{"title":"Interdicting Attack Plans with Boundedly Rational Players and Multiple Attackers: An Adversarial Risk Analysis Approach","authors":"Eric B. DuBois, Ashley Peper, Laura A. Albert","doi":"10.1287/deca.2023.0471","DOIUrl":null,"url":null,"abstract":"Cybersecurity planning supports the selection of and implementation of security controls in resource-constrained settings to manage risk. Doing so requires considering adaptive adversaries with different levels of strategic sophistication in modeling efforts to support risk management. However, most models in the literature only consider rational or nonstrategic adversaries. Therefore, we study how to inform defensive decision making to mitigate the risk from boundedly rational players, with a particular focus on making integrated, interdependent planning decisions. To achieve this goal, we introduce a modeling framework for selecting a portfolio of security mitigations that interdict adversarial attack plans that uses a structured approach for risk analysis. Our approach adapts adversarial risk analysis and cognitive hierarchy theory to consider a maximum-reliability path interdiction problem with a single defender and multiple attackers who have different goals and levels of strategic sophistication. Instead of enumerating all possible attacks and defenses, we introduce a solution technique based on integer programming and approximation algorithms to iteratively solve the defender’s and attackers’ problems. A case study illustrates the proposed models and provides insights into defensive planning. Funding: A. Peper and L. A. Albert were supported in part by the National Science Foundation [Grant 2000986].","PeriodicalId":46460,"journal":{"name":"Decision Analysis","volume":"57 1","pages":""},"PeriodicalIF":2.5000,"publicationDate":"2023-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Decision Analysis","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1287/deca.2023.0471","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"MANAGEMENT","Score":null,"Total":0}
引用次数: 1
Abstract
Cybersecurity planning supports the selection of and implementation of security controls in resource-constrained settings to manage risk. Doing so requires considering adaptive adversaries with different levels of strategic sophistication in modeling efforts to support risk management. However, most models in the literature only consider rational or nonstrategic adversaries. Therefore, we study how to inform defensive decision making to mitigate the risk from boundedly rational players, with a particular focus on making integrated, interdependent planning decisions. To achieve this goal, we introduce a modeling framework for selecting a portfolio of security mitigations that interdict adversarial attack plans that uses a structured approach for risk analysis. Our approach adapts adversarial risk analysis and cognitive hierarchy theory to consider a maximum-reliability path interdiction problem with a single defender and multiple attackers who have different goals and levels of strategic sophistication. Instead of enumerating all possible attacks and defenses, we introduce a solution technique based on integer programming and approximation algorithms to iteratively solve the defender’s and attackers’ problems. A case study illustrates the proposed models and provides insights into defensive planning. Funding: A. Peper and L. A. Albert were supported in part by the National Science Foundation [Grant 2000986].
网络安全规划支持在资源受限的环境中选择和实施安全控制措施,以管理风险。这样做需要在建模工作中考虑具有不同战略成熟度级别的自适应对手,以支持风险管理。然而,文献中的大多数模型只考虑理性的或非战略性的对手。因此,我们研究如何为防御性决策提供信息,以减轻有限理性参与者的风险,并特别关注制定综合的、相互依赖的规划决策。为了实现这一目标,我们引入了一个建模框架,用于选择一组安全缓解措施,以阻止使用结构化方法进行风险分析的对抗性攻击计划。我们的方法采用对抗风险分析和认知层次理论来考虑具有不同目标和战略复杂程度的单个防御者和多个攻击者的最大可靠性路径拦截问题。我们不是列举所有可能的攻击和防御,而是引入一种基于整数规划和近似算法的求解技术来迭代解决防御者和攻击者的问题。一个案例研究说明了所提出的模型,并提供了对防御计划的见解。资助:A. Peper和L. A. Albert得到了美国国家科学基金会的部分支持[Grant 2000986]。