An Optimization-based Methodology for Network Defense to Maximize Average System Survivability

In this dissertation, we consider the problem of maximizing network average survivability in a protected network subject to attacker profile/behavior constraints and defender resource/strategy constraints. When evaluating survivability, the risk of the network can be a legitimate metric. Compared with previous research, the following two enhancements are made. First, we no longer assume that complete information regarding the network topology and defense resource allocation is fully available for attackers. Second, collaborative attack, which produces synergy, is considered in this study. Besides measuring the synergy by Cobb-Douglas Function from economics, another model which takes member’s interrelationship to formulate synergy is proposed. The scenario is modeled as two generic mathematical programming problems (the commander problem and the defender problem), and a novel two-phase solution approach, which well combines mathematical programming and simulation techniques, is proposed. More specifically, in the “Objective Function Evaluation Phase”, efficient and effective simulations are conducted to evaluate the effectiveness of the current defense policy; whereas, in the “Defense Policy Enhancement Phase”, three enhancement methods are proposed and compared, including: (1) definition of directional derivatives, which calculates directional derivatives of each decision variable through numerical procedure, it achieves at least 21% improvement and consumes at most 7.5 hours, (2) local information estimation, which applies easy-to-collect information gathered from the “Objective Function Evaluation Phase” to estimate directional derivatives of each decision variable, it achieves at least 13% improvement and consumes at most 1.8 hours, and (3) hybrid enhancement, which is developed to integrate advantages of above two methods, it achieves at least 28% improvement and consumes at most 2.0 hours. From computational experiments, applicability and effectiveness of the proposed framework and algorithms are clearly demonstrated.