# Defending with Shared Resources on a Network

In this paper we consider a defending problem on a network. In the model, the defender holds a total defending resource of R, which can be distributed to the nodes of the network. The defending resource allocated to a node can be shared by its neighbors. There is a weight associated with every edge that represents the efficiency defending resources are shared between neighboring nodes. We consider the setting when each attack can affect not only the target node, but its neighbors as well. Assuming that nodes in the network have different treasures to defend and different defending requirements, the defender aims at allocating the defending resource to the nodes to minimize the loss due to attack. We give polynomial time exact algorithms for two important special cases of the network defending problem. For the case when an attack can only affect the target node, we present an LP-based exact algorithm. For the case when defending resources cannot be shared, we present a max-flow-based exact algorithm. We show that the general problem is NP-hard, and we give a 2-approximation algorithm based on LP-rounding. Moreover, by giving a matching lower bound of 2 on the integrality gap on the LP relaxation, we show that our rounding is tight.

## Authors

• 14 publications
• 26 publications
• 27 publications
• ### Defending against Contagious Attacks on a Network with Resource Reallocation

In classic network security games, the defender distributes defending re...
12/02/2020 ∙ by Rufan Bai, et al. ∙ 0

• ### Node-Connectivity Terminal Backup, Separately-Capacitated Multiflow, and Discrete Convexity

The terminal backup problems (Anshelevich and Karagiozova (2011)) form a...
08/23/2020 ∙ by Hiroshi Hirai, et al. ∙ 0

• ### Integrality Gap of the Configuration LP for the Restricted Max-Min Fair Allocation

The max-min fair allocation problem seeks an allocation of resources to ...
07/11/2018 ∙ by Siu-Wing Cheng, et al. ∙ 0

• ### Virtual Network Embedding via Decomposable LP Formulations: Orientations of Small Extraction Width and Beyond

The Virtual Network Embedding Problem (VNEP) considers the efficient all...
10/26/2018 ∙ by Elias Döhne, et al. ∙ 0

• ### Downgrading to Minimize Connectivity

We study the problem of interdicting a directed graph by deleting nodes ...
11/25/2019 ∙ by Hassene Aissi, et al. ∙ 0

• ### The Simultaneous Assignment Problem

This paper introduces the Simultaneous Assignment Problem. Here, we are ...
05/20/2021 ∙ by Péter Madarasi, et al. ∙ 0

• ### An Approximation Algorithm for Covering Linear Programs and its Application to Bin-Packing

We give an α(1+ϵ)-approximation algorithm for solving covering LPs, assu...
11/23/2020 ∙ by Eklavya Sharma, et al. ∙ 0

##### This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

## 1 Introduction

In the recent years, security games have gained an increasing popularity within the artificial intelligence research community, and have been widely used in many areas of the field

[LCM09, Tam11, YT12]. Many of these games are played within a network structure (i.e., network security games), where a defender protects a set of targets from an attacker by allocating defensive resources to nodes (or edges) of a network. Such problems include, but are not limited to, the following: designing network interdiction strategies for infectious disease control [Ass87], cybersecurity mechanisms for defending computer networks [STX18], or police patrolling plans in urban security domains [ZAT17]. Existing network security models typically assume that: (i) one single security resource can be used to protect one single target only; (ii) the resource allocation happens in a binary manner, i.e., a target is either protected or not; and (iii) an attack on a single target does not have effect to other (possibly neighbouring) targets.

However, in many real-world scenarios security resources often effectively protect multiple targets simultaneously. Furthermore, multiple resources can be allocated to the same target to strengthen the target’s defence.

###### Example 1.1

Consider a police patrolling problem in which law enforcement forces are allocated to different districts of a city for patrolling. The more resources are allocated to a certain district, the more successful crime prevention can be achieved. In addition, in case of an urban crime event (e.g., bank robbery), patrolling forces from neighboring areas (i.e., nodes with edge connections to the target) can also provide help to the resources already at the target node.

On the other hand, successful attacks can also produce certain damages to neighboring targets.

###### Example 1.2

Consider the scenario when a chemical terrorist attack in which a toxic chemical weapon (e.g., sarin gas, or nerve agents) is used in a certain area. As the wind can blow the gas away from the original target area, the weapon can also generate damage in surrounding areas (although this damage is typically weakened, compared to the damage the attack would achieve at the original target).

