Customized and Adaptive approach for Optimal Cybersecurity Investment
Lead Research Organisation:
Queen Mary University of London
Department Name: Sch of Electronic Eng & Computer Science
Abstract
Abstracts are not currently available in GtR for all funded research. This is normally because the abstract was not required at the time of proposal submission, but may be because it included sensitive information such as personal details.
Publications
Buczkowski P
(2022)
Optimal Security Hardening over a Probabilistic Attack Graph
Khouzani M
(2019)
Scalable min-max multi-objective cyber-security optimisation over probabilistic attack graphs
in European Journal of Operational Research
Zhang Y
(2021)
Bayesian Stackelberg games for cyber-security decision support
in Decision Support Systems
Zhang Y
(2021)
Bayesian Stackelberg games for cyber-security decision support
in Decision Support Systems
Zhang Y
(2022)
Optimization-Time Analysis for Cybersecurity
in IEEE Transactions on Dependable and Secure Computing
Description | developed a mathematical optimization to find the optimal cybersecurity defence in relation to a possible multiple steps attack scenario. A web tool is available implementing the methodology |
Exploitation Route | the mathematical framework is implemented on an online web tool that users can use and test if it effectively supports their cybersecurity decision-making. We have used this tool for a critical infrastructure case study and for cybersecurity in the context of medical centers and hospitals. The methodology is capable to model a wide range of cybersecurity threats and mitigations scenarios. |
Sectors | Digital/Communication/Information Technologies (including Software) |
URL | http://www.eecs.qmul.ac.uk/~pm/CySecTool/cysectool.html |
Description | We have developed a new mathematical methodology for cybersecurity decision-making and based on this methodology we have implemented a tool. The methodology models security threat scenarios with multi-step attacks for which several possible mitigations are available. The question we aim to solve is then: what optimal mitigation choices can be taken? The methodology is based on total unimodular matrices and is capable of efficiently solving precisely optimization problems for cybersecurity which so far have been solved inefficiently and using approximate techniques like genetic algorithms. The tool implementing this methodology is available at http://www.eecs.qmul.ac.uk/~pm/CySecTool/cysectool.html We have explored the connections between this optimization and game theory: we have proven that this methodology is a Stalkeberg game and we have hence modeled incomplete information scenarios in terms of Bayesian Stalkeberg games. The modelling here developed has been applied to several case studies, in particular decision support for industrial control systems and for hospital cybersecurity. |
First Year Of Impact | 2021 |
Sector | Digital/Communication/Information Technologies (including Software) |
Impact Types | Societal |
Description | project appearing in a book "Global Uncertainties: Collected Conversations from the Partnership for Conflict, Crime & Security Research" |
Geographic Reach | Multiple continents/international |
Policy Influence Type | Citation in other policy documents |
URL | https://www.paccsresearch.org.uk/wp-content/uploads/2022/09/FOR-PUBLICATION-Global-Uncertainties-Col... |
Description | CHAI: Cyber Hygiene in AI enabled domestic life |
Amount | £329,504 (GBP) |
Funding ID | EP/T026596/1 |
Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
Sector | Public |
Country | United Kingdom |
Start | 12/2020 |
End | 11/2023 |