Abstract
Stackelberg security game models have become among the leading practical game theoretic approaches to security, having seen actual deployment in the LAX Airport, the United States Federal Air Marshals Service, and the United States Coast Guard, among others. However, most techniques for computing optimal security policies in Stackelberg games to date do not explicitly account for interdependencies among targets. We introduce a novel framework for computing optimal randomized security policies in networked (interdependent) domains. Our framework rests upon a Stackelberg security game model, within which we explicitly capture the indirect spread of damages due either to malicious attacks or unintended failures. We proceed to specify a particular simple, yet natural model of damage spread based on a graphical representation of asset interdependencies coupled with an independent failure cascade model. For the general model, we present an algorithm based on submodularity of the attacker’s decision problem, in combination with local search, to approximate optimal security resource allocation across the assets, and show experimentally that our algorithm is far more scalable than an alternative exact approach, yields nearly optimal results, and offers substantial improvement over a well-known heuristic alternative. We then show that in a particular important special case we can compute optimal security policies exactly and efficiently. We proceed to apply our framework to study comparative network resilience, unifying previously disparate strands of research in the area, and to offer insights into other aspects of the interdependent security problem.
Similar content being viewed by others
Notes
The idea that the follower breaks ties in the leader’s favor may seem strange in the context of security games. However, note that the leader can make the follower strictly prefer the corresponding action by a slight change in his randomized policy.
Note that it is direct to replace these choices by arbitrary different constants
We assume here that both the defender and attacker share the same uncertainty about the network. An alternative model could consider an attacker that has more (or exact) information about the network. The resulting defender problem would become a Bayesian Stackelberg game.
There are a plethora of minor variations on this general heuristic, but the performance of the best tends to be similar to this baseline.
References
Albert, R., Jeong, H., & Barabasi, A. L. (2000). Error and attack tolerance of complex networks. Nature, 406, 378–382.
Anderson, R. J. (2008). Security Engineering (2nd ed.). New York: Wiley.
August, T., & Tunca, T. I. (2011). Who should be responsible for software security? A comparative analysis of liability policies in network environments. Management Science, 57(5), 934–959.
Avenhaus, R., von Stengel, B., & Zamir, S. (2002). Inspection games. In S. Hart (Ed.), Handbook of game theory (pp. 1947–1987). Amsterdam: Elsevier Science Publishers.
Brown, G., Carlyle, M., Salmeron, J., & Wood, K. (2006). Defending critical infrastructure. Interfaces, 36(6), 530–544.
Brown, G. G., Carlyle, W. M., Harney, R. C., Skroch, E. M., & Wood, R. K. (2009). Interdicting a nuclear-weapons project. Operations Research, 57(4), 866–877.
Cavusoglo, H., Mishra, B., & Raghunathan, S. (2004). A model for evaluating IT security investments. Communications of the ACM, 47(7), 87–92.
Cavusoglu, H., & Raghunathan, S. (2004). Configuration of detection software: A comparison of decision and game theory approaches. Decision Analysis, 1(3), 131–148.
Cavusoglu, H., Mishra, B., & Raghunathan, S. (2005). The value of intrusion detection systems in information technology security architecture. Informations Systems Research, 16(1), 28–46.
Cavusoglu, H., Cavusoglu, H., & Zhang, J. (2008). Security patch management: Share the burden or share the damage. Management Science, 54(4), 657–670.
Cavusoglu, H., Raghunathan, S., & Cavusoglu, H. (2009). Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Informations Systems Research, 20(2), 198–217.
CERT (1999). Frequently asked questions about the melissa virus. CERT Program at Software Engineering Institute. Carnegie Mellon University. http://www.cert.org/tech_tips/Melissa_FAQ.html.
Conitzer, V., & Korzhyk, D. (2011). Commitment to correlated strategies. In Twenty-fifth national conference on artificial intelligence (pp. 632–637).
Conitzer, V., & Sandholm, T. (2006). Computing the optimal strategy to commit to. In Seventh ACM Conference on Electronic Commerce (pp. 82–90).
Cormican, K. J., Morton, D. P., & Wood, R. K. (1998). Stochastic network interdiction. Operations Research, 46(2), 184–197.
Cremonini, M., & Nizovtsev, D. (2006). Understanding and influencing attackers’ decisions: Implications for security investment strategies. In Workshop on the Economics of Information Security.
