Cyber Risk Prevention Under Risk Averse Spectral Criteria
摘要
This paper introduces a model for the prevention and mitigation of cyber risks in networked systems using a risk-averse approach based on spectral criteria. An initial graph is subject to external cyber attacks, modeled by a Susceptible-Infected-Susceptible Markov process with controlled infection and recovery rates. We consider the problem of minimizing the risk associated with the evolving structure of the network by employing self-protection and self-insurance efforts, as well as purchasing insurance coverage. We introduce spectral criteria–dependent on the eigenvalues of the graph Laplacian at final time T–for which we establish monotonicity in the sense of first-order stochastic dominance and continuity with respect to the Wasserstein distance. This framework enables us to prove the existence of minimizers for two general optimization problems under consideration: the cases of global and local self-protection. We illustrate our theoretical findings by numerical simulations.