Put differently, in many real-world applications, the damage depends not only on how well the node under attack is defended, but also on the defence of its neighbors. As these examples demonstrate, it is essential to take into account both the ability of sharing defending resources between nodes of the network, and the wide coverage of the attacks. In this paper, we consider a general defending problem on a network where

• the defending resource allocated to a node can be shared by its neighbors;

• the damage due to attack at a target node depends not only on the defending power of the target node, but also on that of its neighboring nodes.

### 1.1 Related Work

As mentioned above, most of the existing work in the security domain ignore resource sharing between nodes. A notable exception is the work of [GAV15], in which allocating a defending resource to a node can also protect the neighbors of that node. However, their model only looks at the binary version of resource allocation, where allocating multiple resources to the same node is not considered. Thus it can not be used to tackle our problem. To address the multi-resource allocation problem, [VLS18] has looked at a Colonel Blotto formulation of the security game setting. However, their work does not exploit the underlying network structure. In addition, they do not consider the effect of the attacks to the surrounding nodes. It is worth noting that there is a line of security games research that look at attackers with multiple resources [KCP11, YVAH16, WS17]. These models can be seen as somewhat relevant to our work as a single attack can have impact to more than one nodes. In addition, [CCO17] looked at the case that having an insufficiently protected node can affect the defence level of neighboring nodes, which is similar to our setting. However, these models do not take into account the defence side network-based resource sharing.

There is a large body of literature that studies contagion in network security games. For example, [BDG13, AMO16, LSV17] looked at stochastic contagion in network security problems. However, their model assume that the contagion is independently decided at each node, which is not the case in our setting. In addition, [TNT12, APH18] studied a shared resource model in which two players, namely the attacker and the defender, try to maximize their influence on a network. Similary, [NAB09, VL15] looked at generic target interdependency (i.e., an attack at one target might affect other targets as well) models. However, these models do not discuss the defending thresholds or the loss due to attack, and thus are different from our model.

### 1.2 Our Results

Against this background, this paper addresses the network defending problem with shared resources in the following way: To capture the resource sharing ability, we allow a node to share its resource to its neighbor (weighted with a certain sharing coefficient ). In addition, we assign two defence level thresholds to each node to represent the spatial spread effect of an attack as follows: at each target node , we need at least resources to prevent any damages at the local level (i.e., on node ), and we need at least resources to stop the spread of the attack to neighboring nodes of (for more details see Section 2).

Given this model, we first look at two special cases, namely: (i) when an attack cannot spread to the target node’s neighbours; and (ii) when sharing defending resources is not feasible. The former can be captured by setting for each node , and thus, we refer to it as the Single Threshold Model. The latter is referred to as the Isolated Model (as resource sharing is not allowed between neighbors)111The name “isolated” means that defending resources can not be shared. However, the damage due to attack still depends on the defending powers of the target node and its neighbors..

In particular, we prove the following theorems:

###### Theorem 1.1 (Single Threshold Model)

The single threshold network defending problem can be solved in time, where is the number of nodes in the network and is the matrix multiplication factor.

###### Theorem 1.2 (Isolated Model)

The isolated network defending problem can be solved exactly in time, where and are the number of nodes and edges in the network, respectively.

We also show that the general case of the problem is -hard, and therefore, we propose a -approximation algorithm. In particular, we prove the following theorems.

###### Theorem 1.3 (Problem Hardness)

The network defending problem is -hard.

###### Theorem 1.4 (Approximation Algorithm)

There exists a -approximation algorithm for the network defending problem that runs in time ( is the number of nodes, and is the number of edges).

We remark that our algorithm approximates the problem in a resource augmentation manner. That is, we show that by using a total defending resource , the object of our algorithm is at most that of any algorithm that uses defending resource . As we will show in Section 4, the problem with the objective of minimizing the damage does not admit any polynomial time approximation algorithm, unless ¶=.

## 2 Model Description

We model the network as an undirected connected graph , where each node has a lower bound and an upper bound , where , that represent the defending requirement. Besides, each node has a value and a discounted value that represent the damage due to attack on node .

###### Definition 2.1 (Defending Resource and Defending Power)

The defender has a total resource of that can be distributed to nodes in , where is the defending resource222In our model the resource can be allocated continuously. allocated to node , and .

