Please wait a minute...
, No 1
  • Editorial
    Editorial: Special Issue: System Survivability and Defense against External Impacts
    Krishna B. Misra
    2009, 5(1): 1.  doi:10.23940/ijpe.09.1.p1.mag
    Related Articles

    The theme of this special issue of IJPE, viz., System Survivability and Defence against External Impacts is very topical. At the beginning of this Century, it could not have been even imagined that a commercial airliner loaded with 200,000 pounds of jet fuel could make a weapon of mass destruction resulting in the loss of valuable assets, national pride and in deaths of 2749 innocent civilians. In the Post 9/11 era, it has become very difficult for nations to protect their public assets and infrastructure due to unpredictability of the choice of place and time of attack by the terrorists. The predictability becomes even more difficult due the enormity of the systems being defended.

    For example, stretched across 64,000 kilometers, connecting 8,000 stations by 12,000 trains running everyday, India has the second largest rail network in world. Since 1997, there have been number of instances of direct assaults, bombing and sabotages leading to derailments. It is almost impossible to predict when and where such attacks could take place on this network. It is also costly to devise a strategy to protect such a large infrastructure. Likewise, defence of other important establishments such as space, scientific, military, nuclear, energy, communications or civic structures may call for massive investments to devise any effective strategy to protect them. Survivability of important assets of such kinds cannot be treated as a system performance issue alone. Because a defender must allocate resources to a set of selected locations without the precise knowledge of attacker's preference for the time and location of attack, a defensive strategy against the perceived attack scenarios has to be evolved using game theory, operations research and statistical and probabilistic models.

    An attacker could also gain access to weapons of mass destruction including nuclear devices, germs and poisonous gasses or use even computer viruses. The series of recent anthrax attacks has reinforced the importance of allocations of resources for bio-surveillance systems and for a timely detection of the extent of dangers from the spread of epidemics. An attack involving the nerve agent sarin in Tokyo subway in March 1995 demonstrated not only the extensive social disruption a chemical attack can cause but also the complexities involved in mounting an effective response. Therefore, defending public utility systems is gradually becoming an uphill task and needs strategic allocations to defend such vital systems.

    Defence of national resources and infrastructure against a terrorist attack is a very complex problem of importance to all nations of the world and requires a careful and judicious consideration.? We have attempted to present some of the aspects of this problem in this issue.

    This special issue comprises 7 papers from authors from various disciplines on some of the problems related to the theme. I would like to thank all authors who have contributed their research papers to this special issue.? Without the untiring effort of the Guest Editor, Dr. Gregory Levitin of The Israel Electric Corporation Ltd., Haifa in selecting the papers and getting them reviewed and revised, the present special issue would not have been possible. My special thanks are also due to several referees, who unhesitatingly helped in reviewing the submitted papers and bringing them to the present form.

    Guest Editorial:System Survivability and Defense against External Impacts
    Gregory Levitin
    2009, 5(1): 3-4.  doi:10.23940/ijpe.09.1.p3.mag
    Related Articles

    Classical reliability theory usually deals with internal system failures and considers providing redundancy and improving reliability (availability) of elements as measures of improving system reliability (availability). When systems are exposed to external threats one faces the problem of system survivability enhancement and applies measures that may be ineffective from the reliability point of view but reduce the system vulnerability (example of such measures is separation of system elements). In the case of unintentional external impacts determining risk reduction strategies usually assumes a static external threat, however the September 11, 2001 attack illustrated that major threats today involve strategic attackers. There is a need to proceed beyond earlier research and assume that both the defender and attacker of a system are fully strategic optimizing agents. When considering the risk of intentional attacks, it is important to realize that the use of an adaptive strategy allows attacker to target the most sensitive parts of a system. Choosing the time, place, and means of attacks gives the attacker an advantage over the defender. On the other hand the defensive strategy can include actions (such as camouflage, concealment and decoys) that cannot protect the system against unintentional impacts, but become effective against strategic attackers. The optimal system defense policy presumes allocating available resources among possible defensive investments taking into account the attacker's strategy that can be adapted and optimized for any defense alternative.

