# Risk-averse Bi-level Stochastic Network Interdiction Model for Cyber-security

**Article Status:**Published

**Publication Year:**2021

Bhuiyan, Tanveer Hossain, Hugh R. Medal, Apurba K. Nandi, and Mahantesh Halappanavar. (2022) Risk-averse bi-level stochastic network interdiction model for cyber-security risk management." International Journal of Critical Infrastructure Protection 32 (2021): 100408.

[External Link]

This paper proposes a methodology to enable a risk-averse, resource constrained cyber network defender to optimally deploy security countermeasures that protect against potential attackers with an uncertain budget. The proposed methodology is based on a risk-averse bi-level stochastic network interdiction model on an attack graph–maps the potential attack paths of a cyber network–that minimizes the weighted sum of the expected maximum loss over all attack scenarios and the risk of substantially large losses. The conditional-value-at-risk measure is incorporated into the stochastic programming model to reduce the risk of substantially large losses. An exact algorithm is developed to solve the model as well as several acceleration techniques to improve the computational efficiency. Numerical experiments demonstrate that the acceleration techniques enable the solution of relatively large problems within a reasonable amount of time: simultaneously applying all the acceleration techniques reduces the average computation time of the basic algorithm by 71% for 100-node graphs. Using metrics called mean-risk value of stochastic solution and value of risk-aversion, computational results suggest that the stochastic risk-averse model provides substantially better network interdiction decision than the deterministic (ignores uncertainty) and risk-neutral models when 1) the distribution of attacker budget is heavy-right-tailed and 2) the defender is highly risk-averse.

Bhuiyan, Tanveer Hossain, Hugh R. Medal, Apurba K. Nandi, and Mahantesh Halappanavar.