On the Characterization of Saddle Point Equilibrium for Security Games with Additive Utility

07/28/2020 ∙ by HAmid Emadi, et al. ∙ Iowa State University of Science and Technology 0

In this work, we investigate a security game between an attacker and a defender, originally proposed in <cit.>. As is well known, the combinatorial nature of security games leads to a large cost matrix. Therefore, computing the value and optimal strategy for the players becomes computationally expensive. In this work, we analyze a special class of zero-sum games in which the payoff matrix has a special structure which results from the additive property of the utility function. Based on variational principles, we present structural properties of optimal attacker as well as defender's strategy. We propose a linear-time algorithm to compute the value based on the structural properties, which is an improvement from our previous result in <cit.>, especially in the context of large-scale zero-sum games.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

Game theory [2] is a useful tool to model adversarial scenarios. Security games

model attack scenarios wherein an attacker attacks a number of targets while the defender allocates its resources to protect them to minimize the impact. The payoff for the attacker and the defender is based on the successfully attacked and protected targets, respectively. Traditionally, attacker-defender games have been modeled as zero-sum games, and the resulting saddle-point strategies are assumed to be optimal for both players. In general, two-player zero-sum game can be formulated as an linear programming problem 

[2], and therefore saddle-point equilibrium can be computed in polynomial time. The most efficient running time of solver for a general LP problem is  [9]. However, solving security games with more than 2 resources for attacker and defender with a general LP solver is computationally expensive due to the combinatorial nature of the problem.

In the past two decades, game theory has played an important role in quantifying and anlyzing security in large-scale networked systems. Here, we mention some of these efforts across several applications. In [4], authors propose an evolutionary game framework that models integrity attacks and defenses in an Advanced Metering Infrastructure in a smart grid. In [18], a game-theoretic defense strategy is developed to protect sensor nodes from attacks and to guarantee a high level of trustworthiness for sensed data. In [17], authors consider a security game in power grid in which the utility functions are defined based on the defender’s net loss, and players’ action set are defined based on different scenarios such as false data injection to electronic monitoring systems. In [23], authors provide a game theoretic approach to modeling attack and defense of smart grid in different layers of power plant, transmission and distribution network. In [8],[5], authors propose a game-theoretic model for the adaptive security policy and the power consumption in the Internet of Things. In [22], authors propose a zero-sum game for security-aware sensor placement in which the attacker minimizes its visibility by attacking certain number of nodes, and the detector maximizes the visibility of the attack signals by placement of sensors. In [20], authors consider a cyber-security problem in a networked system as a resilient graph problem. They use backward induction to obtain optimal strategies for both players which try to disrupt the communication and maintain the connectivity, respectively. In [20], authors propose a stochastic game-based model to provide a control synthesis method to minimize deviations from the desired specification due to adversaries, who has limited capability of observing the controller’s strategy. In [7], authors focus on notions of self-protection (e.g., patching system vulnerabilities) and self insurance (e.g., having good backups) rather than only security investments in information security games.  [10] introduces a method for resolving uncertainty in interdependent security scenarios in computer network and information security. In [24], authors examine security game in which each player collectively minimize the cost of virus spread, and assuring connectivity. In [11], authors propose a game theoretic framework for picking vs guessing attacks in the presence of preferences over the secret space, and they analyse the trade-off between usability and security. In [16], authors introduce a game-theoretic framework for optimal stochastic message authentication, and they provide guarantees for resource-bounded systems. For a comprehensive survey of game-theoretic approaches in security and privacy in computer and communication, a reader could refer to [19].

Security games pose computational challenges in analysis and synthesis of optimal strategies due to exponential increase in the size of the strategy set for each player. A class of security games which renders tractable computational analysis is that of Stackelberg games [1]. In Stackelberg models, the leader moves first, and the follower observes the leader’s strategy before acting. Efforts involving randomized strategies [12] and approximation algorithms [3] for Stackelberg game formulation of security games have been proposed to efficiently allocate multiple resources across multiple assets/targets. In order to extend the efficient computational techniques for simultaneous move games, efforts have been made to characterize conditions under which any Stackelberg strategy is also a NE strategy [15]. An extensive review of various efforts to characterize and reduce the computational complexity of Stackelberg games with application in security can be found in [6], and references therein. Here, we mention a few that are relevant to the problem under consideration. [13] shows that computing the optimal Stackelberg strategy in security resource allocation game, when attacker attacks one target, is NP-hard in general. However, when resources are homogeneous and cardinality of protection set is at most 2, polynomial-time algorithms have been proposed by the authors. [13] propose an LP formulation similar to Kiekintveld’s formulation, and presents a technique to compute the mixed strategies in polynomial time.

