The complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem

TL;DR

This paper models layered cybersecurity as a rooted subtree problem, analyzing its computational complexity and approximation schemes, with implications for understanding attack strategies and defenses.

Contribution

It introduces a formal model of cyber attack costs and targets, proving intractability of the general problem and providing polynomial approximation schemes.

Findings

General problem is intractable but admits a PTAS.

Complexity varies with restrictions on penetration costs.

Analyzes specific cases with fixed or limited cost values.

Abstract

In our cyber security model we define the concept of {\em penetration cost}, which is the cost that must be paid in order to break into the next layer of security. Given a tree $T$ rooted at a vertex $r$, a {\em penetrating cost} edge function $c$ on $T$, a {\em target-acquisition} vertex function $p$ on $T$, the attacker's {\em budget} and the {\em game-over threshold} $B,G \in {\mathbb{Q}}^{+}$ respectively, we consider the problem of determining the existence of a rooted subtree $T'$ of $T$ within the attacker's budget (that is, the sum of the costs of the edges in $T'$ is less than or equal to $B$) with total acquisition value more than the game-over threshold (that is, the sum of the target values of the nodes in $T'$ is greater than or equal to $G$). We prove that the general version of this problem is intractable, but does admit a polynomial time approximation scheme. We also analyze the complexity of three restricted versions of the problems, where the penetration cost is the constant function, integer-valued, and rational-valued among a given fixed number of distinct values.