I mentioned it this morning, I could re-program my simulation-based optimization thing to aim for different objectives… And so I did.

Here the results:

Same visualization as the last one (left: before, right: after optimization, top: Protection, bottom: detection&cleaning).

Now suppose you want to protect SPECIFICALLY say 4 nodes from infection, say your DB Servers which host your Intellectual Property, on which your whole business is based… So let’s show these 4 nodes as BIGGER than the rest.

And here goes one run’s worth of result:

And let me be clear: I didn’t TELL the computer HOW to select the nodes, I just gave it some rules, and an objective.

(So yeah, technically this is Machine Learning, but again: Let’s obviate that buzz word still for a while…)

 

Anyhow, the result is there: MUCH focus on the Key Nodes themselves AND on the node that leads to them. I can’t justify the other choices too much, but…

Reduce Budget Further

Actually, let’s see what the choice is if I give it half that budget, meaning “what do you consider absolutely priority”.
Some MAGIC happens, again 🙂

Here, we clearly got good focus around the Key Nodes… But wait…

You might ask: Why so much focus on “Detection&CleanUp” (bottom-right graph) if we actually wanted to fully AVOID infection in the first place?

That’s because of the configuration parameters: I average infection over 10 time steps (which made sense in the other simulator for overall prevalence), and didn’t touch anything much…

Let’s try one last time

We’ll avoid the above mistake, and also reduce the value of Detection&Cleaning compared to Protection, see what’s what…

Now that looks like a “Fianchetto” to me: All focus on PROTECTING the Key Nodes AND the access to them. I’m not going to lie: I’ve ran it a few times, for this last configuration. Although it DOES ALWAYS focus a lot on Protection of the Key Nodes, it does NOT always choose to also protect the access node.

So what? I can run this quite a few times and see whether I agree or not with the recommendation, whether I understand it or not. Or I could keep tinkering with the parameters until it consistenly gives me something I agree with (but then, why have the program at all… No, no, that’s not good).

This is a “Recommendation System”, a “Decision SUPPORT System”, not a Magic 8 Ball (Magic 8 Ball is always right, my program isn’t 100%, I mean, although it does find GOOD solutions, maybe not always THE BEST)…

And my perspective is: This particular example was CRAZY EASY, but what if the network is bigger and the Crown Jewels are not so easily identified, somewhat already away from the rest of the network, would you KNOW?

Let’s find out!

OK, this time for real, last test

To begin with, I choose two of the nodes that are much more… Centric, each with many neighbours. Now in that case, you have no real choice but to protect them for sure, and if an infection was ever to affect them, to clean them up ASAP, so I’d expect both high protection and detection for both.

In fact, my simulator needed more iterations to reach a result on average (consuming in some test all generations: I just improved my program to stop trying if no progress happens after 100 generations… Classic optimization for GA). None of the other examples from today have needed all the generations provided… And then I also played with increasing population, mutation rate…

Now I don’t know that I agree with that last solution… But then again I’m not sure what a better alternative would look like, considering any node can be infected, and white nodes are identically susceptible to being infected…

MAYBE if I used a network that resembled MORE a “segmented” network, whereby the junction nodes would behave more like say a firwall, so limiting a bit better the spreading across subnets… Maybe I could come up with a better proposal myself, but not in this example scenario.

Luckily, if/when the time comes, I have a former version (from… last week) with the possibility to reflect better what such “more realistic segmentation” would look like, and if/when I have the time, I shall take this new simulator and adapt it accordingly…

But that’s enough for today.

Actually, no more programming for a week.