Innovative Applications of O.R.Systems under attack-survivability rather than reliability: Concept, results, and applications
Introduction
The problem of system survivability in a defense/attack framework looks very hot nowadays. Actually, the world witnesses a large number of intelligent threats. In the last few years, terrorism was observed in a multitude of places including Iraq, Pakistan, Tunisia, Lebanon, Nigeria, and recently France and the US with the attacks on Paris and California at the end of 2015. There are civil wars in Libya and Syria, a coup-d’état in Egypt in addition to rebellions in Turkey. As a result, many attacks were launched both on civilian and military targets leading to casualties and considerable damage. Therefore, it is vital to strengthen the ability to protect human lives as well as strategic systems such as water distribution, electricity and telecommunication systems. In particular, it is important to develop tools and strategies to increase system “survivability” upon attack.
To the best knowledge of the authors, not a single study has explicitly defined the concept of survivability of components or systems upon attacks as opposed to the concept of reliability. Furthermore, no general results for classical system configurations have been derived for system survivability. A number of studies however have emphasized the fact that reliability theory and risk analysis are inappropriate to approach the survival of systems upon attacks. In their report for the National Academy of Sciences, Parnell et al. (2008) discuss the elements of risk analysis, including risk management, and identify the crucial differences between the use of risk analysis to assess and manage the risks of natural disasters and its use to assess and manage risks from terrorist attacks. Suggestions of tackling similar situations include combining risk analysis or reliability theory with game theory to approach problems of protecting systems from intentional threats (see for instance Bier, Nagaraj, & Abhichandani, 2005; or Guikema, 2009). Insua et al. (2009) discuss what they refer to as adversarial risk analysis considering a number of formulations of decision problems in the presence of intelligent opponents and suggest a framework extending the traditional risk analysis tools, such as influence diagrams and probabilistic reasoning to the context of adversarial risk analysis. They also outline the challenges in using techniques such as dynamic programing and game theory particularly from computational perspectives.
Survivability has mainly been used to reflect the ability of a system/component to continue functioning say upon an accident or an attack. For instance, Ellison, Fisher, Linger, Lipson, and Longstaff (1997) define survivability as “the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents”. The same meaning is used explicitly or implicitly in several other studies such as Zhang et al., 2016, Agarwal and Venkateshan, 2016, Inmaculada et al., 2016, Levitin and Hausken, 2008, and Levitin (2009). It should be clear that the terminology used is of qualitative nature. Network survivability is however considered quantitatively using different metrics measured in terms of lost or unserved system flow such as Starita and Scaparra, 2016, Myung and Kim, 2004, Murray et al., 2007, and Matisziw and Murray (2009). It is worth noting that the concept of system survivability upon attack introduced in this paper is different from the above concepts.
On the other hand, system reliability is widely identified as “the probability that a component or system will perform a required function for a given period of time when used under stated operating conditions” (Ebeling, 1997). We will provide below a discussion to differentiate survivability, as defined in the current study, from system reliability.
In this paper, we define and investigate the concept of system survivability upon attack, in a defense/attack context, in analogy with the concept of system reliability. We will restrict focus to the discrete case. Ongoing research work by the authors however considers survivability in the continuous case and for networks. Moreover, the current study will derive general results for the following system configurations: series, parallel, series-parallel, parallel-series and k-out-of-n systems. We consider a variety of attacks including Bernoulli attacks with p as probability of success (i.e., of disabling the system or component of interest), binomial attacks where the attacker may disable more components than needed to make the system incur the maximum damage, geometric attacks where the attacker will stop only after disabling the system, and truncated geometric attacks where the attacker will stop either when the system is disabled or the maximum number of feasible attacks is reached, whichever occurs first.
The system survivability depends on several factors including the attacker strategies and resources. Therefore, the stochastic number of attacks that need to be launched is important both for resource-availability considerations and for plans of defense/attack strategies. Consequently, our analysis will extend to derive the expected number of attacks for each system configuration to be considered. It is assumed throughout the paper that the systems to be investigated are independent, in the sense that the failure of one component does not affect the performance of the remaining ones. Moreover, the study extends to partially consider multiple attacks on the same component.
For the remaining of the paper, Section 2 provides some literature review. Section 3 introduces the concept. It also elaborates on the differences between reliability and survivability. Results are derived both for the cases of single and multiple attacks. Section 4 investigates series systems under attack. Section 5 considers parallel systems. Section 6 extends the results to series-parallel and parallel-series systems. Section 7 derives results for k-out-of-n systems. Section 8 discusses a real application. Section 9 provides general discussions and interpretations. Finally, Section 10 serves for conclusions.
