Innovative Applications of O.R.
Systems under attack-survivability rather than reliability: Concept, results, and applications

https://doi.org/10.1016/j.ejor.2016.09.041Get rights and content

Highlights

  • We introduce a new concept of system survivability upon attack.

  • We account for the attacker adaptive nature in targeting a system.

  • We develop results on survivability for classical reliability configurations.

  • We illustrate with various practical applications.

Abstract

In this paper, we introduce the concept of system survivability under attack in analogy with system reliability. The problem is very important particularly nowadays when the world witnesses a large variety of intelligent threats including terrorism, rebellions, civil wars, pirating, and so on. We limit consideration to the discrete case. We define a component/system survivability to be the probability that the system/component continues functioning upon attack. We specify the differences between our suggested concept of system survivability and the traditional one of system reliability. Most often, the survivability follows a Bernoulli distribution for which the survival probability is derived based on the system configuration. We develop results for series, parallel, series-parallel, parallel-series and k-out-of-n systems. We also provide the expected number of attacks for each system configuration based on the particular attack strategy both for single and multiple attacks. We illustrate the process through a real application.

Introduction

The problem of system survivability in a defense/attack framework looks very hot nowadays. Actually, the world witnesses a large number of intelligent threats. In the last few years, terrorism was observed in a multitude of places including Iraq, Pakistan, Tunisia, Lebanon, Nigeria, and recently France and the US with the attacks on Paris and California at the end of 2015. There are civil wars in Libya and Syria, a coup-d’état in Egypt in addition to rebellions in Turkey. As a result, many attacks were launched both on civilian and military targets leading to casualties and considerable damage. Therefore, it is vital to strengthen the ability to protect human lives as well as strategic systems such as water distribution, electricity and telecommunication systems. In particular, it is important to develop tools and strategies to increase system “survivability” upon attack.

To the best knowledge of the authors, not a single study has explicitly defined the concept of survivability of components or systems upon attacks as opposed to the concept of reliability. Furthermore, no general results for classical system configurations have been derived for system survivability. A number of studies however have emphasized the fact that reliability theory and risk analysis are inappropriate to approach the survival of systems upon attacks. In their report for the National Academy of Sciences, Parnell et al. (2008) discuss the elements of risk analysis, including risk management, and identify the crucial differences between the use of risk analysis to assess and manage the risks of natural disasters and its use to assess and manage risks from terrorist attacks. Suggestions of tackling similar situations include combining risk analysis or reliability theory with game theory to approach problems of protecting systems from intentional threats (see for instance Bier, Nagaraj, & Abhichandani, 2005; or Guikema, 2009). Insua et al. (2009) discuss what they refer to as adversarial risk analysis considering a number of formulations of decision problems in the presence of intelligent opponents and suggest a framework extending the traditional risk analysis tools, such as influence diagrams and probabilistic reasoning to the context of adversarial risk analysis. They also outline the challenges in using techniques such as dynamic programing and game theory particularly from computational perspectives.

Survivability has mainly been used to reflect the ability of a system/component to continue functioning say upon an accident or an attack. For instance, Ellison, Fisher, Linger, Lipson, and Longstaff (1997) define survivability as “the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents”. The same meaning is used explicitly or implicitly in several other studies such as Zhang et al., 2016, Agarwal and Venkateshan, 2016, Inmaculada et al., 2016, Levitin and Hausken, 2008, and Levitin (2009). It should be clear that the terminology used is of qualitative nature. Network survivability is however considered quantitatively using different metrics measured in terms of lost or unserved system flow such as Starita and Scaparra, 2016, Myung and Kim, 2004, Murray et al., 2007, and Matisziw and Murray (2009). It is worth noting that the concept of system survivability upon attack introduced in this paper is different from the above concepts.

On the other hand, system reliability is widely identified as “the probability that a component or system will perform a required function for a given period of time when used under stated operating conditions” (Ebeling, 1997). We will provide below a discussion to differentiate survivability, as defined in the current study, from system reliability.

In this paper, we define and investigate the concept of system survivability upon attack, in a defense/attack context, in analogy with the concept of system reliability. We will restrict focus to the discrete case. Ongoing research work by the authors however considers survivability in the continuous case and for networks. Moreover, the current study will derive general results for the following system configurations: series, parallel, series-parallel, parallel-series and k-out-of-n systems. We consider a variety of attacks including Bernoulli attacks with p as probability of success (i.e., of disabling the system or component of interest), binomial attacks where the attacker may disable more components than needed to make the system incur the maximum damage, geometric attacks where the attacker will stop only after disabling the system, and truncated geometric attacks where the attacker will stop either when the system is disabled or the maximum number of feasible attacks is reached, whichever occurs first.

The system survivability depends on several factors including the attacker strategies and resources. Therefore, the stochastic number of attacks that need to be launched is important both for resource-availability considerations and for plans of defense/attack strategies. Consequently, our analysis will extend to derive the expected number of attacks for each system configuration to be considered. It is assumed throughout the paper that the systems to be investigated are independent, in the sense that the failure of one component does not affect the performance of the remaining ones. Moreover, the study extends to partially consider multiple attacks on the same component.

