The complexity of cyber attacks in a new layered-security model and the maximum-weight, rooted-subtree problem

Abstract: In our cyber security model we define the concept of {\em penetration cost}, which is the cost that must be paid in order to break into the next layer of security. Given a tree $T$ rooted at a vertex $r$, a {\em penetrating cost} edge function $c$ on $T$, a {\em target-acquisition} vertex function $p$ on $T$, the attacker's {\em budget} and the {\em game-over threshold} $B,G \in {\mathbb{Q}}^{+}$ respectively, we consider the problem of determining the existence of a rooted subtree $T'$ of $T$ within the attacker's budget (that is, the sum of the costs of the edges in $T'$ is less than or equal to $B$) with total acquisition value more than the game-over threshold (that is, the sum of the target values of the nodes in $T'$ is greater than or equal to $G$). We prove that the general version of this problem is intractable, but does admit a polynomial time approximation scheme. We also analyze the complexity of three restricted versions of the problems, where the penetration cost is the constant function, integer-valued, and rational-valued among a given fixed number of distinct values.