Defense in Depth: The Basics of Blockade and Delay
Andrew J. Lohn
TL;DR
This paper introduces a mathematical framework for optimizing defense-in-depth strategies, specifically Blockade and Delay, considering attacker diversity, skill, and budget constraints, to improve security planning.
Contribution
It presents a simple mathematical theory for selecting defense layers in Blockade and Delay strategies, accounting for attacker and budget factors.
Findings
Number of defenses grows slower than attackers
Similar attackers are easier to defend against
Defenders need not act as quickly as attackers
Abstract
Given that individual defenses are rarely sufficient, defense-in-depth is nearly universal and options for individual defensive layers abound. We develop a simple mathematical theory that can help in selecting the type and quantity of defenses for two different defense-in-depth strategies: Blockade and Delay. This theoretical approach accounts for budgetary constraints and the number, skill, and diversity of attackers. We find that defenders have several reasons to be optimistic including that the number of required defenses increases more slowly than the number of attackers, that similar attackers are defended more easily than similar defenses are defeated, and that defenders do not necessarily need to act as quickly as attackers.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Network Security and Intrusion Detection · Advanced Malware Detection Techniques