The defending power of node is given by

 pu:=ru+∑v:(u,v)∈Ewuv⋅rv,

where is the weight of edge that represents the efficiency defending resource is shared between and .

When the attacker attacks a node :

1. If the defending power , the attacker gains .

2. If the defending power , the attacker gains if has neighbor with defending power ; gains otherwise.

3. If the defending power , the attacker gains .

The intuition behind this formulation is that if there is sufficiently large defending power at target node (i.e., ), the attack can be quickly mitigated (e.g., the robber will be quickly caught, or the toxic gas can be completely neutralized). Thus neither the target node nor its neighbors suffer from any damage. On the other hand, if the attack cannot be quickly mitigated, but the defending power at target is sufficient to locally stop the attack (i.e., ), then the attack may spread to the neighbors of with a weakened power. In this case, the weakened attack achieves some success (i.e., damage) if some neighbor of is not sufficiently protected (i.e., has inadequate defending power). Finally, if the target node itself has insufficient protection (i.e., , the attack achieves its maximal damage .

The objective of the defender is to allocate the defending resource to the nodes to minimize the gain of the attacker (which can attack only one node). We call a defending strategy. For every defending strategy, there exists a node by attacking which the attacker gains the most. We call the resulting gain of the attacker the defending result.

We call the model single threshold if for all nodes : in this model, when some node is attacked, the attacker gains either or , e.g., the attack does not spread to any neighbor of . This model is inspired by many real-world scenarios, ranging from urban crime and conventional terrorist attacks, to various cybersecurity threats and wildlife reservation problems (i.e., green security games). The common in these scenarios is that a single attack does not have a spreading effect, and thus the damage does not depend on the defending power of neighboring nodes.

We call the model isolated if for all edges . The intuition behind this special case is that in some real-world applications, we cannot share resources between nodes. For example, consider a disease outbreak scenario where the success of defence depends on the size of vaccinated population at each region. While the disease itself can spread to the neighboring areas if the vaccinated population is not sufficiently high (i.e., ), the strength of defence of a particular area cannot be transferred to another region.

We use to denote the set of neighbors for every node . We use and to denote the number of nodes and edges in the graph , respectively. We use to denote the optimal defending result.

## 3 Exact Algorithms for Special Cases

Before turning to the general version of the problem, as a warm-up, we first consider the two special cases in this section. We present polynomial time algorithms that solve the two cases exactly.

### 3.1 Naïve Attempt

Observe that for any defending strategy, there exists a node on which the attacker has maximum gain, which we refer to as the vulnerable node. Since the goal of the problem is to minimize the defending result, a natural algorithm would keep allocating defending resources to the vulnerable node until all resources are spent. We refer to this algorithm as Greedy. Unfortunately, as Figure 1 shows, even in the isolated model, Greedy can perform arbitrarily bad. Since node has the largest value, the Greedy algorithm will allocate at least 2 units of resource to . Consequently, both have defending power at most , which results in , where is the defending result of the Greedy algorithm.

The intuition is, there are two solutions to protect the vulnerable node in the isolated model by allocating defending resources: either we guarantee that , or all neighbors of has . However, solving the problem “locally” (as Greedy does) does not lead to a good defending strategy. This observation implies that the defending resources should be allocated in a “global” way that considers the effect on both the vulnerable node and its neighbors.

While this problem does not exist in the single threshold model, it is easy to show that the Greedy also performs arbitrarily bad in this model: consider the graph instance shown in Figure 1, where we change and for all . Obviously we still have . However, Greedy will allocate all resources to either or , which results in .

The two hard instances for the Greedy algorithm imply that to solve the problem, we need to take into account the effect on neighbors of , when allocating defending resource to a node

. A key difference between our algorithms and the Greedy algorithm is that we set a defending result goal before allocating any resource, and try to allocate resource globally to achieve this goal. In order to produce defending strategies in a global manner, we use the linear programming (LP) and maximum flow techniques.

### 3.2 Single Threshold Model

We first consider the single threshold model, i.e., for every node . We show that combining the linear programming technique with a simple binary search, we can solve this problem exactly in polynomial time.

Since for all , the attack is either successful or unsuccessful immediately after attacking some node. Therefore, while there are infinitely many defending strategies, the number of defending results is bounded by . Let be the defending result space, i.e., the possible defending results.

