A stochastic Gordon-Loeb model for optimal cybersecurity investment under clustered attacks
By: Giorgia Callegaro , Claudio Fontana , Caroline Hillairet and more
Potential Business Impact:
Protects computers better by predicting attack patterns.
We develop a continuous-time stochastic model for optimal cybersecurity investment under the threat of cyberattacks. The arrival of attacks is modeled using a Hawkes process, capturing the empirically relevant feature of clustering in cyberattacks. Extending the Gordon-Loeb model, each attack may result in a breach, with breach probability depending on the system's vulnerability. We aim at determining the optimal cybersecurity investment to reduce vulnerability. The problem is cast as a two-dimensional Markovian stochastic optimal control problem and solved using dynamic programming methods. Numerical results illustrate how accounting for attack clustering leads to more responsive and effective investment policies, offering significant improvements over static and Poisson-based benchmark strategies. Our findings underscore the value of incorporating realistic threat dynamics into cybersecurity risk management.
Similar Papers
A Markov Decision Process Model for Intrusion Tolerance Problems
Systems and Control
Protects computers from hackers by choosing best defense.
Adaptive Learning for Moving Target defence: Enhancing Cybersecurity Strategies
CS and Game Theory
Makes computer defenses smarter against hackers.
Strategic Planning of Stealthy Backdoor Attacks in Markov Decision Processes
Systems and Control
Hides secret plans to trick computer systems.