    The emerging discipline of system survivability and defense requires joint effort of researchers dealing with statistical analysis, operations research, reliability engineering and game theory. This special issue contains papers representing just several aspects of this wide field. The paper "On some models of acceptable risk" by M. Finkelstein discusses classification of possible system losses via a stochastic comparison based on Cdf of acceptable loss. This approach helps to determine acceptable, unacceptable and intermediate regions for the level of loss.

    The paper "Strategic defense and attack of complex networks" by K. Hausken considers influence of system structure (configuration of reliability block diagram) on optimal strategy of distribution of defender's and attacker's investments among the elements composing the system.

    The paper "Secrecy in defensive allocations as a strategy for achieving more cost-effective attacker deterrence" by N. S. Dighe, J. Zhuang and V. M. Bier considers strategy for achieving cost-effective attack deterrence by allocating the defensive resource in the system consisting of two elements under assumption that the attacker cannot reveal the resource distribution.

    The paper "Optimal distribution of constrained resources in bi-contest detection-impact game" by G. Levitin analyses the optimal distribution of constrained attacker and defender resources between target detection (camouflage) and target destruction (protection) efforts.

    The paper "Rebound wall: a novel technology against DoS attacks" by Y. Dai, X. Li, X. Zou and B. Xiao presents a novel and robust mechanism for protecting network servers from intentional Denial of Service attacks and analyzes its efficiency.

    The paper "Application of advanced computational techniques to the vulnerability assessment of network systems exposed to uncertain harmful events" by Claudio M. Rocco, Daniel E. Salazar and Enrico Zio presents an application of advanced computational techniques for analyzing the propagation of attacks in complex interconnected networks and for evaluating the network vulnerability.

    The paper "Assessing resource requirements for maritime domain awareness and protection (security)" by D. P. Gaver, P. A. Jacobs and H. Sato presents a model for evaluating the probability that a hostile vessel entering a maritime domain is successfully neutralized before reaching its destination given that non-hostile vessels can be misclassified by defender's sensors.

    I would like to thank all the authors, first for contributing to the issue, and then for putting up with demands for revision. I am immensely grateful to the authors for their patience and their perseverance in helping to achieve the high standards of the papers. We would have never achieved our goals without the assistance of the following reviewers: Prof. George E. Apostolakis (Massachusetts Institute of Technology, USA), Dr. Ji Hwan Cha (Pukyong National University, Korea), Dr. Lucia Cloth (University of Twente, The Netherlands), Prof. Maxim Finkelstein (University of the Free State, South Africa), Dr. Seth Guikema (Johns Hopkins University, USA), Prof. Henrik Johansson (Lund University, Sweden), Dr. Xiaolin (Andy) Li (Oklahoma State University, USA), Dr. Dmitri Nizovtsev (Washburn University, USA), Prof. Jan M. van Noortwijk (Delft University of Technology, The Netherlands), Prof. Markus Siegle (University of the Federal Armed Forces, Germany), Prof. Lev V. Utkin (St.Petersburg Forest Technical Academy, Russia), Dr. Jun Zhuang (University of Wisconsin-Madison, USA).

    Last but not the least, I thank Prof. Krishna B. Misra, Editor-in-Chief of the International Journal of Performability Engineering, for enthusiastically supporting me in this endeavor.

    Gregory Levitin received the BS and MS degrees in Electrical Engineering from Kharkov Politechnic Institute (Ukraine) in 1982, the BS degree in Mathematics from Kharkov State University in 1986 and PhD degree in Industrial Automation from Moscow Research Institute of Metalworking Machines in 1989. From 1982 to 1990 he worked as software engineer and researcher in the field of industrial automation. From 1991 to 1993 he worked at the Technion (Israel Institute of Technology) as a postdoctoral fellow at the faculty of Industrial Engineering and Management. Dr.Levitin is presently a senior expert at the Reliability Department of the Israel Electric Corporation and adjunct senior lecturer at the Technion. His current interests are in operations research and artificial intelligence applications in reliability and power engineering. In this field Dr. Levitin has published more than 120 papers and four books. He is senior member of IEEE and chair of the ESRA Technical Committee on System Reliability. He serves in editorial boards of IEEE Transactions on Reliability, Reliability Engineering and System Safety and International Journal of Performability Engineering.

