Imperial College London
Alternate

Professor Christopher Hankin

Faculty of EngineeringDepartment of Computing

Professor of Computing
 
 
 
//

Contact

 

c.hankin Website

 
 
//

Location

 

Sherfield BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@inproceedings{Khouzani:2016:10.1007/978-3-319-45741-3_10,
author = {Khouzani, MHR and Malacaria, P and Hankin, C and Fielder, A and Smeraldi, F},
doi = {10.1007/978-3-319-45741-3_10},
pages = {179--197},
publisher = {Springer International Publishing AG},
title = {Efficient numerical frameworks for multi-objective cyber security planning},
url = {http://dx.doi.org/10.1007/978-3-319-45741-3_10},
year = {2016}
}
Download

RIS format (EndNote, RefMan)

TY  - CPAPER
AB  - We consider the problem of optimal investment in cyber-security by an enterprise. Optimality is measured with respect to the overall (1) monetary cost of implementation, (2) negative side-effects of cyber-security controls (indirect costs), and (3) mitigation of the cyber-security risk. We consider “passive” and “reactive” threats, the former representing the case where attack attempts are independent of the defender’s plan, the latter, where attackers can adapt and react to an implemented cyber-security defense. Moreover, we model in three different ways the combined effect of multiple cyber-security controls, depending on their degree of complementarity and correlation. We also consider multi-stage attacks and the potential correlations in the success of different stages. First, we formalize the problem as a non-linear multi-objective integer programming. We then convert them into Mixed Integer Linear Programs (MILP) that very efficiently solve for the exact Pareto-optimal solutions even when the number of available controls is large. In our case study, we consider 27 of the most typical security controls, each with multiple intensity levels of implementation, and 37 common vulnerabilities facing a typical SME. We compare our findings against expert-recommended critical controls. We then investigate the effect of the security models on the resulting optimal plan and contrast the merits of different security metrics. In particular, we show the superior robustness of the security measures based on the “reactive” threat model, and the significance of the hitherto overlooked role of correlations.
AU  - Khouzani,MHR
AU  - Malacaria,P
AU  - Hankin,C
AU  - Fielder,A
AU  - Smeraldi,F
DO  - 10.1007/978-3-319-45741-3_10
EP  - 197
PB  - Springer International Publishing AG
PY  - 2016///
SN  - 0302-9743
SP  - 179
TI  - Efficient numerical frameworks for multi-objective cyber security planning
UR  - http://dx.doi.org/10.1007/978-3-319-45741-3_10
UR  - http://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcApp=PARTNER_APP&SrcAuth=LinksAMR&KeyUT=WOS:000387954500010&DestLinkType=FullRecord&DestApp=ALL_WOS&UsrCustomerID=1ba7043ffcc86c417c072aa74d649202
UR  - http://hdl.handle.net/10044/1/64565
ER  -
Download