Optimization of limited budget allocation for cybersecurity operations using complex networks

Abstract

A typical Cybersecurity Operations department has to sometimes make difficult choices with limited budgets. Such choices and decisions are often based on concepts such as “systems exposure”, “impact of compromise” and other risk-related ideas. We propose to use epidemiology-inspired simulations of infectious processes on graph/networks to provide an alternative, additional, decision support system. We first implement an epidemiology-inspired SIS simulator to run on graphs, which we re-configure to allow for the distribution of an improved “protection” and/or improved “detection and recovery” measure(s) per node. We then supplement it with a Genetic Algorithm, coupled with Monte-Carlo, to try and optimise the use of such infection control measures, on any given network, by minimising the resulting infection prevalence. Importantly, said infection control measures are scarce, depending on limited budget. We construct such a simulator and optimization process mostly from the ground up. After generating several simulation outputs for varying inputs, in this report we analyse and demonstrate how our suggested approach of computer-informed recommendations can indeed generally be valuable. Our program provides improved constrained budget allocation proposals, compared to a theoretical status-quo that would fail to consider interactions between nodes on a given network (or more basically its structure). The number of simulations needed to obtain valuable results forced several improvements of the implemented code, including a highly distributed configuration to allow for linear horizontal scalability across machines and CPUs. An alternative to Monte-Carlo was also implemented with relevant gains in processing speeds, while maintaining valuable results. The outcome (recommendations) generated by our simulations and optimisation processes in a real-world setting would have to be used as a supplementary decision support tool, never fully replacing pre-existing context information such as the value or exposure of assets. A few theoretical results for “epidemic control” have been re-discovered through our Project, thereby further validating our implementation.