A bilevel fixed charge location model for facilities under imminent attack

We investigate a bilevel fixed charge facility location problem for a system planner (the defender) who has to provide public service to customers. The defender cannot dictate customer-facility assignments since the customers pick their facility of choice according to its proximity. Thus, each facility must have sufficient capacity installed to accommodate all customers for whom it is the closest one. Facilities can be opened either in the protected or unprotected mode. Protection immunizes against an attacker who is capable of destroying at most r unprotected facilities in the worst-case scenario. Partial protection or interdiction is not possible. The defender selects facility sites from m candidate locations which have different costs. The attacker is assumed to know the unprotected facilities with certainty. He makes his interdiction plan so as to maximize the total post-attack cost incurred by the defender. If a facility has been interdicted, its customers are reallocated to the closest available facilities making capacity expansion necessary. The problem is formulated as a static Stackelberg game between the defender (leader) and the attacker (follower). Two solution methods are proposed. The first is a tabu search heuristic where a hash function calculates and records the hash values of all visited solutions for the purpose of avoiding cycling. The second is a sequential method in which the location and protection decisions are separated. Both methods are tested on 60 randomly generated instances in which m ranges from 10 to 30, and r varies between 1 and 3. The solutions are further validated by means of an exhaustive search algorithm. Test results show that the defender's facility opening plan is sensitive to the protection and distance costs.     

The r‐interdiction selective multi‐depot vehicle routing problem

The protection of critical facilities has been attracting increasing attention in the past two decades. Critical facilities involve physical assets such as bridges, railways, power plants, hospitals, and transportation hubs among others. In this study we introduce a bilevel optimization problem for the determination of the most critical depots in a vehicle routing context. The problem is modeled as an attacker–defender game (Stackelberg game) from the perspective of an adversary agent (the attacker) who aims to inflict maximum disruption on a routing network. We refer to this problem as the r‐interdiction selective multi‐depot vehicle routing problem (RI‐SMDVRP). The attacker is the decision maker in the upper level problem (ULP) who chooses r depots to interdict with certainty. The defender is the decision maker in the lower level problem (LLP) who optimizes the vehicle routes in the wake of the attack. The defender has to satisfy all customer demand either using the remaining depots or through outsourcing to a third party logistics service provider. The ULP is solved through exhaustive enumeration, which is viable when the cardinality of interdictions does not exceed five among nine depots. For the LLP we implement a tabu search heuristic adapted to the selective multi‐depot VRP. Our results are obtained on a set of RI‐SMDVRP instances synthetically constructed from standard MDVRP test instances.     

A bi-level programming model for protection of hierarchical facilities under imminent attacks

Disorders caused by deliberate sabotage and terrorist attacks have always been considered as a major threat by the governments. Hence, identifying and planning for strengthening of critical facilities have become a priority for more security and safety. This paper presents a bi-level formulation of the r-interdiction median problem with fortification for critical hierarchical facilities. In the developed bi-level formulation, the defender, as the leader, decides to protect a certain number of facilities in each level of the hierarchical system in order to minimize the impact of the most disruptive attacks to unprotected facilities. On the other hand the attacker, as the follower, with full information about protected facilities, makes his interdiction plan to maximize the total post-attack cost incurred to the defender. We develop three metaheuristic algorithms and an exhaustive enumeration method to solve the introduced problem. Extensive computational tests on a set of randomly generated instances demonstrate the effectiveness of the developed algorithms.     

