Formulating Cyber-Security as Convex Optimization Problems

Vamvoudakis, Kyriakos G.; Hespanha, João P.; Kemmerer, Richard A.; Vigna, Giovanni

doi:10.1007/978-3-319-01159-2_5

Kyriakos G. Vamvoudakis²,
João P. Hespanha²,
Richard A. Kemmerer³ &
…
Giovanni Vigna³

Part of the book series: Lecture Notes in Control and Information Sciences ((LNCIS,volume 449))

3513 Accesses

Abstract

Mission-centric cyber-security analysts require a complete overview and understanding of the state of a mission and any potential threats to their completion. To facilitate this, we propose optimization based algorithms that can be used to predict in real-time how an attacker may try to compromise a cyber-mission with a limited amount of resources, based on a model that takes into account potential damage to the mission and probabilistic uncertainty. Two different optimization schemes are considered: one where all the mission data is known a priori to the attacker and another where system identification and a moving horizon optimization is used to produce the estimates based on historical data. Our schemes are compared with real attacks carried our by human players in the 2011 international Capture The Flag (iCTF) hacking competition.

This material is based upon work supported by ARO MURI Grant number W911NF0910553.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic

$34.99 /Month

Get 10 units per month
Download Article/Chapter or eBook
1 Unit = 1 Article or 1 Chapter
Cancel anytime

Buy Now

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Efficient Numerical Frameworks for Multi-objective Cyber Security Planning

Mission-Oriented Security Model, Incorporating Security Risk, Cost and Payout

Suboptimality of Constrained Action Adversarial Cyber-Physical Games

Article Open access 06 March 2025

References

Boyd, S., Vandenberghe, L.: Convex Optimization. Cambridge University Press (2004)
Google Scholar
Doupe, A., Egele, M., Caillat, B., Stringhini, G., Yakin, G., Zand, A., Cavedon, L., Vigna, G.: Hit’em where it hurts: A live security exercise on cyber situational awareness. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC 2011), Orlando, FL (December 2011)
Google Scholar
Endsley, M.: Theoretical Underpinnings of Situation Awareness: A Critical Review, ch. 1, pp. 3–32. L. Erlbaum Assoc. (2000)
Google Scholar
Stockman, N., Vamvoudakis, K.G., Devendorf, L., Höllerer, T., Kemmerer, R., Hespanha, J.P.: A Mission-Centric Visualization Tool for Cybersecurity Situation Awareness. Technical Report, University of California, Santa Barbara (August 2012)
Google Scholar
Vigna, G.: The 2011 UCSB iCTF: Description of the game (2011), http://ictf.cs.ucsb.edu/

Download references

Author information

Authors and Affiliations

Center for Control, Dynamical-systems and Computation (CCDC), University of California, Santa Barbara, CA, 93106-9560, USA
Kyriakos G. Vamvoudakis & João P. Hespanha
Computer Security Lab, University of California, Santa Barbara, CA, 93106-9560, USA
Richard A. Kemmerer & Giovanni Vigna

Authors

Kyriakos G. Vamvoudakis
View author publications
You can also search for this author in PubMed Google Scholar
João P. Hespanha
View author publications
You can also search for this author in PubMed Google Scholar
Richard A. Kemmerer
View author publications
You can also search for this author in PubMed Google Scholar
Giovanni Vigna
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kyriakos G. Vamvoudakis .

Editor information

Editors and Affiliations

, Department of Electrical and, The Johns Hopkins University, Baltimore, 21218, Maryland, USA
Danielle C. Tarraf

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Vamvoudakis, K.G., Hespanha, J.P., Kemmerer, R.A., Vigna, G. (2013). Formulating Cyber-Security as Convex Optimization Problems. In: Tarraf, D. (eds) Control of Cyber-Physical Systems. Lecture Notes in Control and Information Sciences, vol 449. Springer, Heidelberg. https://doi.org/10.1007/978-3-319-01159-2_5

Download citation

DOI: https://doi.org/10.1007/978-3-319-01159-2_5
Publisher Name: Springer, Heidelberg
Print ISBN: 978-3-319-01158-5
Online ISBN: 978-3-319-01159-2
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics