{"title":"Resource allocation in two‐layered cyber‐defense","authors":"Michael P. Atkinson, M. Kress","doi":"10.1002/nav.22106","DOIUrl":null,"url":null,"abstract":"A common network security approach is to create a De‐Militarized Zone (DMZ) comprising two layers of network defense. The DMZ structure provides an extra layer of security between the sensitive information in a network (e.g., research and development files) and the component of the network that must interface with the general internet (e.g., the mail server). We consider a cyber‐attack on a DMZ network where both attacker and defender have limited resources and capabilities to attack and defend, respectively. We study two optimization problems and one game‐theoretic problem. Given that the attacker (defender) knows the potential capabilities of the defender (attacker) in the two layers, we obtain the optimal allocation of resources for the attacker (defender). The two‐optimization problems are not symmetrical. Absent any knowledge regarding the allocation of the adversary's resources, we solve a game‐theoretic problem and obtain some operational insights regarding the effect of combat (e.g., cyber) capabilities and their optimal allocation.","PeriodicalId":19120,"journal":{"name":"Naval Research Logistics (NRL)","volume":"20 1","pages":"574 - 583"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Naval Research Logistics (NRL)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1002/nav.22106","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
A common network security approach is to create a De‐Militarized Zone (DMZ) comprising two layers of network defense. The DMZ structure provides an extra layer of security between the sensitive information in a network (e.g., research and development files) and the component of the network that must interface with the general internet (e.g., the mail server). We consider a cyber‐attack on a DMZ network where both attacker and defender have limited resources and capabilities to attack and defend, respectively. We study two optimization problems and one game‐theoretic problem. Given that the attacker (defender) knows the potential capabilities of the defender (attacker) in the two layers, we obtain the optimal allocation of resources for the attacker (defender). The two‐optimization problems are not symmetrical. Absent any knowledge regarding the allocation of the adversary's resources, we solve a game‐theoretic problem and obtain some operational insights regarding the effect of combat (e.g., cyber) capabilities and their optimal allocation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
