Skip to main content
SpringerLink
Log in

Securing interdependent assets

  • Published:
Autonomous Agents and Multi-Agent Systems Aims and scope Submit manuscript

Abstract

Stackelberg security game models have become among the leading practical game theoretic approaches to security, having seen actual deployment in the LAX Airport, the United States Federal Air Marshals Service, and the United States Coast Guard, among others. However, most techniques for computing optimal security policies in Stackelberg games to date do not explicitly account for interdependencies among targets. We introduce a novel framework for computing optimal randomized security policies in networked (interdependent) domains. Our framework rests upon a Stackelberg security game model, within which we explicitly capture the indirect spread of damages due either to malicious attacks or unintended failures. We proceed to specify a particular simple, yet natural model of damage spread based on a graphical representation of asset interdependencies coupled with an independent failure cascade model. For the general model, we present an algorithm based on submodularity of the attacker’s decision problem, in combination with local search, to approximate optimal security resource allocation across the assets, and show experimentally that our algorithm is far more scalable than an alternative exact approach, yields nearly optimal results, and offers substantial improvement over a well-known heuristic alternative. We then show that in a particular important special case we can compute optimal security policies exactly and efficiently. We proceed to apply our framework to study comparative network resilience, unifying previously disparate strands of research in the area, and to offer insights into other aspects of the interdependent security problem.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Notes

  1. The idea that the follower breaks ties in the leader’s favor may seem strange in the context of security games. However, note that the leader can make the follower strictly prefer the corresponding action by a slight change in his randomized policy.

  2. Note that it is direct to replace these choices by arbitrary different constants

  3. We assume here that both the defender and attacker share the same uncertainty about the network. An alternative model could consider an attacker that has more (or exact) information about the network. The resulting defender problem would become a Bayesian Stackelberg game.

  4. There are a plethora of minor variations on this general heuristic, but the performance of the best tends to be similar to this baseline.

References

  1. Albert, R., Jeong, H., & Barabasi, A. L. (2000). Error and attack tolerance of complex networks. Nature, 406, 378–382.

    Article  Google Scholar 

  2. Anderson, R. J. (2008). Security Engineering (2nd ed.). New York: Wiley.

    Google Scholar 

  3. August, T., & Tunca, T. I. (2011). Who should be responsible for software security? A comparative analysis of liability policies in network environments. Management Science, 57(5), 934–959.

    Article  MATH  Google Scholar 

  4. Avenhaus, R., von Stengel, B., & Zamir, S. (2002). Inspection games. In S. Hart (Ed.), Handbook of game theory (pp. 1947–1987). Amsterdam: Elsevier Science Publishers.

    Google Scholar 

  5. Brown, G., Carlyle, M., Salmeron, J., & Wood, K. (2006). Defending critical infrastructure. Interfaces, 36(6), 530–544.

    Article  Google Scholar 

  6. Brown, G. G., Carlyle, W. M., Harney, R. C., Skroch, E. M., & Wood, R. K. (2009). Interdicting a nuclear-weapons project. Operations Research, 57(4), 866–877.

    Article  MATH  Google Scholar 

  7. Cavusoglo, H., Mishra, B., & Raghunathan, S. (2004). A model for evaluating IT security investments. Communications of the ACM, 47(7), 87–92.

    Article  Google Scholar 

  8. Cavusoglu, H., & Raghunathan, S. (2004). Configuration of detection software: A comparison of decision and game theory approaches. Decision Analysis, 1(3), 131–148.

    Article  Google Scholar 

  9. Cavusoglu, H., Mishra, B., & Raghunathan, S. (2005). The value of intrusion detection systems in information technology security architecture. Informations Systems Research, 16(1), 28–46.

    Article  Google Scholar 

  10. Cavusoglu, H., Cavusoglu, H., & Zhang, J. (2008). Security patch management: Share the burden or share the damage. Management Science, 54(4), 657–670.

    Article  Google Scholar 

  11. Cavusoglu, H., Raghunathan, S., & Cavusoglu, H. (2009). Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Informations Systems Research, 20(2), 198–217.

    Article  Google Scholar 

  12. CERT (1999). Frequently asked questions about the melissa virus. CERT Program at Software Engineering Institute. Carnegie Mellon University. http://www.cert.org/tech_tips/Melissa_FAQ.html.

  13. Conitzer, V., & Korzhyk, D. (2011). Commitment to correlated strategies. In Twenty-fifth national conference on artificial intelligence (pp. 632–637).

  14. Conitzer, V., & Sandholm, T. (2006). Computing the optimal strategy to commit to. In Seventh ACM Conference on Electronic Commerce (pp. 82–90).

  15. Cormican, K. J., Morton, D. P., & Wood, R. K. (1998). Stochastic network interdiction. Operations Research, 46(2), 184–197.

    Article  MATH  Google Scholar 

  16. Cremonini, M., & Nizovtsev, D. (2006). Understanding and influencing attackers’ decisions: Implications for security investment strategies. In Workshop on the Economics of Information Security.

