Optimal Cybersecurity Investments for SIS Model

We study the problem of minimizing the (time) average security costs in large systems comprising many interdependent subsystems, where the state evolution is captured by a susceptible-infected-susceptible (SIS) model. The security costs reflect security investments, economic losses and recovery costs from infections and failures following successful attacks. We show that the resulting optimization problem is non-convex and propose two algorithms - one for solving a convex relaxation, and the other for finding a local minimizer, based on a reduced gradient method. Also, we provide a sufficient condition under which the convex relaxation is exact and its solution coincides with that of the original problem. Numerical results are provided to validate our analytical results and to demonstrate the effectiveness of the proposed algorithms.

[1]  Van Sy Mai,et al.  Asynchronous Distributed Matrix Balancing and Application to Suppressing Epidemic , 2019, 2019 American Control Conference (ACC).

[2]  L. Lasdon,et al.  Nonlinear optimization using the generalized reduced gradient method , 2011 .

[3]  Joel E. Cohen,et al.  CONVEXITY OF THE DOMINANT EIGENVALUE OF AN ESSENTIALLY NONNEGATIVE MATRIX , 1981 .

[4]  Piet Van Mieghem,et al.  Optimal curing policy for epidemic spreading over a community network with heterogeneous population , 2016, J. Complex Networks.

[5]  Marc Lelarge,et al.  A local mean field analysis of security investments in networks , 2008, NetEcon '08.

[6]  Van Sy Mai,et al.  Distributed Algorithm for Suppressing Epidemic Spread in Networks , 2018, IEEE Control Systems Letters.

[7]  Jonathan Currie,et al.  Opti: Lowering the Barrier Between Open Source Optimizers and the Industrial MATLAB User , 2012 .

[8]  Van Sy Mai,et al.  Optimizing Leader Influence in Networks Through Selection of Direct Followers , 2018, IEEE Transactions on Automatic Control.

[9]  George J. Pappas,et al.  Optimal Resource Allocation for Control of Networked Epidemic Models , 2017, IEEE Transactions on Control of Network Systems.

[10]  Piet Van Mieghem,et al.  Optimization of network protection against virus spread , 2011, 2011 8th International Workshop on the Design of Reliable Communication Networks (DRCN).

[11]  R. Plemmons M-matrix characterizations.I—nonsingular M-matrices , 1977 .

[12]  Juan Manuel Peña A stable test to check if a matrix is a nonsingular M-matrix , 2004, Math. Comput..

[13]  Shreyas Sundaram,et al.  Interdependent Security Games on Networks Under Behavioral Probability Weighting , 2015, IEEE Transactions on Control of Network Systems.

[14]  Roy D. Yates,et al.  A Framework for Uplink Power Control in Cellular Radio Systems , 1995, IEEE J. Sel. Areas Commun..

[15]  Stavros A. Zenios,et al.  A Comparative Study of Algorithms for Matrix Balancing , 1990, Oper. Res..

[16]  D. Luenberger,et al.  Efficiently Converging Minimization Methods Based on the Reduced Gradient , 1976 .

[17]  Charles R. Johnson,et al.  Matrix analysis , 1985, Statistical Inference for Engineers and Data Scientists.

[18]  Reuven Cohen,et al.  Efficient immunization strategies for computer networks and populations. , 2002, Physical review letters.

[19]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[20]  Amin Saberi,et al.  How to distribute antidote to control epidemics , 2010, Random Struct. Algorithms.

[21]  Richard J. La,et al.  Interdependent Security with Strategic Agents and Global Cascades , 2014 .

[22]  Yuliy Baryshnikov,et al.  IT Security Investment and Gordon-Loeb's 1/e Rule , 2012, WEIS.

[23]  Hamid Reza Feyzmahdavian,et al.  Contractive Interference Functions and Rates of Convergence of Distributed Power Control Laws , 2012, IEEE Transactions on Wireless Communications.

[24]  Rafail Ostrovsky,et al.  Matrix Balancing in Lp Norms: Bounding the Convergence Rate of Osborne's Iteration , 2017, SODA.

[25]  Bahman Gharesifard,et al.  Stability of epidemic models over directed graphs: A positive systems approach , 2014, Autom..

[26]  Amin Saberi,et al.  How to distribute antidote to control epidemics , 2010 .

[27]  Chinwendu Enyioha,et al.  Optimal vaccine allocation to control epidemic outbreaks in arbitrary networks , 2013, 52nd IEEE Conference on Decision and Control.

[28]  Mingyan Liu,et al.  Incentivizing effort in interdependent security games using resource pooling , 2019, NetEcon@SIGMETRICS.