A novel bilevel model and solution algorithms for multi-period interdiction problem with fortification

Service systems are in significant danger of terrorist attacks aimed at disrupting their critical components. These attacks seek to exterminate vital assets such as transportation networks, services, and supplies. In the present paper, we propose a multi-period planning based on capacity recovery to allocate fortification/interdiction resources in a service system. The problem involves a dynamic Stackelberg game between a defender (leader) and an attacker (follower). The decisions of the defender are the services provided to customers and the fortification resources allocated to facilities in each period as the total demand-weighted distances are minimized. Following this, the attacker allocates interdiction resources to facilities that resulted in the service capacity reduction in each period. In this model, excess fortification/interdiction budgets and capacity in one period can be used in the next period. Moreover, facilities have a predefined capacity to serve the customers with varying demands during the time horizon. To solve this problem, two different types of approaches are implemented and compared. The first method is an exact reformulation algorithm based on the decomposition of the problem into a restricted master problem (RMP) and a slave problem (SP). The second one is a high performance metaheuristic algorithm, i.e., genetic algorithm (GA) developed to overcome the decomposition method’s impracticability on large-scale problem instances. We also compare the results with some novel metaheuristic algorithms such as teaching learning based optimization (TLBO) and dragonfly algorithm (DA). Computational results show the superiority of GA against TLBO and DA.     

Learning implicit information in Bayesian games with knowledge transfer

In this paper, we consider to learn the inherent probability distribution of types via knowledge transfer in a two-player repeated Bayesian game, which is a basic model in network security. In the Bayesian game, the attacker''s distribution of types is unknown by the defender and the defender aims to reconstruct the distribution with historical actions. It is difficult to calculate the distribution of types directly since the distribution is coupled with a prediction function of the attacker in the game model. Thus, we seek help from an interrelated complete-information game, based on the idea of transfer learning. We provide two different methods to estimate the prediction function in different concrete conditions with knowledge transfer. After obtaining the estimated prediction function, the defender can decouple the inherent distribution and the prediction function in the Bayesian game, and moreover, reconstruct the distribution of the attacker''s types. Finally, we give numerical examples to illustrate the effectiveness of our methods.     

A constrained binary knapsack approximation for shortest path network interdiction

A modified shortest path network interdiction model is approximated in this work by a constrained binary knapsack which uses aggregated arc maximum flow as the objective function coefficient. In the modified shortest path network interdiction problem, an attacker selects a path of highest non-detection probability on a network with multiple origins and multiple available targets. A defender allocates a limited number of resources within the geographic region of the network to reduce the maximum network non-detection probability between all origin-target pairs by reducing arc non-detection probabilities and where path non-detection probability is modeled as a product of all arc non-detection probabilities on that path. Traditional decomposition methods to solve the shortest path network interdiction problem are sensitive to problem size and network/regional complexity. The goal of this paper is to develop a method for approximating the regional allocation of defense resources that maintains accuracy while reducing both computational effort and the sensitivity of computation time to network/regional properties. Statistical and spatial analysis methods are utilized to verify approximation performance of the knapsack method in two real-world networks.     

基于纳什均衡博弈的多无人机对地攻击目标分配方法

研究一种新的多无人机对地攻击目标分配问题.该问题中攻击方试图通过无人机击毁防御方的高价值目标,防御方试图通过发射拦截导弹对无人机进行拦截,但攻防双方无法事先观察到对方实际采取的目标分配方案.通过分析防御方的拦截导弹目标分配方案对攻击方收益的影响,将问题构建为一个零和矩阵博弈模型,模型的策略空间随无人机、高价值目标、拦截导弹数量的增加呈爆炸式增长.鉴于此,现有算法难以在有效时间内对其进行求解,提出一种基于两阶段邻域搜索的改进Double Oracle (DO-TSNS)算法.实验结果表明,相较于DO、UWMA和DO-NS算法, DO-TSNS算法能够更有效地求解考虑防御方具有拦截行为的多无人机对地攻击目标分配问题.     

