Quasi-regular sequences and optimal schedules for security games

We study security games in which a defender commits to a mixed strategy for protecting a finite set of targets of different values. An attacker, knowing the defender's strategy, chooses which target to attack and for how long. If the attacker spends time $t$ at a target $i$ of value $\alpha_i$, and if he leaves before the defender visits the target, his utility is $t \cdot \alpha_i$; if the defender visits before he leaves, his utility is 0. The defender's goal is to minimize the attacker's utility. The defender's strategy consists of a schedule for visiting the targets; it takes her unit time to switch between targets. Such games are a simplified model of a number of real-world scenarios such as protecting computer networks from intruders, crops from thieves, etc. We show that optimal defender play for this continuous time security games reduces to the solution of a combinatorial question regarding the existence of infinite sequences over a finite alphabet, with the following properties for each symbol $i$: (1) $i$ constitutes a prescribed fraction $p_i$ of the sequence. (2) The occurrences of $i$ are spread apart close to evenly, in that the ratio of the longest to shortest interval between consecutive occurrences is bounded by a parameter $K$. We call such sequences $K$-quasi-regular. We show that, surprisingly, $2$-quasi-regular sequences suffice for optimal defender play. What is more, even randomized $2$-quasi-regular sequences suffice for optimality. We show that such sequences always exist, and can be calculated efficiently. The question of the least $K$ for which deterministic $K$-quasi-regular sequences exist is fascinating. Using an ergodic theoretical approach, we show that deterministic $3$-quasi-regular sequences always exist. For $2 \leq K < 3$ we do not know whether deterministic $K$-quasi-regular sequences always exist.Comment: to appear in Proc. of SODA 201

Security Games: Solution Concepts and Algorithms

<p>Algorithms for finding game-theoretic solutions are now used in several real-world security applications. Many of these applications are based on different but related game-theoretical models collectively known as security games. Much of the research in this area has focused on the two-player setting in which the first player (leader, defender) commits to a strategy, after which the second player (follower, attacker) observes that strategy and responds to it. This is commonly known as the Stackelberg, or leader-follower, model. If none of the players can observe the actions of the others then such a setting is called a simultaneous-move game. A common solution concept in simultaneous-move games is the Nash equilibrium (NE). In the present dissertation, we contribute to this line of research in two ways.</p><p>First, we consider new ways of modeling commitment. We propose the new model in which the leader can commit to a correlated strategy. We show that this model is equivalent to the Stackelberg model in two-player games and is different from the existing models in games with three or more players. We propose an algorithm for computing a solution to this model in polynomial time. We also consider a leader-follower setting in which the players are uncertain about whether the follower can observe. We describe an iterative algorithm for solving such games.</p><p>Second, we analyze the computational complexity of computing Stackelberg and NE strategies in security games. We describe algorithms to solve some variants of the security game model in polynomial time and prove NP-hardness of solving other variants of the model. We also extend the family of security games by allowing the attacker have multiple resources. We provide an algorithm for computing an NE of such games in polynomial time, and we show that computing a Stackelberg strategy is NP-hard.</p>Dissertatio

Heterogeneous Air Defense Battery Location: A Game Theoretic Approach

The Unites States and its allies confront a persistent and evolving threat from missile attacks as nations around the world continue to invest and advance their current capabilities. Within the air defense context of a missile-and-interceptor engagement, a challenge for the defender is that surface to air interceptor missile batteries often must be located to protect high-value targets dispersed over a vast area, subject to an attacker observing the disposition of batteries prior to developing and implementing an attack plan. To model this scenario, we formulate a two-player, three-stage, perfect information, sequential move, zero-sum game that accounts for, respectively, a defender\u27s location of batteries, an attacker\u27s launch of missiles against targets, and a defender\u27s assignment of interceptors to incoming missiles. The resulting trilevel math programming formulation cannot be solved via direct optimization and it is not suitable to solve via full enumeration for realistically-sized instances. We instead utilize the game tree search technique Double Oracle, within which we embed alternative heuristics to solve an important subproblem for the attacker. We test and compare these solution methods to solve a designed set of 26 instances of parametric variation, from which we derive insights regarding the nature of the underlying problem. Whereas full enumeration required up to 8.6 hours to solve the largest instance considered, our superlative implementation of Double Oracle terminates in a maximum of 3.39 seconds over the set of instances, with an average termination time of less than one second. Double Oracle also properly identifies the optimal SPNE strategies in 75% of our test instances and, regarding those instances for which Double Oracle failed, we note that the relative deviation is less than 2.5% from optimal, on average, yielding promise as a solution method to solve realistically-sized instances

Interdependent Defense Games with Applications to Internet Security at the Level of Autonomous Systems

We propose interdependent defense (IDD) games, a computational game-theoretic framework to study aspects of the interdependence of risk and security in multi-agent systems under deliberate external attacks. Our model builds upon interdependent security (IDS) games, a model by Heal and Kunreuther that considers the source of the risk to be the result of a fixed randomized-strategy. We adapt IDS games to model the attacker’s deliberate behavior. We define the attacker’s pure-strategy space and utility function and derive appropriate cost functions for the defenders. We provide a complete characterization of mixed-strategy Nash equilibria (MSNE), and design a simple polynomial-time algorithm for computing all of them for an important subclass of IDD games. We also show that an efficient algorithm to determine whether some attacker’s strategy can be a part of an MSNE in an instance of IDD games is unlikely to exist. Yet, we provide a dynamic programming (DP) algorithm to compute an approximate MSNE when the graph/network structure of the game is a directed tree with a single source. We also show that the DP algorithm is a fully polynomial-time approximation scheme. In addition, we propose a generator of random instances of IDD games based on the real-world Internet-derived graph at the level of autonomous systems (≈27 K nodes and ≈100 K edges as measured in March 2010 by the DIMES project). We call such games Internet games. We introduce and empirically evaluate two heuristics from the literature on learning-in-games, best-response gradient dynamics (BRGD) and smooth best-response dynamics (SBRD), to compute an approximate MSNE in IDD games with arbitrary graph structures, such as randomly-generated instances of Internet games. In general, preliminary experiments applying our proposed heuristics are promising. Our experiments show that, while BRGD is a useful technique for the case of Internet games up to certain approximation level, SBRD is more efficient and provides better approximations than BRGD. Finally, we discuss several extensions, future work, and open problems