QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Anatoly Lisnianski,Yi Ding

DOI: https://doi.org/10.1016/j.ress.2009.05.006

IF: 7.247

2009-01-01

Reliability Engineering & System Safety

Abstract:This paper discusses a type of redundancy that is typical in a multi-state system. It considers two interconnected multi-state systems where one multi-state system can satisfy its own stochastic demand and also can provide abundant resource (performance) to another system in order to improve the assisted system reliability. Traditional methods are usually not effective enough for reliability analysis for such multi-state systems because of the “dimensional curse” problem. This paper presents a new method for reliability evaluation for the repairable multi-state system considering such kind of redundancy. The proposed method is based on the combination of the universal generating function technique and random processes methods. The numerical example is presented to illustrate the proposed method.

Anatoly Lisnianski,Yi Ding

DOI: https://doi.org/10.1007/978-0-8176-4971-5_11

2010-01-01

Abstract:This paper discusses a type of redundancy that is typical in a multi-state system. It considers two interconnected multi-state systems where one multi-state system can satisfy its own stochastic demand and also can provide abundant resource (performance) to another system in order to improve the assisted system reliability. The paper also considers the financial issue for such a system where satisfied demand is associated with financial benefit and unsatisfied demand is associated with penalty. Traditional methods are usually not effective enough for such multi-state systems because of the "dimensional curse" problem. This paper presents the method for evaluation of reliability and corresponding financial issue for multi-state system with such kind of redundancy. The proposed method is based on the special type of universal generating function universal generating function associated with discrete-state continuous-time stochastic process. The numerical example is presented to illustrate the proposed method.

Yaqian Hao,Xiaoyan Zhu

DOI: https://doi.org/10.1109/tii.2024.3383492

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:In industry, many systems exhibit load-sharing characteristics. In a load-sharing system, failure of an asset, in addition to affect system reliability, increases the workloads of remaining surviving assets and so their failure rates. When managing such the assets in a system, it is important for decision makers to ensure overall performance of the system, by determining redundancy of assets and a preventive maintenance plan with consideration of load sharing and uncertain environmental conditions. This article proposes an approach for synthetically optimizing redundancy design and age-based preventive maintenance for a load-sharing system with identical assets. A two-stage stochastic programming model with recourse is established, which incorporates risk-aversion preference of decision makers. A decomposition algorithm is developed to solve the joint optimization model, incorporating analytical properties of system failure rate functions and models. A comparative study with deterministic optimization and robust optimization is conducted to demonstrate the advantages of the proposed risk-averse stochastic programming approach. Finally, a numerical study on an effluent treatment system is conducted to analyze the optimal redundancy design and maintenance plan and practical insights.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Jing Wang,Mian Li

DOI: https://doi.org/10.1115/1.4034108

2016-01-01

Journal of Mechanical Design

Abstract:Binary-state and component independent assumptions will lead to doubtful and misleading redundancy allocation schemes which may not satisfy the reliability requirements for real engineering applications. Most published works proposed methods to remove the first assumption by studying the degradation cases where multiple states of a component are from the best state to the degradation states then to the completely failed state. Fewer works focused on removing the second assumption and they only discussed dependent failures which are only a special case of component dependency. This work uses the Semi-Markov process to describe a two-component system for redundancy allocation. In this work, multiple states of a component are represented by multiple output levels, which are beyond the scope of degradation, and the component dependency is not limited to failure dependency only. The load sharing is also taken care of in the proposed work. The optimal redundancy allocation scheme is obtained by solving the corresponding redundancy allocation optimization problem with the reliability measure, the system availability, obtained through the Semi-Markov process model being constraint. Two case studies are presented, demonstrating the applicability of the propose method.