一种面向指纹探测欺骗的智能博弈对抗机制

指纹探测作为网络侦察的重要组成部分,是攻击者成功实施网络攻击的先决条件。针对攻防双方在指纹探测过程中的博弈对抗特征,设计了一种新型对抗攻击者指纹探测的欺骗机制,并通过建立不完全信息动态博弈模型有效刻画指纹探测欺骗过程,在此基础上讨论了欺骗指纹生成的基本方法。针对扩展指纹库规模导致的解空间爆炸问题,提出了一种基于遗传算法思想的智能指纹混淆算法,即两阶段最优策略选取算法（two-stage optimal strategy selection algorithm,TSOSA）,并建立了仿真实验环境。结果表明,与传统的贪婪算法相比,TSOSA更加有效地隐藏了网络资产的真实指纹特征,降低了攻击者的成功探测概率,进而增强了网络的安全防护能力。     

A bilevel mixed-integer program for critical infrastructure protection planning

Vulnerability to sudden service disruptions due to deliberate sabotage and terrorist attacks is one of the major threats of today. In this paper, we present a bilevel formulation of the r-interdiction median problem with fortification (RIMF). RIMF identifies the most cost-effective way of allocating protective resources among the facilities of an existing but vulnerable system so that the impact of the most disruptive attack to r unprotected facilities is minimized. The model is based upon the classical p-median location model and assumes that the efficiency of the system is measured in terms of accessibility or service provision costs. In the bilevel formulation, the top level problem involves the decisions about which facilities to fortify in order to minimize the worst-case efficiency reduction due to the loss of unprotected facilities. Worst-case scenario losses are modeled in the lower-level interdiction problem. We solve the bilevel problem through an implicit enumeration (IE) algorithm, which relies on the efficient solution of the lower-level interdiction problem. Extensive computational results are reported, including comparisons with earlier results obtained by a single-level approach to the problem.     

Interdicting attack graphs to protect organizations from cyber attacks: A bi-level defender–attacker model

Today's organizations are inherently open and connected, sharing knowledge and ideas in order to remain innovative. As a result, these organizations are also more vulnerable to information theft through different forms of security breaches caused by hackers and competitors. One way of understanding the vulnerability of an information system is to build and analyze the attack graph of that system. The attack graph of an information system contains all the paths that can be used to penetrate the system in order to breach critical assets. Although existing literature provides an abundance of attack graph generation algorithms, more methods are required to help analyze the attack graphs. In this paper, we study how best to deploy security countermeasures to protect an organization by analyzing the vulnerability of the organization through the use of its attack graph. In particular, we present an approach to find an optimal affordable subset of arcs, called an interdiction plan, on an attack graph that should be protected from attack to minimize the loss due to security breaches. We formulate this problem as a bi-level mixed-integer linear program and develop an exact algorithm to solve it. Experiments show that the algorithm is able to solve relatively large problems. Two heuristic methods, one with and the other without a heuristic to solve the master problem and both limiting the master problem branch-and-bound tree to only one node solve the large problems remarkably well. Experiments also reveal that the quality of an interdiction plan is relatively insensitive with respect to the error in the estimate of the attacker's budget, and that the breach loss drops sharply at the beginning, then levels off before finally dropping sharply again with increases in the security budget.     

A fast genetic algorithm for a critical protection problem in biomedical supply chain networks

In this paper, we present a new bilevel model for a biomedical supply chain network with capacity and budget constraint due to the protection and interdiction operations. The components considered in this model are biomedical devices, distribution centers (DCs), medical suppliers (MSs), and hospitals and patients as the demand points. On the other hand, two levels of decisions in the network planning is suggested: (1) the defender’s decision about protection operations of MSs and DCs, the assignment of clients to the DCs, and quantity of products shipped to DCs from MSs to minimize the demand-weighted traveling costs and transport costs and (2) the attacker’s decision about interdiction operations of MSs and DCs to maximize the capacity or service reduction and losses. Because of nondeterministic polynomial time (NP)-hardness of the problem under consideration, an efficient and fast approach based on a genetic algorithm and a fast branch and cut method (GA–FBC) was developed to solve the proposed model. Also, the efficiency via the comparison of results with the genetic algorithm based on CPLEX (GA-CPLEX) and decomposition method (DM) is investigated. In order to assess the performance of the presented GA–FBC, a set of 27 instances of the problem is used. Comprehensive analysis indicates that the proposed approach significantly solves the problem. In addition, the benefits and advantages of preference with running times and its accuracy is shown numerically. Simulation results clearly demonstrate that the defender’s objective effectively reduced and CPU time also within the large-sized instances of the problem in comparison with the GA-CPLEX and DM.     