Section snippets
Literature review
While the concept of system survivability as defined above is not explicitly investigated in the literature, the last decade has observed some considerable effort in modeling defense/attack strategies (see for instance Bier and Azaiez, 2009, Zhuang and Bier, 2007, Bier et al., 2005, Apostolakis and Lemon, 2005, etc.) including assessment of probability of successful attacks. Particular focus lies on optimizing strategies in a game-theoretic framework. Guikema (2009) provides a survey of the
The concept of system survivability upon attack
Attacks are often inevitable and hence defense plans may account for reducing the corresponding effect in hope of preserving the “survivability” of systems. Roughly speaking, we may view survivability in defense/attack strategies as the dynamic version of the concept of reliability. In fact, the attacker would target the most vulnerable components in order to disable a system exploiting from its weaknesses. Defense strategies however are devised in an adaptive way to deter attacks or to start
Series systems under Bernoulli attacks
The last investigated case coincides with the one of a series system of n identical and independent components where the failure of each component upon attack has probability p to occur. It is first assumed that the attacker will continue attacking until one component is disabled or all components are unsuccessfully tried, whichever occurs first. If the components however are not identical and the failure probability of component i upon attack is pi, then the attacker will attempt component i + 1
Parallel systems under Bernoulli attacks
Suppose now that the system is parallel and at most one attack per component will be launched. The attack is continued until all components are disabled (in which case the attack succeeds) or one component survives upon attack (in which case the attack fails), whichever occurs first. Then, the system survival distribution is Bernoulli, S∼Ber (Q), where Q .
Note that, once more, the probability of a successful attack or equivalently the system survivability does not depend on the
Parallel-series and series-parallel systems under Bernoulli attacks
We extend the results above to the more general configuration of parallel-series and series-parallel systems. While the extension is somewhat natural, the derivation of the results is not straightforward. The survival distribution will remain to be Bernoulli. However, some care must be exercised when estimating the expected number of attacks to be launched.
k-out-of-n systems under Bernoulli attacks
Consider now a k-out-of-n system where all n components are functioning. Assume that the attack is launched on one component at a time until system failure or the attacker realizes that the attack will fail, whichever occurs first. Again, we assume that a component can be attacked at most once. Let p be the probability of disabling one component upon attack and q = 1−p the survival probability of that component. Then, the following result applies:
Proposition 7.1 The system will survive in a Bernoulli manner,
Application: the Tunisian political crisis
In this section, we present a real application on the Tunisian political crisis in 2013. We suggest a model based on the configurations discussed above in order to approach the problem.
Upon the assassination of a political leader in Tunisia on the 25th of July 2013, most of the opposition parties got together requiring the government in power to step down. The opposition argued that the government failed in a number of aspects including setting security. The government however claimed that it
General discussion and interpretations
This paper introduces the new concept of survivability in the context of system failure due to intelligent threats as opposed to classical reliability theory. This new concept accounts for the adaptive strategies and resource-availability and can be viewed as a dynamic version of system reliability subjected to intentional attacks. The aim is to build a theoretical ground with general results for various system configurations. While some of the results do coincide with the old ones related to
Conclusions and directions for future work
In this work, we attempt to build some theoretical ground for survivability of systems upon attack. We consider a variety of reliability configurations for which we determine both the survival distribution as well as the expected number of attacks to be carried out for a given attack strategy. We limit focus on the discrete case. The results developed are somewhat challenging particularly with respect to the average number of attacks. Most often, the system survivability is Bernoulli with
References (43)
- et al.
Near optimal design of wavelength routed optical networks
European Journal of Operational Research
(2016) - et al.
Optimal resource allocation for security in reliability systems
European Journal of Operational Research
(2007) - et al.
Protection of simple series and parallel systems with components of different values
Reliability Engineering and System Safety
(2005) - et al.
Minimizing expected attacking cost in networks
Electronic Notes in Discrete Mathematics
(2010) Strategic defense and attack for series and parallel reliability systems
European Journal of Operational Research
(2008)- et al.
Minmax defense strategy for complex multi-state systems
Reliability Engineering & System Safety
(2009) - et al.
A Game-Theoretic Genetic Algorithm for the reliable server assignment problem under attacks
Computers & Industrial Engineering
(2015) Analysis of information security reliability: A tutorial
Reliability Engineering and SystemSafety
(2015)- et al.
Parallel systems under two sequential attacks
Reliability Engineering & System Safety
(2009) - et al.
Protection vs. redundancy in homogeneous parallel systems
Reliability Engineering and System Safety
(2008)