Resource allocation in two-layered cyber-defense

A common network security approach is to create a De-Militarized Zone (DMZ) comprising two layers of network defense. The DMZ structure provides an extra layer of security between the sensitive information in a network (e.g., research and development files) and the component of the network that must interface with the general internet (e.g., the mail server). We consider a cyber-attack on a DMZ network where both attacker and defender have limited resources and capabilities to attack and defend, respectively. We study two optimization problems and one game-theoretic problem. Given that the attacker (defender) knows the potential capabilities of the defender (attacker) in the two layers, we obtain the optimal allocation of resources for the attacker (defender). The two-optimization problems are not symmetrical. Absent any knowledge regarding the allocation of the adversary's resources, we solve a game-theoretic problem and obtain some operational insights regarding the effect of combat (e.g., cyber) capabilities and their optimal allocation.