In [14], a security game between an attacker and a defender is modeled as a non-zero game with multiple attacker resources. The authors analyze the scenario in which the payoff matrix has an additive structure. They propose an iterative algorithm for computing the mixed-strategy Nash Equilibrium where is the size of the parameter set. Motivated from [14], in [6], we analyzed a zero-sum security game with multiple resources for attacker and defender in which the payoff matrix has an additive structure. Based on combinatorial arguments, we presented structural properties of the saddle-point strategy of the attacker, and proposed an algorithm to compute the saddle-point equilibrium and the value of the game, and provided closed-form expressions for both. In this paper, we show that a zero-sum security game can be reduced to the problem of minimizing the sum of the -largest functions over a polyhedral set which can be computed in linear time [21]. Based on this insight, we use a variational approach to propose an algorithm which is the best possible in terms of the complexity. Moreover, we present structural properties of the saddle-point strategy of both players, and an explicit expression for the value of the game.

The rest of the paper is organized as follows. In Section 2, we present the problem formulation. In Section 3, we present structural properties of the optimal attacker strategy. In Section 4, we present a linear time algorithm to compute the value of a large-scale zero-sum game. In Section 5, we present structural properties of the defender’s optimal strategy, and a dual algorithm to compute the value and equilibrium. In section 6, we present our conclusions along with some future work.

2 Problem Formulation: Security Game

Consider a two-person zero-sum game, and let denotes a set of targets. We assume an attacker (player 1) chooses -targets to attack. So, there are actions for player 1. On the other hand, protection budget of targets is limited, and we assume that only targets will be protected by the defender (player 2). So, there are actions for player 2. The defender has no knowledge about the targets chosen by player 1. In order to find the optimal strategy for the players, we formulate a strategic security game , where and denote the action sets for attacker and defender, respectively, and . Every element represents a set of targets that are attacked. Similarly, represents a protected targets. Each and is a -tuple, and -tuple subset of , respectively.

The attacker has no information about the targets that are protected by the defender. Let denote the cost associated to target . Moreover, without loss of generality, we assume that targets are labeled such that for .

We consider an additive property for the utility function i.e., entries of the cost matrix are defined as follows:

(1)

represents the game matrix or payoff matrix for player 1. Since we consider a zero-sum game, the payoff matrix for player 2 is . Note that we assume both players have the complete information of the target costs.

Let

be the probability vectors representing the mixed strategies for player 1 and player 2, respectively. The expected utility function is

According to the minimax theorem, every finite two-person zero-sum game has a saddle point with the value, , in mixed strategy for player 1, and mixed strategy for player 2, such that player 1’s average gain is at least no matter what player 2 does. And player 2’s average loss is at most regardless of player 1’s strategy, that is

In order to solve every finite matrix game, we can reduce the game to the following LP problem,

(2)
subject to

However, the dimension of the decision variables in the above formulation is which is exponential in terms of . In the next section, we present an equivalent LP formulation with dimension to compute .

3 Structural Properties of the Attacker’s Strategy

In this section, we investigate the structural properties of the optimal attacker’s strategy. The value of the game () can be defined as follows based on the attacker’s mixed strategy :

where denote the element of . From (1), can be written in the following form,

where,

(3)

where , and is a combinatorial matrix 111A combinatorial matrix is a boolean matrix containing all combinations of 1’s. Each column of has entries equal to 1 and rest of the entries equal to 0. In other words, is a matrix constructed from combinations of one in an dimensional vector.

Since is a combinatorial matrix, . Moreover, in the following lemma we show that for any feasible there exists a feasible . Hence, the problem reduces to computing .

Lemma 1

is a surjective mapping.

Proof

Please refer to the Appendix for the proof.

Based on the above lemma, the problem reduces to computing .

Lemma 2

satisfies the following property:

(4)

where is defined in (3) for .

Proof

Assume the following holds for :

(5)

Note that is -sum of smallest , that is . Assume that there exist and such that for . . . Since is the maximum value of the -sum of smallest , we arrive at a contradiction. Therefore, for . ∎

Corollary 1

and satisfy the following property:

  1. [label=()]

  2. ,

  3. ,
    for and .

Proof

(a) Since is -sum of smallest , This property can be concluded directly from Lemma 2.