Suppose for every , we can decide in polynomial time whether the defending result is achievable (and output a solution if it is), then we can compute the optimal defending strategy in polynomial time. Here we call achievable if and only if there exists a defending strategy (using defending resource) with defending result . In the following, we show how to decide the achievability for every . More importantly, we output a feasible defending strategy if is achievable.

###### Definition 3.1 (Vulnerable Nodes)

Let

 Aα:={u∈V:gu>α}

be the nodes that need a defending power at least , if the target defending result is .

By definition, if any of has defending power , then the attacker gains by attacking , which violates our target defending result. Hence the goal is to compute a defending strategy under which every node has defending power at least .

This is actually a simple task, as we can formulate the problem as a feasibility linear program, in which the defending resources allocated to the nodes are the variables.

 min.0 s.t.∑u∈Vru =R, ru+∑v∈N(u)wuvrv ≥LBu,∀u∈Aα ru ≥0,∀u∈V.

Observe that any feasible solution for the above LP gives a defending strategy with defending result at most . On the other hand, if the LP is infeasible, then the target defending result is not achievable.

By the state-of-the-art result by [CLS19], we can solve the above LP in time, where is the matrix multiplication factor. Thus by trivially enumerating all possible values of , we can solve the problem in time. Indeed, observe that if is achievable, then all values at least are also achievable. Thus by using a binary search on , we can output the feasible solution for the minimum achievable as the optimal defending strategy in time, which completes the proof of Theorem 1.1.

### 3.3 Isolated Model

Next we turn to the isolated model. Recall that by definition we have for all , but nodes can have arbitrary upper and lower bounds. We show in this section that the isolated model can be solved exactly in polynomial time, using the maximum flow technique. Similar to the previous analysis, observe that given and for all and , we have . In other words, there are at most different defending results. Hence to solve the problem, we only need to identify the minimum value in that is achievable using defending resource, and output a defending strategy achieving it.

Let be the aim of the defending result.

#### Algorithm for Testing the Achievability of α.

As before, we define to be the vulnerable nodes that need to receive at least of defending power. Note that in the isolated model, we must allocate a defending resource at least to every to guarantee a defending result at most . Let be , i.e., those who need to receive at least of defending power, or each of its neighbors has . We call the set of crucial nodes. It remains to decide which crucial nodes should be assigned defending power (the remaining nodes will be covered by their neighbors). For ease of notation we drop the subscript on and in the following discussion.

Suppose are the nodes we decide to allocate a defending resource of to, i.e., we allocate an extra to every node . To achieve the defending result, we need to guarantee that every neighbor of receives at least . Since all nodes are already allocated a defending resource , it suffices to allocate to every .

Let be the neighbors of nodes in . The total resource required is given by

 ∑u∈ALBu+∑u∈S(UBu−LBu)+∑v∈(V∖A)∩N(B∖S)LBv.

In the following, we show that the problem of computing the set that minimizes the total defending resource can be solved by computing a maximum flow on a directed network with nodes and edges. Note that the defending result is achievable if and only if the minimum defending resource required is at most .

#### Flow Network.

Let the nodes of the directed flow network be , where is the source and is the sink. The edges of the network are constructed as follows.

1. For every , let there be a directed edge from to . For all , let the capacity of the edge be . For all , let the capacity of the edge be .

2. For every , let there be a directed edge from to . For every , let there be a directed edge from to . For every such that and , let there be a directed edge from to . Let the capacity of these edges be infinity.

The flow network has nodes and edges.

Intuitively, we construct a directed network based on the bipartite graph between and . Observe that in the directed flow network, to separate and , either the edge is cut for , or is cut for every neighbor of . By setting the capacities as above, we guarantee that every cut separating and corresponds to a feasible defending strategy.

By the max-flow min-cut theorem, computing the maximum flow from to is equivalent to finding the minimum - cut. Consider the minimum - cut that partitions the nodes into two sets and , such that and . Let be the total capacity of edges between and .

Since the edges from and the edges to have infinite capacity, we have for all , and for all . Observe that for every ,

1. if , then the edge is cut by ;

2. if , then for every , i.e., neighbor of that is not in , we must have , as the capacity of the edge from to is infinity. Consequently, we know that edge is cut by .