融合攻击图和博弈模型的网络防御策略生成方法

近些年威胁网络安全的事件日趋频繁,黑客的攻击手段越来越复杂,网络安全防护的难度不断增加.针对实际攻防环境中攻击策略复杂多变和攻击者不理性的问题,文章将攻击图融入攻防博弈模型,并引入强化学习算法,设计了一种网络主动防御策略生成方法.该方法首先基于改进攻击图的网络脆弱性评估模型,成功压缩策略空间并有效降低建模难度,然后对网...     

A bi-objective approach for shortest-path network interdiction

In the literature, solution approaches to the shortest-path network interdiction problem have been developed for optimizing a single figure-of-merit of the network configuration when considering limited amount of resources available to interdict network links. This paper presents a newly developed evolutionary algorithm that allows approximating the optimal Pareto set of network interdiction strategies when considering bi-objective shortest path problems. Thus, the paper considers the concurrent optimization of two objectives: (1) maximization of shortest-path length and (2) minimization of interdiction strategy cost. Also, the paper considers the transformation of the first objective into the minimization of the most reliable path reliability. To solve these multi-objective optimization problems, an evolutionary algorithm has been developed. This algorithm is based on Monte Carlo simulation, to generate potential network interdiction strategies, graph theory to analyze strategies’ shortest path or most reliable path and, an evolutionary search driven by the probability that a link will appear in the optimal Pareto set. Examples for different sizes of networks and network behavior are used throughout the paper to illustrate and validate the approach.     

基于非零和随机博弈的APT攻击主动防御策略选取

为解决APT（高级持续性威胁）攻防对抗过程中的防御滞后性问题,并在有限资源下做出最优主动防御决策,针对APT攻击过程中攻防双方意图、可行策略集随攻击阶段推进而演变的特点进行了研究,基于非合作博弈理论构建了多阶段APT攻防随机博弈模型AO-ADSG（APT-oriented attack-defense stochastic game）。针对APT攻防对抗中双方效用不对等的现象引入非零和思想,设计符合APT攻击特征的全资产要素效用量化方法;在分析博弈均衡的基础上给出最优防御策略选取算法。最后,通过“夜龙攻击”模拟实验验证了提出方法的可行性及正确性。     

Maximum dynamic network flow interdiction problem: New formulation and solution procedures

We consider the dynamic version of the maximum flow network interdiction problem; that is, we assume a positive number is assigned to each arc which indicates the traversal time of the flow through that arc. We also assume that an intruder uses a single resource with limited budget to interrupt the flow of a single commodity through the network within a given time limit of T. A new formulation based on the concept of Temporally Repeated Flow (TRF) is presented. The problem is then solved using Benders’ decomposition. Another solution method, based on the most vital arcs in a network is also discussed. Finally, some computational results are reported.     

基于能力机会意图模型的网络安全态势感知方法

网络安全态势感知是提高安全管理员对网络整体安全状况掌控能力的重要技术手段。针对现有网络安全态势感知方法评估要素不够全面的问题,从攻击方、防护方、网络环境三方面出发构建了网络安全态势感知的能力机会意图模型,引入不确定推理模型解决了安全态势要素间的不确定影响关系,给出了能力指数、机会指数和意图指数的计算方法,并介绍了详细的网络安全态势感知方法。使用林肯实验室的公开数据集进行了实验,结果表明本文方法评估要素更为全面,评估结果符合实际情况。     