    Original articles
    On Some Models of Acceptable Risk
    2009, 5(1): 5-12.  doi:10.23940/ijpe.09.1.p5.mag
    Abstract    PDF (98KB)   
    Related Articles

    We consider discrete and continuous risk distribution functions. Acceptable risk distribution function is defined and different types of stochastic comparisons are discussed. Acceptable, unacceptable and intermediate regions for the level of loss are determined. The similar characterization is used for describing the loss for the outcomes in the sequence of harmful events. The loss is considered as acceptable, if either all events result in a loss from the acceptable region or not more than k of them result in a loss from the intermediate level. The Laplace transform methods are used for obtaining the probability of survival when harmful events from the Poisson process are 'too close' to each other.
    Received on September 29, 2007, revision available on September 30, 2008
    References: 10

    Strategic Defense and Attack of Complex Networks
    2009, 5(1): 13-30.  doi:10.23940/ijpe.09.1.p13.mag
    Abstract    PDF (257KB)   
    Related Articles

    This article shows how policy choices about defense and attack investments at the component level can be made for arbitrarily complex networks and systems. Components can be in series, parallel, interdependent, interlinked, independent, or combinations of these. Investments and utilities are determined for the defender and attacker dependent on their unit costs of investment and contest intensity for each component, and their evaluations of the value of system functionality.
    Received on September 17, 2007, revision available on November 25, 2008
    References: 53

    Secrecy in Defensive Allocations as a Strategy for achieving more Cost-effectiveAttacker Deterrence
    2009, 5(1): 31-43.  doi:10.23940/ijpe.09.1.p31.mag
    Abstract    PDF (145KB)   
    Related Articles

    We discuss strategic interactions between an attacker and either centralized or decentralized defenders, and identify conditions under which centralized defender decision making is preferred. One important implication of our results is that partial secrecy about defensive allocations (disclosure of the total level of defensive investment, but secrecy about which resources are defended) can be a strategy for achieving more cost-effective attack deterrence. In particular, we show that such partial secrecy can be potentially beneficial when security investments are discrete (e.g., as in the use of air marshals to counter threats to commercial aviation).
    Received on September 18, 2007, revision available on September 25, 2008
    References: 20

    Optimal Distribution of Constrained Resources in Bi-contest Detection-Impact Game
    2009, 5(1): 45-54.  doi:10.23940/ijpe.09.1.p45.mag
    Abstract    PDF (327KB)   
    Related Articles

    The paper considers a game between single attacker and single defender. In this game the attacker distributes his constrained resource between target detection and target destruction (impact) efforts, whereas the defender distributes his constrained resource between target counter-detection (camouflage, concealment and decoys) and counter-destruction (protection) efforts. In order to destroy the target the attacker should succeed in both target detection and impact contests. The success probability in each contest depends on the efforts of the agents and is determined by an attacker-defender contest success function. The attacker seeks to achieve the greatest target vulnerability (probability of destruction). The defender seeks to minimize the vulnerability. The paper studies the optimal resource distribution as solution of non-cooperative minmax game between the two agents.
    Received on September 19, 2007, revision available on November 25, 2008
    References: 12

    Rebound Wall: A Novel Technology against DoS Attacks
    2009, 5(1): 55-70.  doi:10.23940/ijpe.09.1.p55.mag
    Abstract    PDF (242KB)   
    Related Articles