Let and . Let be the neighbors of nodes in . Then we have

 cut(S,T)=∑u∈Bt(UBu−LBu)+∑v∈N(Bs)∩(V∖A)LBv.

In other words, the total capacity of the cut is exactly the defending resource required to increase the defending power of every from to , and every neighbor of that is not in from to . Hence the minimum - cut corresponds to the optimal defending strategy with defending result .

#### Running Time.

The maximum flow problem on a directed network with nodes and edges can be solved in time by [Orl13]. Testing the achievability of every (and outputting a solution, if any) can be done in time. As before, by adopting a binary search on values of , we can identify the minimum achievable in time, which completes the proof of Theorem 1.2.

## 4 Hardness Results

As we have shown in the previous section, for the single threshold model (i.e., every node has ) and the isolated model (i.e., for all ), the problem is polynomial time solvable. A natural idea is to combine the two techniques we have used to solve the special cases, namely the linear programming and the maximum flow computation, and solve the general problem in polynomial time. Unfortunately, as we will show in this section, the general version of the problem is indeed -hard and thus the approach fails.

Nevertheless, we will show in the next section that, the combination of the techniques provides a tight rounding scheme that gives a -approximation algorithm.

To prove the -hardness (Theorem 1.3), we use a reduction from a fundamental boolean function satisfactory problem called MAX-DNF.

###### Definition 4.1 (Max-Dnf)

In the problem, we have boolean variables and clauses , where each clause is the conjunction (“and”) of variables or their negations (see Figure 3 for an example). The problem aims at finding an assignment to the variables such that a maximum number of clauses are satisfied.

The problem is shown to be -hard by [BP03, EP07]. In the following, we show how to reduce the MAX-DNF problem to ours. In other words, we show that if the network defending problem can be solved in polynomial time, then the MAX-DNF problem can also be solved in polynomial time.

#### Reduction.

Given any MAX-DNF problem instance, we create nodes, which are labeled by ; and nodes labeled by . We call these nodes variable nodes and clause nodes, respectively. Let there be an edge between every pair of and . For every clause , where each represents a variable or its negation, we create nodes, each labeled by . We call these nodes connectors. Let connector be connected to and . Note that in the resulting graph, every connector has degree two, every variable node has degree equal to its total number of appearances in the clauses, and every clause node has degree equal to the number of variables it contains (see Figure 3 for an illustrating example).

Let for the edges adjacent to variable nodes; let for the edges adjacent to clause nodes. Let for variable nodes and clause nodes; let for connectors. For every variable node or connector, let ; for every clause node, let and . Let , for some .

We show that there exists a defending strategy with defending result if and only if there exits an assignment to the variables such that at least clauses are satisfied.

First, if there exits an assignment to the variables such that at least clauses are satisfied, then we

• allocate unit of defending resource to every variable node that is “true” in the assignment;

• allocate defending resource to every unsatisfied clause.

Trivially, the total defending resource required is at most . Next we show that the defending result is .

Since the edges adjacent to variable nodes have weight , every variable node has defending power . Moreover, if a variable (or its negation) is true, then each of its connector neighbors has defending power . Consequently, if a clause is satisfied, then all its connector neighbors have defending power above their lower bound. Therefore, the defending result is , as all variable nodes and clause nodes are well-defended.

Next we show the other direction, i.e., the optimal defending strategy corresponds to an assignment of variables such that at least clauses are satisfied.

We first show that every defending strategy can be transformed into a canonical form, while the defending result is not affected. Fix any defending strategy .

#### Canonical Transformation.

For every connector , if , then we reallocate the resource to its variable node neighbor. Since the edge between and its variable node neighbor has weight while the edge between and its clause node neighbor has weight , reallocating the resource does not decrease the defending power of any node. Next, if for a variable node , then we reallocate its defending resource to its variable node neighbor, which does not change its defending power. The defending power of the connector neighbors of will be decreased (to ). However, since , the defending powers of these connectors were less than their lower bounds. Hence decreasing their defending power does not affect the defending result.