  17. Dodds, P. S., & Watts, D. J. (2005). A generalized model of social and biological contagion. Journal of Theoretical Biology, 232, 587–604.

    Article  MathSciNet  Google Scholar 

  18. Domingos, P. (1999). Metacost: A general method for making classifiers cost-sensitive. In ACM International Conference on Knowledge Discovery and Data Mining.

  19. Duggan, D. P., Thomas, S. R., Veitch, C. K. K., & Woodard, L. (2007). Categorizing threat: Building and using a generic threat matrix. Tech. rep., Sandia National Laboratories, sAND2007-5791.

  20. Energy Sector Control Systems Working Group (2011). Roadmap to achieve energy delivery systems cybersecurity. Energetics Inc. https://www.controlsystemsroadmap.net/ieRoadmap%20Documents/roadmap.pdf.

  21. Gallos, L. K., Liljeros, F., Argyrakis, P., Bunde, A., & Havlin, S. (2007). Improving immunization strategies. Physical Review E, 75(045), 104.

    Google Scholar 

  22. Grossklags, J., Christin, N., & Chuang, J. (2008). Secure or insure? A game-theoretic analysis of information security games. In Seventeenth international world wide web conference (pp. 209–218).

  23. Jain, M., Kardes, E., Kiekintveld, C., Tambe, M., & Ordonez, F. (2010a). Security games with arbitrary schedules: A branch and price approach. In Twenty-fourth national conference on artificial intelligence.

  24. Jain, M., Tsai, J., Pita, J., Kiekintveld, C., Rathi, S., Tambe, M., et al. (2010b). Software assistants for randomized patrol planning for the lax airport police and the federal air marshal service. Interfaces, 40, 267–290.

    Article  Google Scholar 

  25. Jain, M., Korzhyk, D., Vanek, O., Conitzer, V., Pechoucek, M., & Tambe, M. (2011). A double oracle algorithm for zero-sum security games on graphs. In Tenth international conference on autonomous agents and multiagent systems.

  26. Kempe, D., Kleinberg, J. M., & Éva, T. (2003). Maximizing the spread of influence in a social network. In Ninth ACM SIGKDD international conference on knowledge discovery and data mining (pp. 137–146).

  27. Kiekintveld, C., Jain, M., Tsai, J., Pita, J., Ordóñez, F., & Tambe, M. (2009). Computing optimal randomized resource allocations for massive security games. In Proceedings of the eighth international conference on autonomous agents and multiagent systems.

  28. Korzhyk, D., Conitzer, V., & Parr, R. (2010). Complexity of computing optimal stackelberg strategies in security resource allocation games. In In AAAI-10.

  29. Krutz, R., & Vines, R. D. (2001). The CISSP Prep Guide. New York: Wiley Computer Publishing.

    Google Scholar 

  30. Kunreuther, H., & Heal, G. (2003). Interdependent security. Journal of Risk Uncertainty, 26(2–3), 231–249.

    Article  MATH  Google Scholar 

  31. Lee, W., Miller, M., Stolfo, S., Jallad, K., Park, C., Zadok, E., et al. (2002). Toward cost-sensitive modeling for intrusion detection. Journal of Computer Security, 10(1/2), 5–22.

    Google Scholar 

  32. Letchford, J., & Conitzer, V. (2010). Computing optimal strategies to commit to in extensive-form games. In Eleventh ACM conference on electronic commerce. ACM, New York, NY, USA, EC ’10, pp. 83–92.

  33. Letchford, J., & Vorobeychik, Y. (2012). Computing optimal security strategies for interdependent assets. In Twenty-eighth conference on uncertainty in artificial intelligence.

  34. Miller, J. C., & Hyman, J. M. (2007). Effective vaccination strategies for realistic social networks. Physica A, 386, 780–785.

    Article  Google Scholar 

  35. MITRE (2012). Common attack pattern enumeration and classification. http://capec.mitre.org/.

  36. Mounzer, J., Alpcan, T., & Bambos, N. (2010). Integrated security risk management for IT-intensive organizations. In Sixth international conference on information assurance and security (pp. 329–334).

  37. Nehme, M. V. (2009). Two-person games for stochastic network interdiction: Models, methods, and complexities. PhD thesis, The University of Texas at Austin.

  38. Nemhauser, G., Wolsey, L., & Fisher, M. (1978). An analysis of the approximations for maximizing submodular set functions. Mathematical Programming, 14, 265–294.

    Article  MATH  MathSciNet  Google Scholar 

  39. Newman, M. (2010). Networks: An Introduction. Oxford: Oxford University Press.

    Book  Google Scholar 

  40. Ogut, H., Menon, N., & Raghunathan, S. (2005). Cyber insurance and IT security investments: Impact of interdependent risk. In Workshop on the economics of information security.

  41. Ogut, H., Cavusoglu, H., & Raghunathan, S. (2008). Intrusion-detection policies for IT security breaches. Informs Journal on Computing, 20(1), 112–123.