An attack-and-defence game for security assessment in vehicular ad hoc networks

Recently, there is an increasing interest in Security and Privacy issues in Vehicular ad hoc networks (or VANETs). However, the existing security solutions mainly focus on the preventive solutions while lack a comprehensive security analysis. The existing risk analysis solutions may not work well to evaluate the security threats in vehicular networks since they fail to consider the attack and defense costs and gains, and thus cannot appropriately model the mutual interaction between the attacker and defender. In this study, we consider both of the rational attacker and defender who decide whether to launch an attack or adopt a countermeasure based on its adversary’s strategy to maximize its own attack and defense benefits. To achieve this goal, we firstly adopt the attack-defense tree to model the attacker’s potential attack strategies and the defender’s corresponding countermeasures. To take the attack and defense costs into consideration, we introduce Return On Attack and Return on Investment to represent the potential gain from launching an attack or adopting a countermeasure in vehicular networks. We further investigate the potential strategies of the defender and the attacker by modeling it as an attack-defense game. We then give a detailed analysis on its Nash Equilibrium. The rationality of the proposed game-theoretical model is well illustrated and demonstrated by extensive analysis in a detailed case study.     

The r-interdiction median problem with probabilistic protection and its solution algorithm

This paper discusses the critical infrastructure protection problem in supply systems regarding potential intentional attacks. Considering that the protection of a facility cannot be always successful, we present the r-interdiction median problem with probabilistic protection. Defensive resources are allocated according to the degree of importance of service facilities. Computational experiments demonstrate the benefits brought by centralizing resources to a few critical sites, as well as the importance of introducing probabilistic factors. Furthermore, we discuss the problem in a scenario of multiple interdictors. It is found that the worst-case interdictions made by multiple interdictors may cause much more serious system impairment than a single interdictor. Such losses can sometimes be effectively alleviated by adjustment of fortification plans. To solve the problem, we propose an iterated greedy search method which produces good approximations to optimal fortification strategies rather fast, even for instances of considerable size.     

基于非零和攻防博弈模型的主动防御策略选取方法

针对现实网络攻防环境中防御措施的滞后性以及攻防对抗过程中双方收益不完全相等的问题,提出一种基于非零和博弈的主动防御策略选取方法。首先依据攻击者与系统的博弈关系,结合网络安全问题实际情况提出网络安全博弈图;其次在此基础上给出一种基于非零和博弈的网络攻防博弈模型,结合主机重要度以及防御措施成功率计算单一安全属性攻防收益值,进而根据攻防意图对整体攻防收益进行量化;最后通过分析纳什均衡得到最优主动防御策略。实例验证了该方法在攻击行为预测和主动防御策略选取方面的有效性和可行性。     

Network interdiction via a Critical Disruption Path: Branch-and-Price algorithms

This paper presents an innovative approach to maximally disconnect a given network. More specifically, this work introduces the concept of a Critical Disruption Path, a path between a source and a destination vertex whose deletion minimizes the cardinality of the largest remaining connected component. Network interdiction models seek to optimally disrupt network operations. Existing interdiction models disrupt network operations by removing vertices or edges. We introduce the first problem and formulation that optimally fragments a network via interdicting a path. Areas of study in which this work can be applied include transportation and evacuation networks, surveillance and reconnaissance operations, anti-terrorism activities, drug interdiction, and counter human-trafficking operations. In this paper, we first address the complexity associated with the Critical Disruption Path problem, and then provide a Mixed-Integer Linear Programming formulation for finding its optimal solution. Further, we develop a tailored Branch-and-Price algorithm that efficiently solves the Critical Disruption Path problem. We demonstrate the superiority of the developed Branch-and-Price algorithm by comparing the results found via our algorithm with the results found via the monolith formulation. In more than half of the test instances that can be solved by both the monolith and our Branch-and-Price algorithm, we outperform the monolith by two orders of magnitude.