Xiaoliang Wang,Xiaohong Jiang,Achille Pattavina,Sanglu Lu

DOI: https://doi.org/10.1109/hpsr.2012.6260838

2012-01-01

Abstract:The communication network is now one of the critical infrastructures in our society. However, the current communication networks are facing more and more large-scale region failure threats, such as natural disasters (e.g. earthquake, tornado) and physical attacks (e.g. dragging anchors or EMP attack). Therefore, a deep understanding of network behaviors under region failure is essential for the design and maintenance of future highly survivable networks. In this paper, we focus on the network vulnerability assessment under the geographically correlated region failure(s) caused by a random “line-segment” cut, an important region failure model that can efficiently capture the behaviors of some region failures like earthquake, tornado and anchor cutting. To facilitate such vulnerability assessment, we apply the geometrical probability theory to design a grid partition-based estimation scheme for Disrupted Link Capacity, Pairwise Traffic Reduction and Pairwise Disconnection Probability, three commonly used metrics for statistical vulnerability assessment. A theoretical framework is also established to determine a suitable grid partition such that a specified estimation error requirement is satisfied.

Hui Xiao,Daimin Shi,Yi Ding,Rui Peng

DOI: https://doi.org/10.1016/j.ress.2015.12.001

IF: 7.247

2016-01-01

Reliability Engineering & System Safety

Abstract:Engineering systems are designed to carry the load. The performance of the system largely depends on how much load it carries. On the other hand, the failure rate of the system is strongly affected by its load. Besides internal failures, such as fatigue and aging process, systems may also fail due to external impacts such as nature disasters and terrorism. In this paper, we integrate the effect of loading and protection of external impacts on multi-state systems with performance sharing mechanism. The objective of this research is to determine how to balance the load and protection on system elements. An availability evaluation algorithm of the proposed system is suggested and the corresponding optimization problem is solved utilizing genetic algorithms.

Shuming Wang,Yan-Fu Li,Tong Jia

DOI: https://doi.org/10.1287/ijoc.2019.0907

IF: 3.288

2020-01-01

INFORMS Journal on Computing

Abstract:In this paper, we consider a redundancy allocation problem for a series parallel system with uncertain component lifetimes that minimizes system costs while safeguarding system reliability over a given threshold level. We consider mixed redundancy strategies of cold standby and active redundancy with multiple types of components. We address lifetime uncertainty in the framework of distributionally robust optimization. In particular, we assume the probability distributions of the component lifetimes are not exactly known with only limited distributional information (e.g., mean, dispersion, and support) being available. We protect the worst-case system reliability constraint over all the possible component lifetime distributions that are consistent with the given distributional characteristics. The proposed modeling framework enjoys computationally attractive structures. The evaluation of the worst-case system reliability in our redundancy allocation problem can be transformed into a linear program, and the resulting overall redundancy allocation optimization problem can be cast as a mixed integer linear program that does not induce any additional integer variables (other than original allocation variables). In addition, the extreme joint distribution of component lifetimes can be efficiently recovered by solving a linear program. Our modeling framework can also be extended to incorporate the startup failures and common-cause failures for cold standbys and active parallels, respectively, to cater to more computationally complex settings. Finally, the computational experiments positively demonstrate the performance of the proposed approach in protecting system reliability.

Xiaoliang Wang,Xiaohong Jiang,Achille Pattavina

DOI: https://doi.org/10.1109/HPSR.2011.5986021

2011-01-01

Abstract:The mission critical network infrastructures are facing potential large region threats, both intentional (like EMP attack, bomb explosion) and natural (like earthquake, flooding). The available research on region failure related vulnerability studies generally adopt a kind of simple “deterministic” region failure models, which can not capture some important features of real region failure scenarios, where a network component in the region only fails with certain probability, and more importantly, such failure probability tends to vary with both its dimension and its distance to failure center. In this paper, we provide a more general “probabilistic” region failure model to capture the key features of a region failure and apply it for the network vulnerability assessment. To facilitate such assessment, we adopt a grid partition-based scheme to estimate various statistical network metrics under a random region failure. A theoretical framework is also established to determine a suitable grid partition such that a specified estimation error requirement is satisfied. The grid partition technique is also useful for identifying the vulnerable zones of a network, which can guide network designers to initiate proper network protection against such failures. The work in this paper helps us more deeply understand the network vulnerability behavior under region failure and facilitates the design and maintenance of future highly survivable mission critical networks.

