Network protection against node attacks based on probabilistic availability measures

We consider a network security and configuration management problem of locating service controllers so as to maximize availability of services in case of targeted attacks on the network infrastructure. Assuming that the attacker has full knowledge of the network topology but can only try to predict controller locations, we model the attacker’s behavior introducing a set of probabilistic network availability measures and formulating an optimization problem model that determines the potentially most dangerous attacks the attacker might launch. We also formulate a counter-part optimization model that allows the network operator to derive the optimal placement of controllers, which maximizes availability of services with respect to a given set of network attacks. We explain the models and illustrate our considerations using a running small, intuitive network example. And we also perform extensive numerical experiments with a realistic network data to evaluate and compare the potential effectiveness of different attack strategies, and the effectiveness of the counter-measures that the network operator can adopt.