    Article  Google Scholar 

  42. Of Oregon Route Views Project U (2013). Online data and reports. http://www.routeviews.org.

  43. Paruchuri, P., Pearce, J.P., Marecki, J., Tambe, M., Ordóñez, F., & Kraus, S. (2008). Playing games with security: An efficient exact algorithm for Bayesian Stackelberg games. In Proceedings of the seventh international conference on autonomous agents and multiagent systems (pp. 895–902).

  44. Pastor-Satorras, R., & Vespignani, A. (2002). Immunization of complex networks. Physcal Review E, 65(036), 104.

    Google Scholar 

  45. Pita, J., Jain, M., Ordóñez, F., Portway, C., Tambe, M., Western, C., et al. (2009). Using game theory for los angeles airport security. AI Magazine, 30(1), 43–57.

    Google Scholar 

  46. Provost, F., & Fawcett, T. (1997). Analysis and visualization of classifier performance: Comparison under imprecise class and cost distributions. In KDD (pp. 43–48).

  47. Roberson, B. (2006). The colonel Blotto game. Economic Theory, 29, 1–24.

    Article  MATH  MathSciNet  Google Scholar 

  48. Rosencrance, L. (2002). Melissa virus author sentenced. PC World. http://www.pcworld.com/article/97964/melissa_virus_author_sentenced.html.

  49. Shieh, E., Yang, R., Tambe, M., Baldwin, C., DiRenzo, J., Maule, B., & Meyer, G. (2012). PROTECT: A deployed game theoretic system to protect the ports of the United States. In Proceedings of the eleventh international conference on autonomous agents and multiagent systems (pp 13–20).

  50. Soramaki, K., Bech, M. L., Arnold, J., Glass, R. J., & Beyeler, W. (2007). The topology of interbank payment flows. Physica A, 379, 317–333.

    Article  Google Scholar 

  51. Stamp, J. E., Laviolette, R. A., Phillips, L. R., & Richardson, B. T. (2009). Final report: Impacts analysis for cyber attack on electric power systems. Sandia National Laboratories Technical, Report, SAND2009-1673.

  52. von Stengel, B., & Zamir, S. (2010). Leadership games with convex strategy sets. Games and Economic Behavior, 69(2), 446–457.

    Article  MATH  MathSciNet  Google Scholar 

  53. Tsai, J., Yin, Z., Kwak, J. Y., Kempe, D., Kiekintveld, C., & Tambe, M. (2010). Urban security: Game-theoretic resource allocation in networked physical domains. In Twenty-fourth national conference on artificial intelligence.

  54. Tsai, J., Nguyen, T. H., & Tambe, M. (2012). Security games for controlling contagion. In Twenty-sixth national conference in artificial intelligence, to appear.

  55. Ulvila, J. W., & Gaffney, J. E. (2004). A decision analysis method for evaluating computer intrusion detection systems. Decision Analysis, 1(1), 35–50.

    Article  Google Scholar 

  56. Vorobeychik, Y., & Wellman, M. P. (2008). Stochastic search methods for Nash equilibrium approximation in simulation-based games. In Seventh international conference on autonomous agents and multiagent systems (pp. 1055–1062).

  57. Wood, R. K. (1993). Deterministic network interdiction. Mathematical Computer Modelling, 17(2), 1–18.

    Article  MATH  Google Scholar 

  58. Woodruff, D. L. (Ed.). (2003). Network interdiction and stochastic integer programming. Dordrecht: Kluwer Academic Publishers.

    MATH  Google Scholar 

  59. Yue, W. T., & Bagchi, A. (2003). Tuning the quality parameters of a firewall to maximize net benefit. In International workshop on distributed computing (pp 321–329).

  60. Zhuang, J., & Bier, V. (2007). Balancing terrorism and natural disasters–Defensive strategy with endogenous attacker effort. Operations Research, 55(5), 976–991.

    Article  MATH  MathSciNet  Google Scholar 

Download references

Acknowledgments

Much of this work was performed while Yevgeniy Vorobeychik was at Sandia National Laboratories and Joshua Letchford was at Duke University. Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000.

Author information

Authors and Affiliations

  1. Vanderbilt University, 2301 Vanderbilt Place, Nashville, TN, 37235-1679, USA

    Yevgeniy Vorobeychik

  2. Sandia National Laboratories, P.O. Box 969, Livermore, CA, USA

    Joshua Letchford

Authors
  1. Yevgeniy Vorobeychik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joshua Letchford
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yevgeniy Vorobeychik.

Additional information

Parts of this paper draw from the material previously presented at UAI 2012 [33]. Specifically, the model of interdependencies presented in [33] is a highly restricted special case of the model we present in this paper. Sects. 4.36, and 7 draw upon [33], but much of the material in these sections is new.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Vorobeychik, Y., Letchford, J. Securing interdependent assets. Auton Agent Multi-Agent Syst 29, 305–333 (2015). https://doi.org/10.1007/s10458-014-9258-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10458-014-9258-0

Keywords

Search

Navigation