Jingjing Hu,Yu Li,Zhaozhao Li,Qinrang Liu,Jiangxing Wu

DOI: https://doi.org/10.1109/tnsm.2024.3387725

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:The Dynamic Heterogeneous Redundancy (DHR) architecture presents a novel approach to system design and organization, aiming to enhance system security by integrating dynamicity and heterogeneity into its structure. Despite its practical efficacy, the theoretical underpinnings elucidating the mechanisms through which DHR enhances security remain unestablished. This study endeavors to bridge this gap by conducting a theoretical analysis and modeling of the DHR architecture, focusing on its intrinsic characteristics and their implications for system security. Employing static game theory, our research uncovers the unique Nash equilibrium within DHR architecture. Expanding upon this mathematical framework, we delve into how factors such as dynamicity, heterogeneity, and failure rates influence these equilibria, subsequently shaping system security. To validate our findings, we conduct a case study involving a triply redundant DHR system and simulate the offense-defense interplay using the Adam optimization algorithm within boundedly rational static games. Our results affirm the variations in system security under diverse initial conditions and model states, thereby establishing a robust theoretical foundation for DHR architectures and laying the groundwork for their broader comprehension and application across various domains.

Huseyin Cavusoglu,Hasan Cavusoglu,Jun Zhang

2006-01-01

Abstract:Patch management is a crucial component of IT security programs. An important problem within this context is to determine how often to update the systems with necessary patches. Keeping the systems patched with more frequent patch updates increases operational costs while reducing security risks. On the other hand, leaving the systems unpatched with less frequent patch updates decreases operational costs while increasing security risks. In this paper we develop a game theoretic model to derive the optimal frequency of patch updates to balance the operational costs and damage costs associated with security vulnerabilities. We first analyze a centralized system in a benchmark case to find the socially optimal patch management policy and associated patch release cycle of the vendor and patch update cycle of the firm. Then we consider a noncentralized system in which the vendor determines its patch release policy and the firm selects its patch update policy in a Stackelberg framework. Given the results in centralized and noncentralized patch management, we next address how we can coordinate the patch release policy of the vendor and the patch update policy of the firm using cost sharing and/or liability to achieve the socially optimal patch management in a noncentralized setting.

MA Bolin,ZHANG Zheng,REN Quan,ZHANG Gaofei,WU Jiangxing

DOI: https://doi.org/10.11959/j.issn.1000−436x.2021176

2021-01-01

Abstract:Software-based redundant execution (SRE) is a popular fault-tolerant design method which makes use of faults occurring randomly to achieve fault-tolerance.Software-based heterogeneous redundant execution (SHRE) uses heterogeneous redundant software replicas with identical function based on SRE and diversity of software.By comparing the results of heterogeneous redundant software replicas, SHRE can resist threats from software vulnerabilities and homogenization.The classification method of SHRE was proposed, and the security capability of SHRE was introduced.Based on N-modular redundancy, I/O operation mode and the recovery capability of attacked software replica, resistance to attack of different structures were analyzed.The analysis shows that the security capability of SHRE performs best when it is triple-mode redundancy architecture and attacked software replica can be recovered.Besides, by shortening the recovery time of attacked software replica, security to SHRE can be improved.

Yu Liu,Hong-Zhong Huang,Zhonglai Wang,Yanfeng Li,Yuanjian Yang

DOI: https://doi.org/10.1109/tr.2013.2259193

IF: 5.883

2013-01-01

IEEE Transactions on Reliability

Abstract:The redundancy allocation problem has been extensively studied with the aim of determining optimal redundancy levels of components at various stages to achieve the required system reliability or availability. In most existing studies, failed elements are assumed to be as good as new after repair, from a failure perspective. Due to deterioration, the repaired element cannot always be restored to a virtually new condition unless replaced with a new element. In this paper, we present an approach of joint redundancy and imperfect maintenance strategy optimization for multi-state systems. Along with determining the optimal redundancy levels, the element replacement strategy under imperfect repair is also optimized simultaneously, so as to reach the desired availability with minimal average expenditure. A generalized imperfect repair model is proposed to characterize the stochastic behavior of multi-state elements (MSEs) after repair, and a replacement policy under which a MSE is replaced once it reaches the pre-determined number of failures is introduced. The cost-repair efficiency relation, which regards the imperfect repair efficiency as a function of assigned repair cost, is put forth to provide a flexibility of assigning repair efforts strategically among MSEs. The benefits of the proposed method compared to the existing ones are demonstrated and verified via an illustrative case study of a three-stage coal transportation system.