Fix the optimal defending strategy of canonical form. Suppose the defending result is . Then at least one of and must be assigned defending resource . Given that , exactly one of has defending resource , while the other has defending resource (which corresponds to an assignment to the variables). A connector has defending power if it is connected to a variable node with defending resource . Hence, if all neighbors (which are connectors) of some clause node have defending power , then we do not need to allocate any defending resource to . On the other hand, if a clause is not satisfied, then defending resource must be allocated to . Since the total defending resource deployed is at most , we know that at most clause nodes receive non-zero defending resource. Therefore, we can retrieve an assignment of variables such that at least clauses are satisfied given the optimal defending strategy.

Note that by varying from to , we can solve the MAX-DNF problem using computations333Indeed, we can apply a binary search, which reduces the number of computations to . of our problem. Thus the problem is -hard.

Since it is -hard to distinguish whether for the above hard instance, the problem does not admit any approximation algorithm with bounded ratio: any such algorithm can be used to distinguish whether .

###### Corollary 4.1

The network defending problem (that aims at minimizing the defending result) does not admit any polynomial-time approximation algorithm, unless ¶= .

## 5 Resource Augmentation Algorithms

Since the network defending problem is not approximable, instead of comparing the gain of the attacker with bounded defending power, we measure the approximation ratio of the problem in terms of defending power deployed in this section. Formally speaking, we call an algorithm -approximate if by using defending resource, the defending result is at most that of any optimal defending strategy using resource. In other words, a -approximate algorithm guarantees that by using times more resource, the defending result is at least as good as the optimal solution (without augmenting the resource).

In this section, we present a -approximate algorithm for the general network defending problem (Theorem 1.4).

As before, for every fixed , we check if it is possible to allocate the defending resource such that the resulting defending result is at most . Note that to achieve an approximation ratio of , we show that, as long as is achievable (by the optimal solution) using defending resource, our algorithm (with defending resource) computes in polynomial time a defending strategy with defending result at most .

#### Vulnerable and Crucial Nodes.

Again, let be the vulnerable nodes, and be the crucial nodes. Then the problem is (similar to what we have done in Section 3.3) to (1) decide a set of nodes ; (2) allocate the resources such that every has a defending power at least , and every has a defending power at least .

Note that for every fixed , the second step can be easily done using an LP, as we have done in Section 3.2. The difficulty, thus, lies in identifying the subset such that the required total defending resource is minimized.

#### Integer Program Formulation.

Observe that we can formulate the problem into a feasibility integer program. In the integer program, there is a variable associated with every indicating whether is in , i.e., receives defending power ; there is a variable associated with every indicating whether receives defending power . The solution is feasible if

1. for every such that , all its neighbors in have . In other words, ;

2. there exists with such that

 LBu+yu⋅(UBu−LBu) ≤pu,∀u∈B LBu ≤pu,∀u∈A∖B yv⋅LBv ≤pv,∀v∈V∖A

where is the defending power of , under defending strategy .

In other words, constraint (1) requires that, for every , either has defending power , i.e., ; or all its neighbors444Given that nodes have defending power at least in any case, we only need to put constraints on its neighbors in . has defending power at least . Constraint (2) requires that there exists a defending strategy using total resource such that all nodes receive the specified defending power. Given that we are aiming for a -approximation, we change the constraint to , i.e., we are comparing with the optimal defending strategy using defending resource.

The standard LP relaxation (similar to the minimum cut problem) can be formulated as follows. Let be the edges between and .

 min.0 s.t.yu+yv ≥1,∀(u,v)∈F yu ≥0,∀u∈B∪(V∖A) LBu+yu⋅(UBu−LBu) ≤pu,∀u∈B LBu ≤pu,∀u∈A∖B yv⋅LBv ≤pv,∀v∈V∖A ru+∑v∈N(u)wuv⋅rv =pu,∀u∈V ∑u∈Vru =R/2.

It is easy show that the above LP is indeed a relaxation of the integer problem of interest. As long as constraint (1) is satisfied, the first constraint of the above LP is satisfied. The remaining constraints are satisfied by constraint (2).

Next, we show that the LP is feasible if there exists a defending strategy using resource with defending result at most . Fix any such defending strategy. It gives a feasible solution for the above LP as follows:

1. , set if ; otherwise;

2. , set if ; otherwise.

It suffices to check the first set of constraints to guarantee feasibility. By the feasibility of the strategy, for every pair of neighbors and , at least one of is set to be . Thus the constraints are satisfied.