    DoS/DDoS attacks have become one of the most critical security problems in today's network systems, which is easy to launch by hackers but hard to protect by victims. This paper presents a novel and robust mechanism, named Rebound Wall, which proves very effective to protect a victim server from DoS attacks and easy to deploy in practice. The rebound wall comprises of available machines in the LAN, surrounding the core server. Unlike the existing DoS defense techniques which rely much on marking and/or filtering, the rebound wall utilizes roaming crypt-doors. Valid requests can only go through a designated entrance to the server. These entrance machines are roaming over the rebound wall, so that hackers cannot find the target to launch effective attacks. Some other new technologies and protocols that are necessary to furnish the rebound wall technology are also presented in this paper, including Floating Entrance, Entrance Switch, User-end Authentication, Entrance-based Privilege Control, and Traceback. A survivability model is further built for the rebound wall based on a CTMC. A rebound wall was implemented in reality. Both experimental data and analytical results validated the effectiveness, efficiency, and robustness of the rebound wall technology. We finally compare the rebound wall with other related and advanced technologies against DoS/DDoS.
    Received on December 19, 2007, revision available on November 25, 2008
    References: 21

    Application of Advanced Computational Techniques to the Vulnerability Assessment of Network Systems exposed to Uncertain Harmful Events
    2009, 5(1): 71-84.  doi:10.23940/ijpe.09.1.p71.mag
    Abstract    PDF (365KB)   
    Related Articles

    This paper presents the application of advanced computational techniques developed by the authors for evaluating the vulnerability characteristics of network systems exposed to harmful events. The physical system is modeled as a network (graph) of nodes interconnected by links. Uncertainties on the propagation and effects of an attack are modeled by probability distributions on the times of propagation through the network links and the numbers of people affected at the network nodes reached by the hazard. The impact of an attack is quantified by simulating the propagation of the hazard through the network nodes and links, by means of a combination of cellular automata and Monte Carlo simulation. The vulnerability assessment is embedded within a systematic multiple-objective optimization analysis aimed at identifying the optimal protective scheme which minimizes the average impact in terms of entities affected and hazard propagation time. The vulnerabilities and relative protection schemes of two networks of realistic size are systematically analyzed by the proposed approach for testing the procedure and identifying its strengths and weaknesses.
    Received on October 8, 2007, revision available on November 25,2008
    References: 36

    Assessing Resource Requirements for Maritime Domain Awareness and Protection (Security)
    2009, 5(1): 85-98.  doi:10.23940/ijpe.09.1.p85.mag
    Abstract    PDF (154KB)   
    Related Articles

    An allied (Blue) maritime domain contains a number w (w>>1) of non-hostile neutral W (White) vessels. A hostile R (Red) vessel enters the domain. R is traveling through the domain towards a target. Overhead allied (Blue) sensors: manned aircraft, helicopters, and/or unmanned aerial sensor vehicles (UAVs), patrol the domain and classify (perhaps incorrectly) detected vessels as R or W. The misclassification of a W as an R is a false positive. An overhead sensor follows (or tracks) any vessel classified as R until it is relieved by another platform, e.g. a destroyer pair (DD). The overhead sensor is unable to detect and classify additional vessels while it is following a suspicious vessel. This may well be a somewhat pessimistic assumption. Models are formulated and studied to evaluate the probability that R is successfully neutralized before reaching its destination. The model results quantify the effect of the resources and time needed to prosecute misclassified neutral vessels (false positives) on the probability of successfully neutralizing R. The probability of neutralizing R depends on the area of the domain being patrolled, the number of sensor platforms, the sensor platform velocity, the time to classify a vessel of interest, the ability to correctly classify vessels of interest, the time until a sensor platform following a suspicious vessel is relieved, and the false positive rate. The results indicate that the probability of neutralizing an R vessel is very sensitive to the false positive rate. Technologies, processes, and procedures that can decrease the false positive rate will increase the effectiveness of the Maritime Intercept Operation (MIO). The same is true also of false negatives: classifying the R as a W. Note that we do not investigate the effect of tagging or labeling a detected entity; this has a down side if tagging is too error-prone. This important and interesting investigation is postponed.
    Received on September 27, 2007, revision available on November 25, 2008
    References: 06

ISSN 0973-1318