Hasan Cavusoglu,Huseyin Cavusoglu,Jun Zhang

DOI: https://doi.org/10.1287/mnsc.1070.0794

IF: 5.4

2008-01-01

Management Science

Abstract:Patch management is a crucial component of information security management. An important problem within this context from a vendor's perspective is to determine how to release patches to fix vulnerabilities in its software. From a firm's perspective, the issue is how to update vulnerable systems with available patches. In this paper, we develop a game-theoretic model to study the strategic interaction between a vendor and a firm in balancing the costs and benefits of patch management. Our objective is to examine the consequences of time-driven release and update policies. We first study a centralized system in a benchmark scenario to find the socially optimal time-driven patch management. We show that the social loss is minimized when patch-release and update cycles are synchronized. Next, we consider a decentralized system in which the vendor determines its patch-release policy and the firm selects its patch-update policy in a Stackelberg framework, assuming that release and update policies are either time driven or event driven. We develop a sufficient condition that guarantees that a time-driven release by the vendor and a time-driven update by the firm is the equilibrium outcome for patch management. However, in this equilibrium, the patch-update cycle of the firm may not be synchronized with the patch-release cycle of the vendor, making it impossible to achieve the socially optimal patch management in the decentralized system. Therefore, we next examine cost sharing and liability as possible coordination mechanisms. Our analysis shows that cost sharing itself may achieve synchronization and social optimality However, liability by itself cannot achieve social optimality unless patch-release and update cycles are already synchronized without introducing any liability. Our results also demonstrate that cost sharing and liability neither complement nor substitute each other. Finally, we show that an incentive-compatible contract on cost sharing can be designed to achieve coordination in case of information asymmetry.

Bo Yang,Min Xie

DOI: https://doi.org/10.1109/PRDC.1999.816215

1999-01-01

Abstract:For many safety critical systems, redundancy is the only acceptable method to achieve high operational reliability as individual modules can hardly be certified to have reached that level. When limited resources are available in the testing of a redundant software system, it is important to allocate the testing-time efficiently so that the maximum reliability of the complete system is achieved. In this paper, this problem is investigated in detail. A general formulation is presented and a specific case is used to illustrate the procedure. The case where individual module reliability requirements are given is also considered.

Yinguo Yang,Jin Xing,Zhen Yu,Li Li,Yang Liu,Shuangxi Wu,Yu Zhu,Wei Wang

DOI: https://doi.org/10.1109/ICRMS55680.2022.9944584

2022-01-01

Abstract:The power grid system, as one of the most critical infrastructures, is confronted with multifarious attack threats, which can result in severe damages and enormous property losses. Hence, it is important to adopt appropriate redundancy strategy of defense resources allocation in an effective measure to ensure the power grid system runs stably and reliably. For investigating the influence of different redundancy strategies and determining the optimal strategy, we propose a sequential game model, in which the homogenous formulation is introduced to describe the action and belief for both attacker and defender, and the redundancy constraints are considered in the optimal strategy and boundary conditions. Finally, we designate the redundancy condition as the variable to investigate optimal redundancy strategy for defender, and find that the defense rewards decrease at first and then increase gradually with the redundancy coefficient rising. Consequently, it is recommended that the operator of power grid system set a reasonable redundancy coefficient to allocate defense resources for acquiring the extra defense utility.

