Optimal resource allocation to defend against deliberate attacks in networking infrastructures

Protecting networking infrastructures from malicious attacks is important as a successful attack on a high data rate link can cause the loss or delay of large amounts of data. In this paper, we consider a proactive approach where the ISPs are willing to allocate some (limited) resources to defend the networking infrastructures against the attacks. We aim to answer where and how much the defending resource should be placed so that the expected data loss can be minimized no matter where the attacker may launch the attack. We model the problem as a 2-player zero-sum game where the payoffs are measured by the maximum network flow. In order to overcome the unique challenges of such payoffs, we transform the payoffs into explicit piece-wise functions through multi-parametric linear programming (MP-LP) and divide the entire strategy space into a set of critical regions. We prove that a global Nash Equilibrium (NE) exists when there is only one critical region. However, when the number of critical regions is greater than 1, there is no global NE. We also prove that there exists one and only one local NE in each critical region. We then design a mixed-strategy solution. Our results have shown that to dedicate all defending resources to one min-cut set when there are multiple min-cut sets will not be an optimal solution, however, min-cut strategies will have higher probabilities to be selected in the mixed-strategy solution when the defending resource is limited.

[1]  George C. Polyzos,et al.  Traffic characteristics of the T1 NSFNET backbone , 1993, IEEE INFOCOM '93 The Conference on Computer Communications, Proceedings.

[2]  William Stallings,et al.  Cryptography and network security , 1998 .

[3]  Eytan Modiano,et al.  Assessing the Vulnerability of the Fiber Infrastructure to Disasters , 2009, IEEE INFOCOM 2009.

[4]  J. Gross,et al.  Graph Theory and Its Applications , 1998 .

[5]  S. Skaperdas Contest success functions , 1996 .

[6]  M. Morari,et al.  Geometric Algorithm for Multiparametric Linear Programming , 2003 .

[7]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[8]  Gerald G. Brown,et al.  Defending Critical Infrastructure , 2006, Interfaces.

[9]  R. Kevin Wood,et al.  Shortest‐path network interdiction , 2002, Networks.

[10]  Guoliang Xue,et al.  Circuits/Cutsets Duality and a Unified Algorithmic Framework for Survivable Logical Topology Design in IP-over-WDM Optical Networks , 2009, IEEE INFOCOM 2009.

[11]  D. Marquis,et al.  Assessing Network Infrastructure Vulnerabilities to Physical Layer Attacks , 1999 .

[12]  Suresh Subramaniam,et al.  Survivability in optical networks , 2000, IEEE Netw..

[13]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[14]  Efstratios N. Pistikopoulos,et al.  Linear Model Predictive Control via Multiparametric Programming , 2014 .

[15]  R. Powell Defending against Terrorist Attacks with Limited Resources , 2007, American Political Science Review.

[16]  Samuel Bowles,et al.  Microeconomics: Behavior, Institutions, and Evolution , 2003 .

[17]  Francisco Facchinei,et al.  Generalized Nash Equilibrium Problems , 2010, Ann. Oper. Res..

[18]  David K. Smith Network Flows: Theory, Algorithms, and Applications , 1994 .

[19]  Muriel Medard,et al.  Security issues in all-optical networks , 1997 .

[20]  White House Administrative Office The national strategy for the physical protection of critical infrastructures and key assets , 2003 .