Please use this identifier to cite or link to this item: http://cmuir.cmu.ac.th/jspui/handle/6653943832/54235
Full metadata record
DC FieldValueLanguage
dc.contributor.authorGeir Agnarssonen_US
dc.contributor.authorRaymond Greenlawen_US
dc.contributor.authorSanpawat Kantabutraen_US
dc.date.accessioned2018-09-04T10:09:52Z-
dc.date.available2018-09-04T10:09:52Z-
dc.date.issued2015-01-01en_US
dc.identifier.issn18651348en_US
dc.identifier.other2-s2.0-84946834033en_US
dc.identifier.other10.1007/978-3-319-22204-2_6en_US
dc.identifier.urihttps://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=84946834033&origin=inwarden_US
dc.identifier.urihttp://cmuir.cmu.ac.th/jspui/handle/6653943832/54235-
dc.description.abstract© Springer International Publishing Switzerland 2015. This paper makes three contributions to cyber-security research. First, we define a model for cyber-security systems and the concept of a cyber-security attack within the model’s framework. The model highlights the importance of game-over components—critical system components which if acquired will give an adversary the ability to defeat a system completely. The model is based on systems that use defense-in-depth/layered-security approaches, as many systems do. In the model we define the concept of penetration cost}, which is the cost that must be paid in order to break into the next layer of security. Second, we define natural decision and optimization problems based on cyber-security attacks in terms of doubly weighted trees, and analyze their complexity. More precisely, given a tree T rooted at a vertex r, a penetrating cost edge function c on T, a target- acquisition vertex function p on T, the attacker's budget and the game-over threshold B ,G∈Q+ respectively, we consider the problem of determining the existence of a rooted subtree T ’ of T within the attacker’s budget (that is, the sum of the costs of the edges in T ’ is less than or equal to B) with total acquisition value more than the game-over threshold (that is, the sum of the target values of the nodes in T ’ is greater than or equal to G). We prove that the general version of this problem is intractable. We also analyze the complexity of three restricted versions of the problems, where the penetration cost is the constant function, integervalued, and rational-valued among a given fixed number of distinct values. Using recursion and dynamic-programming techniques, we show that for constant penetration costs an optimal cyber-attack strategy can be found in polynomial time, and for integer-valued and rational-valued penetration costs optimal cyber-attack strategies can be found in pseudo-polynomial time. Third, we provide a list of open problems relating to the architectural design of cyber-security systems and to the model.en_US
dc.subjectBusiness, Management and Accountingen_US
dc.subjectComputer Scienceen_US
dc.subjectDecision Sciencesen_US
dc.subjectEngineeringen_US
dc.subjectMathematicsen_US
dc.titleThe complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problemen_US
dc.typeBook Seriesen_US
article.title.sourcetitleLecture Notes in Business Information Processingen_US
article.volume222en_US
article.stream.affiliationsGeorge Mason University, Fairfax Campusen_US
article.stream.affiliationsUS Naval Academyen_US
article.stream.affiliationsChiang Mai Universityen_US
Appears in Collections:CMUL: Journal Articles

Files in This Item:
There are no files associated with this item.


Items in CMUIR are protected by copyright, with all rights reserved, unless otherwise indicated.