The complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem

Abstract

In our cyber security model we define the concept of penetration cost, which is the cost that must be paid in order to break into the next layer of security. Given a tree T rooted at a vertex r, a penetrating cost edge function c on T, a target-acquisition vertex function p on T, the attacker's budget and the game-over threshold B,G ∈ Q+ respectively, we consider the problem of determining the existence of a rooted subtree T' of T within the attacker's budget (that is, the sum of the costs of the edges in T' is less than or equal to B) with total acquisition value more than the game-over threshold (that is, the sum of the target values of the nodes in T' is greater than or equal to G). We prove that the general version of this problem is intractable, but does admit a polynomial time approximation scheme. We also analyze the complexity of three restricted versions of the problems, where the penetration cost is the constant function, integer-valued, and rational-valued among a given fixed number of distinct values.