Optimal Cybersecurity Investments Using SIS Model: Weakly Connected Networks
We study the problem of minimizing the (time) average security costs in large systems comprising many interdependent subsystems, where the state evolution is captured by a susceptible-infected-susceptible (SIS) model. The security costs reflect security investments, economic losses and recovery costs from infections and failures following successful attacks. However, unlike in existing studies, we assume that the underlying dependence graph is only weakly connected, but not strongly connected. When the dependence graph is not strongly connected, existing approaches to computing optimal security investments cannot be applied. Instead, we show that it is still possible to find a good solution by perturbing the problem and establishing necessary continuity results that then allow us to leverage the existing algorithms.
PDF Abstract