The identification of vulnerabilities in critical infrastructure networks, especially in the event of an intentional attack, is a fundamental task to comprehend the behavior of such networks and to implement protection strategies with the purpose of raising their robustness and resilience. In this work, we characterize the network vulnerability with respect to an attacker that aims at destroying subsystems in a way that guarantees, at the same time, the maximization of the damage dealt and the minimization of the effort spent in the attack. To this end, we follow a topological approach and we characterize each subsystem as a node, while dependencies are modeled in terms of a directed edges. Moreover, each node is characterized by an intrinsic degree of importance and by the effort required to attack it. Such a differentiation of the nodes allows to capture the heterogeneous essence of the different subsystems in a Critical Infrastructure network. In this setting, we model the damage dealt by the attacker in terms of a weighted version of the pairwise connectivity, where the weights correspond to the nodes’ importance; moreover we model the overall attack effort in terms of the effort required to attack the nodes. The proposed methodology aims at computing a criticality metric based on a multi-objective optimization formulation. Specifically, the criticality metric represents the frequency with which a given subsystem is attacked in the hypothetical attack plans belonging to the Pareto front. Finally, we complement our methodology by introducing upper and lower bounds on the overall attacker’s effort, in order to specialize the proposed methodology to different classes of attackers. The feasibility of the proposed solution is tested on the US Airline Network as in 1997.
Discovering vulnerabilities in heterogeneous interconnected systems
Faramondi L;Oliva G;Setola R
2019-01-01
Abstract
The identification of vulnerabilities in critical infrastructure networks, especially in the event of an intentional attack, is a fundamental task to comprehend the behavior of such networks and to implement protection strategies with the purpose of raising their robustness and resilience. In this work, we characterize the network vulnerability with respect to an attacker that aims at destroying subsystems in a way that guarantees, at the same time, the maximization of the damage dealt and the minimization of the effort spent in the attack. To this end, we follow a topological approach and we characterize each subsystem as a node, while dependencies are modeled in terms of a directed edges. Moreover, each node is characterized by an intrinsic degree of importance and by the effort required to attack it. Such a differentiation of the nodes allows to capture the heterogeneous essence of the different subsystems in a Critical Infrastructure network. In this setting, we model the damage dealt by the attacker in terms of a weighted version of the pairwise connectivity, where the weights correspond to the nodes’ importance; moreover we model the overall attack effort in terms of the effort required to attack the nodes. The proposed methodology aims at computing a criticality metric based on a multi-objective optimization formulation. Specifically, the criticality metric represents the frequency with which a given subsystem is attacked in the hypothetical attack plans belonging to the Pareto front. Finally, we complement our methodology by introducing upper and lower bounds on the overall attacker’s effort, in order to specialize the proposed methodology to different classes of attackers. The feasibility of the proposed solution is tested on the US Airline Network as in 1997.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