For the remaining of the paper, Section 2 provides some literature review. Section 3 introduces the concept. It also elaborates on the differences between reliability and survivability. Results are derived both for the cases of single and multiple attacks. Section 4 investigates series systems under attack. Section 5 considers parallel systems. Section 6 extends the results to series-parallel and parallel-series systems. Section 7 derives results for k-out-of-n systems. Section 8 discusses a real application. Section 9 provides general discussions and interpretations. Finally, Section 10 serves for conclusions.

Section snippets

Literature review

While the concept of system survivability as defined above is not explicitly investigated in the literature, the last decade has observed some considerable effort in modeling defense/attack strategies (see for instance Bier and Azaiez, 2009, Zhuang and Bier, 2007, Bier et al., 2005, Apostolakis and Lemon, 2005, etc.) including assessment of probability of successful attacks. Particular focus lies on optimizing strategies in a game-theoretic framework. Guikema (2009) provides a survey of the

The concept of system survivability upon attack

Attacks are often inevitable and hence defense plans may account for reducing the corresponding effect in hope of preserving the “survivability” of systems. Roughly speaking, we may view survivability in defense/attack strategies as the dynamic version of the concept of reliability. In fact, the attacker would target the most vulnerable components in order to disable a system exploiting from its weaknesses. Defense strategies however are devised in an adaptive way to deter attacks or to start

Series systems under Bernoulli attacks

The last investigated case coincides with the one of a series system of n identical and independent components where the failure of each component upon attack has probability p to occur. It is first assumed that the attacker will continue attacking until one component is disabled or all components are unsuccessfully tried, whichever occurs first. If the components however are not identical and the failure probability of component i upon attack is pi, then the attacker will attempt component i + 1

Parallel systems under Bernoulli attacks

Suppose now that the system is parallel and at most one attack per component will be launched. The attack is continued until all components are disabled (in which case the attack succeeds) or one component survives upon attack (in which case the attack fails), whichever occurs first. Then, the system survival distribution is Bernoulli, S∼Ber (Q), where Q =1i=1npi.

Note that, once more, the probability of a successful attack or equivalently the system survivability does not depend on the

Parallel-series and series-parallel systems under Bernoulli attacks

We extend the results above to the more general configuration of parallel-series and series-parallel systems. While the extension is somewhat natural, the derivation of the results is not straightforward. The survival distribution will remain to be Bernoulli. However, some care must be exercised when estimating the expected number of attacks to be launched.

k-out-of-n systems under Bernoulli attacks

Consider now a k-out-of-n system where all n components are functioning. Assume that the attack is launched on one component at a time until system failure or the attacker realizes that the attack will fail, whichever occurs first. Again, we assume that a component can be attacked at most once. Let p be the probability of disabling one component upon attack and q = 1−p the survival probability of that component. Then, the following result applies:

Proposition 7.1

The system will survive in a Bernoulli manner,

Application: the Tunisian political crisis

In this section, we present a real application on the Tunisian political crisis in 2013. We suggest a model based on the configurations discussed above in order to approach the problem.

Upon the assassination of a political leader in Tunisia on the 25th of July 2013, most of the opposition parties got together requiring the government in power to step down. The opposition argued that the government failed in a number of aspects including setting security. The government however claimed that it

General discussion and interpretations

This paper introduces the new concept of survivability in the context of system failure due to intelligent threats as opposed to classical reliability theory. This new concept accounts for the adaptive strategies and resource-availability and can be viewed as a dynamic version of system reliability subjected to intentional attacks. The aim is to build a theoretical ground with general results for various system configurations. While some of the results do coincide with the old ones related to

Conclusions and directions for future work

In this work, we attempt to build some theoretical ground for survivability of systems upon attack. We consider a variety of reliability configurations for which we determine both the survival distribution as well as the expected number of attacks to be carried out for a given attack strategy. We limit focus on the discrete case. The results developed are somewhat challenging particularly with respect to the average number of attacks. Most often, the system survivability is Bernoulli with

References (43)

  • T.C. Matisziw et al.

    Modeling st path availability to support disaster vulnerability assessment of network infrastructure

    Computers & Operations Research

    (2009)
  • MyungY.S. et al.

    A cutting plane algorithm for computing k-edge survivability of a network

    European Journal of Operational Research

    (2004)
  • J. Obert et al.

    Proactively applied encryption in multipath networks

    Computers & Security

    (2016)
  • S. Park et al.

    Systematic analysis of framing bias in missile defense: Implications toward visualization design

    European Journal of Operational Research

    (2007)
  • SongL. et al.

    Cooperative simultaneous attack of multi-missiles under unreliable and noisy communication network: A consensus scheme of impact time

    Aerospace Science and Technology

    (2015)
  • S. Starita et al.

    Optimizing dynamic investment decisions for railway systems protection

    European Journal of Operational Research

    (2016)
  • ZhuangJ. et al.

    Modeling secrecy and deception in a multiple-period attacker–defender signaling game

    European Journal of Operational Research

    (2010)
  • ZhangC. et al.

    A two-stage resource allocation model for lifeline systems quick response with vulnerability analysis

    European Journal of Operational Research

    (2016)
  • G.E. Apostolakis et al.

    A screening methodology for the identification and ranking of infrastructure vulnerabilities due to terrorism

    Risk Analysis

    (2005)
  • M.N. Azaiez

    A Bayesian model for a game of information in optimal attack/defense strategies

  • Ben Yaghlane, A., & Azaiez, M. N. (2016). Poisson processes for modeling continuous-time attacks. Under...
  • Cited by (0)

    View full text