We study the problem of minimizing the (time) average security costs in large systems comprising many interdependent subsystems, where the state evolution is captured by a susceptible-infected-susceptible (SIS) model. The security costs reflect security investments, economic losses and recovery costs from infections and failures following successful attacks. We show that the resulting optimization problem is non-convex and propose two algorithms -- one for solving a convex relaxation, and the other for finding a local minimizer, based on a reduced gradient method. Also, we provide a sufficient condition under which the convex relaxation is exact and its solution coincides with that of the original problem. Numerical results are provided to validate our analytical results and to demonstrate the effectiveness of the proposed algorithms.
, La, R.
and Battou, A.
Optimal Cybersecurity Investments for SIS Model, arXiv, [online], https://doi.org/10.1109/GLOBECOM42002.2020.9348109, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=930316, https://arxiv.org/
(Accessed December 8, 2023)