Optimal Impulse Control for Cyber Risk Management

TL;DR

This paper develops a stochastic impulse control framework for cyber risk management, using epidemiological models and deep PDE methods to determine optimal protection strategies against cyber attacks.

Contribution

It introduces a novel approach combining epidemiological models, stochastic control, and deep Galerkin methods to optimize cyber protection timing.

Findings

Optimal protection strategies are characterized for different attack scenarios.

The value function is shown to be a viscosity solution to coupled variational inequalities.

Numerical algorithms effectively determine optimal intervention timings.

Abstract

We explore an optimal impulse control problem wherein an electronic device owner strategically calibrates protection levels against cyber attacks. Utilizing epidemiological compartment models, we qualitatively characterize the dynamics of cyber attacks within the network. We determine the optimal protective measures against effective hacking by formulating and solving a stochastic control problem with optimal switching. We demonstrate that the value function for the cluster owner constitutes a viscosity solution to a system of coupled variational inequalities associated with a fully coupled reflected backward stochastic differential equation (BSDE). Furthermore, we devise a comprehensive algorithm alongside a verification procedure to ascertain the optimal timing for network protection across various cyber attack scenarios. Our findings are illustrated through numerical approximations employing deep Galerkin methods for partial differential equations (PDEs). We visualize the optimal protection strategies in the context of two distinct attack scenarios: (1) a constant cyber attack, (2) an exogenous cyber attack strategy modeled with a Poisson process.