This article studies a problem of strategic network inspection, in which a
defender (agency) is tasked with detecting the presence of multiple attacks in
the network. An inspection strategy entails monitoring the network components,
possibly in a randomized manner, using a given number of detectors. We
formulate the network inspection problem (P) as a large-scale
bilevel optimization problem, in which the defender seeks to determine an
inspection strategy with minimum number of detectors that ensures a target
expected detection rate under worst-case attacks. We show that optimal
solutions of (P) can be obtained from the equilibria of a
large-scale zero-sum game. Our equilibrium analysis involves both
game-theoretic and combinatorial arguments, and leads to a computationally
tractable approach to solve (P). Firstly, we construct an
approximate solution by utilizing solutions of minimum set cover (MSC) and
maximum set packing (MSP) problems, and evaluate its detection performance. In
fact, this construction generalizes some of the known results in network
security games. Secondly, we leverage properties of the optimal detection rate
to iteratively refine our MSC/MSP-based solution through a column generation
procedure. Computational results on benchmark water networks demonstrate the
scalability, performance, and operational feasibility of our approach. The
results indicate that utilities can achieve a high level of protection in
large-scale networks by strategically positioning a small number of detectors