How can OR Help or Damage Network Security?

Share

A few weeks ago John Foreman wrote “I think if more hackers knew about linear programming, they’d like it. Big M constraints are the hackiest things I know.” Afterwards, I read that Internet slows globally after biggest cyber-attack of the history, although it seems my Internet connection is faster nowadays :) 

Then I thought; really, where is operations research in this fight against hackers to defend network security? Obviously, all topics related to algorithms and heuristics are attractive for hackers, but are these really used by hackers? Or on the opposite side, how do governments benefit from operations research to prevent such crises?

I want to start with a paper titled  “Defending against flooding-based distributed denial-of-service attacks: a tutorial” written by Chang to defend against distributed denial of service (DDoS) attacks. Simply, DDoS refers to attacks to make targeted service unavailable for users due to server overload. One of the solution to prevent DDoS attacks is described as the “Quickest Detection Problem” which is a variant of “(Bayes) Change Detection Problem”. As they explained in the paper, objective of this problem to minimize time to detect “change” which is equivalent to start of the DDoS attack, which leads a change in visitor pattern. It is subject to a lower bound on the expected time between false alarms as the following figure from the paper depicts:

detection

There is another comprehensive study which is a review of operations research models and applications for homeland security. [2] One subsection of the paper is devoted the cyber security models, which includes various topics from limiting availability of confidential information in a database to security and survivability applications.

Most of the studies that could be related to defense systems can be found under “Emergency Response” in OR literature. [3] There are various studies which can be modified to use in IT security models.

So, can OR help hackers? One of the first things that comes to my mind is parallel computing. For any type of job, that includes sub-processes can be done much faster by using parallel computing. Efficient algorithms that can benefit from parallel computing may help attackers (as in the case of DDoS) to achieve their goals. For instance, Ghiani et. al discuss the solution of real-time vehicle routing problem with using parallel computing strategies. [4] This sounds like another one of the “hackiest” thing  in operations research to me.

Obviously all types of optimization (linear, mixed integer, convex, etc.) can help hackers in many ways. As long as they can describe their objective and the constraints as mathematical expressions, they may benefit the results of optimization.

Well, I will keep an eye for any study/method that good and bad guys in IT sector can use and continue to report.

[1] Chang, Rocky KC. “Defending against flooding-based distributed denial-of-service attacks: A tutorial.” Communications Magazine, IEEE 40.10 (2002): 42-51.

[2] Wright, P. Daniel, Matthew J. Liberatore, and Robert L. Nydick. “A survey of operations research models and applications in homeland security.” Interfaces36.6 (2006): 514-529.

[3] Simpson, N. C., and P. G. Hancock. “Fifty years of operational research and emergency response.” Journal of the Operational Research Society (2009): S126-S139.

[4] Ghiani, Gianpaolo, et al. “Real-time vehicle routing: Solution concepts, algorithms and parallel computing strategies.” European Journal of Operational Research 151.1 (2003): 1-11.

Sertalp Bilal Çay

PhD Candidate and Teaching Assistant in Industrial and Systems Engineering Department at Lehigh University. Researcher on Conic Optimization, Inventory Theory, Supply Chain Management and Simulation. Blog: sertalpbilal.com