Dealing with uncertainty in cybersecurity decision support
| dc.contributor.author | Zhang, Y | |
| dc.contributor.author | Malacaria, P | |
| dc.date.accessioned | 2024-10-21T09:39:06Z | |
| dc.date.issued | 2024-10-19 | |
| dc.date.updated | 2024-10-21T08:54:21Z | |
| dc.description.abstract | The mathematical modeling of cybersecurity decision-making heavily relies on cybersecurity metrics. However, achieving precision in these metrics is notoriously challenging, and their inaccuracies can significantly influence model outcomes. This paper explores resilience to uncertainties in the effectiveness of security controls. We employ probabilistic attack graphs to model threats and introduce two resilient models: minmax regret and min-product of risks, comparing their performance. Building on previous Stackelberg game models for cybersecurity, our approach leverages totally unimodular matrices and linear programming (LP) duality to provide efficient solutions. While minmax regret is a well-known approach in robust optimization, our extensive simulations indicate that, in this context, the lesser-known min-product of risks offers superior resilience. To demonstrate the practical utility and robustness of our framework, we include a multi-dimensional decision support case study focused on home IoT cybersecurity investments, highlighting specific insights and outcomes. This study illustrates the framework’s effectiveness in real-world settings. | en_GB |
| dc.description.sponsorship | Engineering and Physical Sciences Research Council (EPSRC) | en_GB |
| dc.identifier.citation | Vol. 148, article 104153 | en_GB |
| dc.identifier.doi | https://doi.org/10.1016/j.cose.2024.104153 | |
| dc.identifier.grantnumber | EP/T026596/1 | en_GB |
| dc.identifier.uri | http://hdl.handle.net/10871/137735 | |
| dc.identifier | ORCID: 0000-0002-0090-1330 (Zhang, Yunxiao) | |
| dc.language.iso | en | en_GB |
| dc.publisher | Elsevier | en_GB |
| dc.rights | © 2024 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/) | en_GB |
| dc.subject | Robust optimization | en_GB |
| dc.subject | Decision support | en_GB |
| dc.subject | Uncertainty | en_GB |
| dc.subject | Cyber-security | en_GB |
| dc.subject | Stackelberg games | en_GB |
| dc.subject | Security games | en_GB |
| dc.subject | Attack graphs | en_GB |
| dc.title | Dealing with uncertainty in cybersecurity decision support | en_GB |
| dc.type | Article | en_GB |
| dc.date.available | 2024-10-21T09:39:06Z | |
| dc.identifier.issn | 0167-4048 | |
| exeter.article-number | 104153 | |
| dc.date.dateSubmitted | 2024-06-10 | |
| dc.description | This is the final version. Available on open access from Elsevier via the DOI in this record | en_GB |
| dc.description | Data availability: No data was used for the research described in the article. | en_GB |
| dc.identifier.journal | Computers and Security | en_GB |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | en_GB |
| dcterms.dateAccepted | 2024-10-07 | |
| rioxxterms.version | VoR | en_GB |
| rioxxterms.licenseref.startdate | 2024-10-19 | |
| rioxxterms.type | Journal Article/Review | en_GB |
| refterms.dateFCD | 2024-10-21T09:36:33Z | |
| refterms.versionFCD | VoR | |
| refterms.panel | B | en_GB |
| exeter.rights-retention-statement | Yes |
Files in this item
This item appears in the following Collection(s)
Except where otherwise noted, this item's licence is described as © 2024 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/)