Mississippi State University
Nandi, Apurba Kumer.
Network interdiction models and algorithms for information security.
Degree: PhD, Industrial and Systems Engineering, 2016, Mississippi State University
Major cyber attacks against the cyber networks of organizations has become a common
phenomenon nowadays. Cyber attacks are carried out both through the spread of malware
and also through multi-stage attacks known as hacking. A cyber network can be represented
directly as a simple directed or undirected network (graph) of nodes and arcs. It can
also be represented by a transformed network such as the attack graph which uses information
about network topology, attacker profile, and existing vulnerabilities to represent
all the potential attack paths from readily accesible vulnerabilities to valuable target nodes.
Then, interdicting or hardening a subset of arcs in the network naturally maps into deploying
security countermeasures on the associated devices or connections. In this dissertation,
we develop network interdiction models and algorithms to optimally select a subset of
arcs which upon interdiction minimizes the spread of infection or minimizes the loss from
multi-stage attacks. In particular, we define four novel network connectivity-based metrics
and develop interdiction models to optimize the metrics. Direct network representation of
the physical cyber network is used as the underlying network in this case. Two of the interdiction
models prove to be very effective arc removal methods for minimizing the spread
of infection. We also develop multi-level network interdiction models that remove a subset
of arcs to minimize the loss from multi-stage attacks. Our models capture the defenderattacker
interaction in terms of stackelberg zero-sum games considering the attacker both
as a complete rational and bounded rational agents. Our novel solution algorithms based
on constraint and column generation and enhanced by heuristic methods efficiently solve
the difficult multi-level mixed-integer programs with integer variables in all levels in reasonable
Advisors/Committee Members: Dr. Hugh R. Medal (chair), Dr. Merril Warkentin (committee member), Dr. Mohammad Sepehrifar (committee member), Dr. Sandra D. Eksioglu (committee member), Dr. Linkan Bian (committee member), Dr. Mahantesh Halappanavar (committee member).
Subjects/Keywords: constraint and column generation; multi-level programming; bi-level programming; Mixed Integer programming; cyber security; Attack graph; Network; Interdiction
to Zotero / EndNote / Reference
APA (6th Edition):
Nandi, A. K. (2016). Network interdiction models and algorithms for information security. (Doctoral Dissertation). Mississippi State University. Retrieved from http://sun.library.msstate.edu/ETD-db/theses/available/etd-10072016-023829/ ;
Chicago Manual of Style (16th Edition):
Nandi, Apurba Kumer. “Network interdiction models and algorithms for information security.” 2016. Doctoral Dissertation, Mississippi State University. Accessed October 23, 2019.
MLA Handbook (7th Edition):
Nandi, Apurba Kumer. “Network interdiction models and algorithms for information security.” 2016. Web. 23 Oct 2019.
Nandi AK. Network interdiction models and algorithms for information security. [Internet] [Doctoral dissertation]. Mississippi State University; 2016. [cited 2019 Oct 23].
Available from: http://sun.library.msstate.edu/ETD-db/theses/available/etd-10072016-023829/ ;.
Council of Science Editors:
Nandi AK. Network interdiction models and algorithms for information security. [Doctoral Dissertation]. Mississippi State University; 2016. Available from: http://sun.library.msstate.edu/ETD-db/theses/available/etd-10072016-023829/ ;