It remains to show that, if the LP is feasible, then our algorithm computes (in polynomial time) a defending strategy with defending result at most using defending resource. Our defending strategy is constructed using any feasible solution of the LP as a guidance. In the following, we give a geometric interpretation for the solution, which reveals some connections between our approximation algorithm and our max-flow based algorithm in Section 3.3.

#### Geometric Interpretation.

Imagine there are two extra nodes and , where is at position and is at position . It would be easier to imagine the two nodes as the source and sink, as we have done in Section 3.3. For every , variable indicates the distance between and ; for every , indicates the distance between and . If for some , i.e., we put node at position of , then we ensure that has defending power (recall that in Section 3.3, this is the case when edge is cut). If for some , i.e., we put node at position of , then we ensure that has defending power (recall that in Section 3.3, this is the case when edge is cut). The constraint for every pair of neighbors and guarantees that the position of is before that of . Specifically, if does not have defending power at least , then all its neighbors should have defending power at least .

#### Rounding and Feasibility.

Given the optimal solution for the above LP, we construct a feasible integral solution , i.e., a defending strategy using defending resource, as follows. For every , set if ; otherwise. Set . Observe that after the rounding, all variables take values in , and the total defending resource used is .

For the first set of constraints, observe that for every pair of neighbors and , (by feasibility of ) at least one of is at least . Thus after rounding at least one of them is . In other words, the integral solution satisfies the first set of constraints. For the third, fourth and fifth sets of constraints, observe that our integral solution increases the defending power of every node by a factor of , while increases by a factor of at most . Thus these constraints are all satisfied.

As long as it is possible to achieve defending result using defending resource, our algorithm (which uses defending resource) computes a feasible defending strategy in polynomial time. Thus our algorithm is -approximate, which completes the proof of Theorem 1.4.

#### Integrality Gap.

While we do not have a matching lower bound on the approximation of the problem, we show that any rounding algorithm based on this LP cannot do better than -approximate. More specifically, there exists an instance for which any solution achieving defending result requires defending resource , while there exists a fractional solution for the above LP (using resource) that is feasible. In other words, the integrality gap of the LP relaxation is .

Let the graph be two nodes and connected by an edge. Let and . Let and ; and . In the optimal solution, by allocating defending resource arbitrarily, the attacker has gain . Moreover, if , then no matter how the defending resource is distributed, the attacker always gains by attacking . However, in the fractional solution, by setting and , the solution is actually feasible for the above LP. In other words, the LP is feasible when .

## 6 Conclusion

In this paper, we propose a network security game that allows the sharing of defending resource between neighbor nodes, and the spread of attack damage to the neighbors of the target. The model captures features of many real-world applications that are not covered by existing network security game models. We present polynomial time algorithms for two natural and important special cases of the problem. We show that the general problem is -hard, and propose an LP-rounding based -approximation algorithm.

The most interesting open problem is whether the approximation ratio we obtained in Section 5 can be improved. While we have shown that our rounding is tight, the integrality gap does not directly translate to hardness result on inapproximability. We believe that it is possible to prove an -hard result for the general problem.

## Acknowledgement

Minming Li was partially supported by NNSF of China under Grant No. 11771365, and by Project No. CityU 11200518 from Research Grants Council of HKSAR.

This research was sponsored by the U.S. Army Research Laboratory and the U.K. Ministry of Defence under Agreement Number W911NF-16-3-0001. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the U.S. Army Research Laboratory, the U.S. Government, the U.K. Ministry of Defence or the U.K. Government. The U.S. and U.K. Governments are authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation hereon. In addition, Tran-Thanh and Li would like to acknowledge the financial support from the Royal Society’s Kan Tong Po Fellowship (KTP \R1 \170018).

The research leading to these results has received funding from the European Research Council under the European Community’s Seventh Framework Programme (FP7/2007-2013) / ERC grant agreement No. 340506.