Dodds, P. S., & Watts, D. J. (2005). A generalized model of social and biological contagion. Journal of Theoretical Biology, 232, 587–604.
Domingos, P. (1999). Metacost: A general method for making classifiers cost-sensitive. In ACM International Conference on Knowledge Discovery and Data Mining.
Duggan, D. P., Thomas, S. R., Veitch, C. K. K., & Woodard, L. (2007). Categorizing threat: Building and using a generic threat matrix. Tech. rep., Sandia National Laboratories, sAND2007-5791.
Energy Sector Control Systems Working Group (2011). Roadmap to achieve energy delivery systems cybersecurity. Energetics Inc. https://www.controlsystemsroadmap.net/ieRoadmap%20Documents/roadmap.pdf.
Gallos, L. K., Liljeros, F., Argyrakis, P., Bunde, A., & Havlin, S. (2007). Improving immunization strategies. Physical Review E, 75(045), 104.
Grossklags, J., Christin, N., & Chuang, J. (2008). Secure or insure? A game-theoretic analysis of information security games. In Seventeenth international world wide web conference (pp. 209–218).
Jain, M., Kardes, E., Kiekintveld, C., Tambe, M., & Ordonez, F. (2010a). Security games with arbitrary schedules: A branch and price approach. In Twenty-fourth national conference on artificial intelligence.
Jain, M., Tsai, J., Pita, J., Kiekintveld, C., Rathi, S., Tambe, M., et al. (2010b). Software assistants for randomized patrol planning for the lax airport police and the federal air marshal service. Interfaces, 40, 267–290.
Jain, M., Korzhyk, D., Vanek, O., Conitzer, V., Pechoucek, M., & Tambe, M. (2011). A double oracle algorithm for zero-sum security games on graphs. In Tenth international conference on autonomous agents and multiagent systems.
Kempe, D., Kleinberg, J. M., & Éva, T. (2003). Maximizing the spread of influence in a social network. In Ninth ACM SIGKDD international conference on knowledge discovery and data mining (pp. 137–146).
Kiekintveld, C., Jain, M., Tsai, J., Pita, J., Ordóñez, F., & Tambe, M. (2009). Computing optimal randomized resource allocations for massive security games. In Proceedings of the eighth international conference on autonomous agents and multiagent systems.
Korzhyk, D., Conitzer, V., & Parr, R. (2010). Complexity of computing optimal stackelberg strategies in security resource allocation games. In In AAAI-10.
Krutz, R., & Vines, R. D. (2001). The CISSP Prep Guide. New York: Wiley Computer Publishing.
Kunreuther, H., & Heal, G. (2003). Interdependent security. Journal of Risk Uncertainty, 26(2–3), 231–249.
Lee, W., Miller, M., Stolfo, S., Jallad, K., Park, C., Zadok, E., et al. (2002). Toward cost-sensitive modeling for intrusion detection. Journal of Computer Security, 10(1/2), 5–22.
Letchford, J., & Conitzer, V. (2010). Computing optimal strategies to commit to in extensive-form games. In Eleventh ACM conference on electronic commerce. ACM, New York, NY, USA, EC ’10, pp. 83–92.
Letchford, J., & Vorobeychik, Y. (2012). Computing optimal security strategies for interdependent assets. In Twenty-eighth conference on uncertainty in artificial intelligence.
Miller, J. C., & Hyman, J. M. (2007). Effective vaccination strategies for realistic social networks. Physica A, 386, 780–785.
MITRE (2012). Common attack pattern enumeration and classification. http://capec.mitre.org/.
Mounzer, J., Alpcan, T., & Bambos, N. (2010). Integrated security risk management for IT-intensive organizations. In Sixth international conference on information assurance and security (pp. 329–334).
Nehme, M. V. (2009). Two-person games for stochastic network interdiction: Models, methods, and complexities. PhD thesis, The University of Texas at Austin.
Nemhauser, G., Wolsey, L., & Fisher, M. (1978). An analysis of the approximations for maximizing submodular set functions. Mathematical Programming, 14, 265–294.
Newman, M. (2010). Networks: An Introduction. Oxford: Oxford University Press.
Ogut, H., Menon, N., & Raghunathan, S. (2005). Cyber insurance and IT security investments: Impact of interdependent risk. In Workshop on the economics of information security.
