# Towards Optimal Sensor Placement for Cybersecurity: An Extensible Model for Defensive Cybersecurity Sensor Placement Evaluation

**Authors:** Neal Wagner, Suresh K. Damodaran, Michael Reavey

PMC · DOI: 10.3390/s25196022 · 2025-10-01

## TL;DR

This paper introduces a flexible model to evaluate optimal placement of cybersecurity sensors to defend against cyber attacks.

## Contribution

An extensible mathematical model for evaluating cybersecurity sensor configurations, considering both data sources and analytics.

## Key findings

- The model can evaluate sensor configurations using real cyber attack techniques from MITRE ATT&CK.
- The model supports adaptation of OSP techniques from other domains to cybersecurity.
- A case study demonstrates the model's effectiveness in defending against multi-step attacks.

## Abstract

Optimal sensor placement (OSP) is concerned with determining a configuration for a collection of sensors, including sensor type, number, and location, that yields the best evaluation according to a predefined measure of efficacy. Central to the OSP problem is the need for a method to evaluate candidate sensor configurations. Despite the wide use of cybersecurity sensors for the protection of network systems against cyber attacks, there is limited research focused on OSP for defensive cybersecurity, and limited research on evaluation methods for cybersecurity sensor configurations that consider both the sensor data source locations and the sensor analytics/rules used. This paper seeks to address these gaps by providing an extensible mathematical model for the evaluation of cybersecurity sensor configurations, including sensor data source locations and analytics, meant to defend against cyber attacks. We demonstrate model usage via a case study on a representative network system subject to multi-step attacks that employ real cyber attack techniques recorded in the MITRE ATT&CK knowledge base and protected by a configuration of defensive cybersecurity sensors. The proposed model supports the potential for adaptation of techniques and methods developed for OSP in other problem domains than the cybersecurity domain.

## Full-text entities

- **Diseases:** CVEs (MESH:D003789), attacks (MESH:D009203), TTP (MESH:D011697), injury to (MESH:D014947), OS (MESH:D010149), SINGLE (MESH:D012640), ATT&amp;CK (OMIM:300831), Damage (MESH:D020263)
- **Chemicals:** water (MESH:D014867)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Figures

11 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12526620/full.md

---
Source: https://tomesphere.com/paper/PMC12526620