Xiaoqiang Bei,Nida Chatwattanasiri,David W. Coit,Xiaoyan Zhu

DOI: https://doi.org/10.1109/tr.2017.2715172

IF: 5.883

2017-09-01

IEEE Transactions on Reliability

Abstract:A new modeling approach is presented to optimally and simultaneously design the configuration of a multicomponent system and determine a maintenance plan with uncertain future stress exposure. Traditionally, analytical models for system design and maintenance planning are applied sequentially, but this new model provides an integrated approach to make decisions considering the lifecycle cost of the system. Specifically considering the influence of uncertain future usage stresses on component and system reliability, the integrated redundancy allocation and maintenance planning problem is formulated as a two-stage stochastic programming model with recourse. In this model, the system is exposed to uncertain usage scenarios with their associated probabilities of occurrence or likelihood. The decision variables for the first stage are the selection of component types and the number of components to be used in the system, and these variables are modeled before the uncertainty is revealed. The second-stage variables, involving a recourse function, are the preventive maintenance plan, which defines optimal maintenance times for planned replacement of components under distinct usage scenarios. Numerical examples and sensitivity analysis on seriesparallel systems demonstrate applications of the proposed model and provide further insights. The comparisons of the proposed integrated approach to traditional sequential method show advantages of the proposed model in cost saving.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Heungseob Kim

DOI: https://doi.org/10.1016/j.ress.2023.109585

2023-09-02

Abstract:Some redundant design strategies of components are employed to enhance system reliability and are considered as a decision variable of design for reliability (DFR). The mixed redundancy is more recently suggested than other strategies; however, the reliability model for the strategy in existing studies either provides an approximated reliability or the components' time-to-failure (TTF) distributions are limited to the exponential and Erlang distributions. Thus, this study suggests a novel Markov-based reliability model that can consider various TTF distributions and an algorithm to solve the optimization problem for DFR efficiently. The model considers the TTF distribution as a generalized phase-type distribution (PHD). The PHD can describe the almost degradation patterns of components exposed to various operating environments. The model is implemented by structuring the PHDs for components considering the operating mechanism of the system, and it provides accurate system reliability. Furthermore, a parallel genetic algorithm with knowledge archives (PGAKA) with 'parallelization' and 'knowledge archive' strategies is proposed for a redundancy allocation problem (RAP). The parallelization prevents the PGAKA from prematurely converging to the local optimum and increases the chance of discovering the global optimum. The knowledge archive reduces computational costs by avoiding extra calculations by sharing search history.

engineering, industrial,operations research & management science

LIU Hua,YANG Xiao-hua,CHEN Ke

DOI: https://doi.org/10.11809/scbgxb2013.10.025

2013-01-01

Abstract:Redundant power supply can improve the safety and reliability of nuclear power plant auxiliary power system.Based on the theory of reliability,three kinds of model are designed and deduced.Those are one-way and two-way switching double redundancy,one-way switching multilevel redundancy.The system structures are analyzed.One-way switching multilevel redundancy is selected as the actual auxiliary power supply.This model conforms to some design concept.Such as the principle of defense in depth,single failure criteria.The power supply priority level and maintenance of engineering requirements are considered.

Aibo Zhang,Songhua Hao,Peng Li,Min Xie,Yiliu Liu

DOI: https://doi.org/10.1016/j.ress.2022.108649

2022-10-01

Abstract:Redundancy is a widely adopted measure for the enhancement of safety system performance. This fault-tolerance design can keep the system functioning through one unit if the other has failed. Besides the continuous aging degradation, mechanical units expose to random shocks, resulting in the dependence. In practice, it is often sufficient to activate only one unit in case of a shock so that the degradation will then be intensified. Unit-level failure occurs when the total degradation level reaches a certain level and will keep hidden. Thus, periodic tests are arranged to reveal the system state, accompanying the side effects on the existing degradation given the test-induced additional stress. A novel condition-based activation policy is proposed based on the system state, referring to how to preset the allocation of units to withstand potential shocks in the upcoming test interval. In this paper, analytical formulas are developed to evaluate system performance with the involvement of these aforementioned factors. Finally, numerical examples are presented to find an optimal test and activation policy to reach minimum system unavailability in a given service time horizon. This study is expected to provide clues for practitioners in the optimal test and operation of redundant structure.

engineering, industrial,operations research & management science