Ogut, H., Cavusoglu, H., & Raghunathan, S. (2008). Intrusion-detection policies for IT security breaches. Informs Journal on Computing, 20(1), 112–123.
Of Oregon Route Views Project U (2013). Online data and reports. http://www.routeviews.org.
Paruchuri, P., Pearce, J.P., Marecki, J., Tambe, M., Ordóñez, F., & Kraus, S. (2008). Playing games with security: An efficient exact algorithm for Bayesian Stackelberg games. In Proceedings of the seventh international conference on autonomous agents and multiagent systems (pp. 895–902).
Pastor-Satorras, R., & Vespignani, A. (2002). Immunization of complex networks. Physcal Review E, 65(036), 104.
Pita, J., Jain, M., Ordóñez, F., Portway, C., Tambe, M., Western, C., et al. (2009). Using game theory for los angeles airport security. AI Magazine, 30(1), 43–57.
Provost, F., & Fawcett, T. (1997). Analysis and visualization of classifier performance: Comparison under imprecise class and cost distributions. In KDD (pp. 43–48).
Roberson, B. (2006). The colonel Blotto game. Economic Theory, 29, 1–24.
Rosencrance, L. (2002). Melissa virus author sentenced. PC World. http://www.pcworld.com/article/97964/melissa_virus_author_sentenced.html.
Shieh, E., Yang, R., Tambe, M., Baldwin, C., DiRenzo, J., Maule, B., & Meyer, G. (2012). PROTECT: A deployed game theoretic system to protect the ports of the United States. In Proceedings of the eleventh international conference on autonomous agents and multiagent systems (pp 13–20).
Soramaki, K., Bech, M. L., Arnold, J., Glass, R. J., & Beyeler, W. (2007). The topology of interbank payment flows. Physica A, 379, 317–333.
Stamp, J. E., Laviolette, R. A., Phillips, L. R., & Richardson, B. T. (2009). Final report: Impacts analysis for cyber attack on electric power systems. Sandia National Laboratories Technical, Report, SAND2009-1673.
von Stengel, B., & Zamir, S. (2010). Leadership games with convex strategy sets. Games and Economic Behavior, 69(2), 446–457.
Tsai, J., Yin, Z., Kwak, J. Y., Kempe, D., Kiekintveld, C., & Tambe, M. (2010). Urban security: Game-theoretic resource allocation in networked physical domains. In Twenty-fourth national conference on artificial intelligence.
Tsai, J., Nguyen, T. H., & Tambe, M. (2012). Security games for controlling contagion. In Twenty-sixth national conference in artificial intelligence, to appear.
Ulvila, J. W., & Gaffney, J. E. (2004). A decision analysis method for evaluating computer intrusion detection systems. Decision Analysis, 1(1), 35–50.
Vorobeychik, Y., & Wellman, M. P. (2008). Stochastic search methods for Nash equilibrium approximation in simulation-based games. In Seventh international conference on autonomous agents and multiagent systems (pp. 1055–1062).
Wood, R. K. (1993). Deterministic network interdiction. Mathematical Computer Modelling, 17(2), 1–18.
Woodruff, D. L. (Ed.). (2003). Network interdiction and stochastic integer programming. Dordrecht: Kluwer Academic Publishers.
Yue, W. T., & Bagchi, A. (2003). Tuning the quality parameters of a firewall to maximize net benefit. In International workshop on distributed computing (pp 321–329).
Zhuang, J., & Bier, V. (2007). Balancing terrorism and natural disasters–Defensive strategy with endogenous attacker effort. Operations Research, 55(5), 976–991.
Acknowledgments
Much of this work was performed while Yevgeniy Vorobeychik was at Sandia National Laboratories and Joshua Letchford was at Duke University. Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000.
Author information
Authors and Affiliations
Corresponding author
Additional information
Parts of this paper draw from the material previously presented at UAI 2012 [33]. Specifically, the model of interdependencies presented in [33] is a highly restricted special case of the model we present in this paper. Sects. 4.3, 6, and 7 draw upon [33], but much of the material in these sections is new.
Rights and permissions
About this article
Cite this article
Vorobeychik, Y., Letchford, J. Securing interdependent assets. Auton Agent Multi-Agent Syst 29, 305–333 (2015). https://doi.org/10.1007/s10458-014-9258-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10458-014-9258-0