Cybersecurity strategy under uncertainties for an IoE environment

Abstract

Internet of Everything (IoE) technology is increasingly being used by companies to modernize their activities. The very specific characteristics of such environments, in particular, their vulnerable exchanged data and the weak nature of the connected things, expose these companies to risks and security breaches. The principal objective of our work is to provide a cybersecurity strategy capable to consider all types of attacks that can affect an IoE environment while respecting the specified budget. For this purpose, a financial approach based on portfolio management is exploited by allowing to select a portfolio of security controls that minimizes the direct costs and maximizes the security level control. To be solved, the considered problem is assimilated to a combinatorial optimization technique and more precisely to that of the knapsack. We start by modeling the cybersecurity problem under cardinality and budget constraints that should be respected. To tackle the uncertainty of the problem, a robust optimization is used by considering the min-max criterion al-lowing to consider all the possible threats that can be generated by an attacker over the IoE environment. To solve the considered problem, we use a new iterative method under constraints and we compare it to the Non-dominated Sorting Genetic Algorithm (NSGA-II) meta-heuristic to evaluate its performances. The obtained numeric results when evaluating the performances of the proposed strategy have shown its efficiency by finding efficient Pareto fronts for the two considered objective functions. Based on the iterative method, our strategy greatly outperforms the genetic algorithm by allowing good results for different problem sizes and respecting cardinality constraints in a reasonable time.