## References

• [AMO16] Daron Acemoglu, Azarakhsh Malekian, and Asu Ozdaglar. Network security and contagion. Journal of Economic Theory, 166:536–585, 2016.
• [APH18] Aamena Alshamsi, Flávio L Pinheiro, and Cesar A Hidalgo. Optimal diversification strategies in the networks of related products and of related research areas. Nature communications, 9(1):1328, 2018.
• [Ass87] Nikitas Assimakopoulos. A network interdiction model for hospital infection control. Computers in biology and medicine, 17(6):413–422, 1987.
• [BDG13] Yoram Bachrach, Moez Draief, and Sanjeev Goyal. Contagion and observability in security domains. In 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton), pages 1364–1371. IEEE, 2013.
• [BP03] Cristina Bazgan and Vangelis Th. Paschos. Differential approximation for optimal satisfiability and related problems. European Journal of Operational Research, 147(2):397–404, 2003.
• [CCO17] Hau Chan, Michael Ceyko, and Luis E. Ortiz. Interdependent defense games with applications to internet security at the level of autonomous systems. Games, 8(1):13, 2017.
• [CLS19] Michael B. Cohen, Yin Tat Lee, and Zhao Song. Solving linear programs in the current matrix multiplication time. In STOC, pages 938–942. ACM, 2019.
• [EP07] Bruno Escoffier and Vangelis Th. Paschos. Differential approximation of min sat. European Journal of Operational Research, 181(2):620–633, 2007.
• [GAV15] Jiarui Gan, Bo An, and Yevgeniy Vorobeychik. Security games with protection externalities. In AAAI, pages 914–920. AAAI Press, 2015.
• [KCP11] Dmytro Korzhyk, Vincent Conitzer, and Ronald Parr. Security games with multiple attacker resources. In IJCAI, pages 273–279. IJCAI/AAAI, 2011.
• [LCM09] Joshua Letchford, Vincent Conitzer, and Kamesh Munagala. Learning and approximating the optimal strategy to commit to. In SAGT, volume 5814 of Lecture Notes in Computer Science, pages 250–262. Springer, 2009.
• [LSV17] Jian Lou, Andrew M Smith, and Yevgeniy Vorobeychik. Multidefender security games. IEEE Intelligent Systems, 32(1):50–60, 2017.
• [NAB09] Kien C Nguyen, Tansu Alpcan, and Tamer Basar. Stochastic games for security in networks with interdependent nodes. In

2009 International Conference on Game Theory for Networks

, pages 697–703. IEEE, 2009.
• [Orl13] James B. Orlin. Max flows in o(nm) time, or better. In STOC, pages 765–774. ACM, 2013.
• [STX18] Aaron Schlenker, Omkar Thakoor, Haifeng Xu, Fei Fang, Milind Tambe, Long Tran-Thanh, Phebe Vayanos, and Yevgeniy Vorobeychik. Deceiving cyber adversaries: A game theoretic approach. In AAMAS, pages 892–900. International Foundation for Autonomous Agents and Multiagent Systems Richland, SC, USA / ACM, 2018.
• [Tam11] Milind Tambe. Security and game theory: algorithms, deployed systems, lessons learned. Cambridge University Press, 2011.
• [TNT12] Jason Tsai, Thanh Hong Nguyen, and Milind Tambe. Security games for controlling contagion. In AAAI. AAAI Press, 2012.
• [VL15] Yevgeniy Vorobeychik and Joshua Letchford. Securing interdependent assets. Autonomous Agents and Multi-Agent Systems, 29(2):305–333, 2015.
• [VLS18] Dong Quan Vu, Patrick Loiseau, and Alonso Silva. Efficient computation of approximate equilibria in discrete colonel blotto games. In IJCAI, pages 519–526. ijcai.org, 2018.
• [WS17] Sinong Wang and Ness B. Shroff. Security game with non-additive utilities and multiple attacker resources. In SIGMETRICS (Abstracts), page 10. ACM, 2017.
• [YT12] Zhengyu Yin and Milind Tambe. A unified method for handling discrete and continuous uncertainty in bayesian stackelberg games. In AAMAS, pages 855–862. IFAAMAS, 2012.
• [YVAH16] Yue Yin, Yevgeniy Vorobeychik, Bo An, and Noam Hazon. Optimally protecting elections. In IJCAI, pages 538–545. IJCAI/AAAI Press, 2016.
• [ZAT17] Youzhi Zhang, Bo An, Long Tran-Thanh, Zhen Wang, Jiarui Gan, and Nicholas R. Jennings. Optimal escape interdiction on transportation networks. In IJCAI, pages 3936–3944. ijcai.org, 2017.