The problem of multi-criteria selection of network security configurations (NSC) under resource constraints and the necessity to comply with information security (IS) policies is addressed in this study. A formal mathematical model of the problem has been developed, encompassing the definition of a set of possible security mechanism configurations, the formalization of objective functions reflecting security levels, throughput, and deployment costs, and the introduction of constraints on feasible solutions. The NSGA-II (Non-dominated Sorting Genetic Algorithm II) optimization algorithm is employed to generate a set of Pareto-optimal solutions, ensuring uniform coverage of compromise configurations. A software package implemented in Python 3 incorporates modules for population generation, fitness evaluation, selection, crossover, mutation operators, and result visualization. Computational experiments (CE) were conducted to validate the effectiveness of the proposed approach. The evolution dynamics of the Pareto hypervolume were analyzed, the uniformity of solution distribution in the objective space was studied, and the impact of algorithm parameters on convergence to the optimal solution was examined. The results demonstrate that the proposed methodology enables the formation of NSC sets that achieve a balanced trade-off between security, throughput, and IS system deployment costs.
Yagaliyeva et al. (Thu,) studied this question.