclusion

•When the attacker can choose how many elements to attack,▫low contest intensity induces the attacker

to attack all elements since contest success is more egalitarian regardless of effort.

▫with high contest intensity effort matters more and the attacker attacks overall fewer elements as the defender’s resource increases.

2010/3/30NTU OPLab

48

Conclusion • The presented model applies a contest

intensity parameter m that cannot be exactly evaluated in practice.

• Two ways of handling the uncertainty of the contest intensity can be outlined:

1.m can be defined as a fuzzy variable and fuzzy logic model can be studied.

2.The range of possible variation of m can be determined and the ‘‘worst-case’’ defense strategy can be obtained under the assumption that m takes the values that are most favorable for the attacker.

2010/3/30NTU OPLab

49

Thanks for your listening!

2010/3/30NTU OPLab

50

Protection vs. false targets in series systems Reliability Engineering and System Safety(2009) Kjell Hausken, Gregory Levitin Advisor: Frank,Yeong-Sung.

Documents