(b) Let denotes . First, we show that there is an optimal solution such that . We proceed the proof by contradiction. We assume that such that . Since , there is such that . Therefore, . Note that if is a contradiction with the fact that is the optimal value, and if then it means there are multiple solutions which at least one satisfy the property. Moreover, from Lemma 2, if then , which completes the proof. ∎

Let denote the indices for optimal structure expressed in Corollary 1 . Let and , called active sets of attacker and defender, denote the union of ’s and ’s corresponding to the support sets of and , respectively.

Corollary 2

In a security game , . When , the defender has a pure strategy with , else (for ).

Proof

The proof of first part directly follows from the fact that and .

For second part, consider . The following condition holds for :

When , for all such that . Consequently,

else , which is a contradiction. Therefore, any corresponding to such that is zero. In other words, .

Based on similar arguments, we can conclude that for and . When and , for all such that , and consequently . Therefore,

Since the defender has resources, it has a pure strategy to allocate it to targets . ∎

Remark 1

According to Corollary 2, both players choose mixed strategies that involve targets with highest impacts ().

4 Computation of

Based on Lemma 2, we can solve the following LP to compute :

(6)
subject to

Note that from Lemma 1, we show that for any which satisfies the conditions in (6), there exists a on a simplex such that , which satisfy the feasibility condition of (6).

From Corollary 1, and can be computed by examining all feasible solutions for (), and which satisfy the condition in Corollary 1 (b). Let denote a square matrix of dimension . The entry of (denoted by ) is the solution to the following problem:

The following theorem relates to the elements of .

Theorem 4.1

, and the entries of are as follows:

For :

For :

where .

Proof

First, we consider the case . Let the optimal solution be . Since for , for any perturbation . Since , any allowable perturbation around satisfies the following condition:

(7)

where . Consider a perturbation that involves perturbing for and . From (7), we obtain the following:

(8)

Based on the first order necessary conditions for maxima, we obtain the following:

(9)

Let . Substituting (8) in (9) leads to the condition . . If for any , .

As a result, we obtain the following conditions:

(10)

From (10), we conclude that and can have the following forms:

  1. (11)

    From feasibility conditions in (6) (i.e. and ), we conclude that at entry of , feasibility conditions are satisfied if . Substituting (11) in leads to the following expression for :

    (12)
  2. (13)

    where , which results from . Since , , which is equivalent to .

    Moreover, substituting (13) in leads to the following expression for :

    (14)
  3. Substituting the above condition in , we obtain the following:

    (15)
    (16)

    By substituting (16) into , we obtain the following:

    (17)

    Let . Next, we have to check whether satisfies the feasibility conditions of (6). Substituting in (16) leads to the following:

Finally, we consider the case when . Since and for , for , . Moreover, can be written as , and the feasible ’s are given as follows:

(18)

If , then entry of is feasible. For all , the arguments are same as for the case .

Since is the maximum value which satisfies all feasibility conditions, is the maximum entry of . ∎

Next, we show that is a sparse matrix, which leads to a linear time algorithm for computing . Let and be square matrices of dimension defined as follows:

(19)
(20)
Lemma 3

Given an infeasible cell in , either all the cells to the right (in the same row) or all the cells below (in the same column) are infeasible.

Proof

Consider an infeasible cell in . For a cell to be infeasible, at least one of the three inequalities in (19) needs to be violated.

  1. [label=()]

  2. First, consider the case . In other words, if , there is no feasible solution in entry of for all .

  3. Next, consider the case, . Since , entry of cannot be feasible. Since is arbitrary, we can conclude that entry of cannot be feasible for all .

  4. Finally, consider the case in which the inequality is the only one that is violated at entry of . Therefore, , and consequently, there is no feasible solution in entry of for all . Therefore, any column of contains at most one feasible (non-zero) entry.

Corollary 3

At most one cell in a column of is feasible.

Proof

The proof follows directly from the arguments for Lemma 3 (c).

Theorem 4.2

, can be computed in time.

Proof

From Lemma 3 and Corollary 3, we can conclude that from a current cell in , one needs to search either in cell or cell to find the next feasible element. Therefore, a linear search () that alternates between rows and columns leads to the cell containing the maximum element.

Next, we show that all feasible entries in can be computed in time. For each row , there is at most one which satisfies in (20). Therefore, for each row in , we can find the feasible cell in constant time. This implies that all feasible entries in can be computed in time, and a linear or a logarithmic search among the feasible entries provides the maximum element. ∎

Algorithm 1 gives and active targets for the attacker and the defender in linear time.

1:Input: and
2:Output:
3:Construct based on Theorem 4.1 and Theorem 4.2.
4:
5:for  do
6:     for  do
7:         if  then
8:              if  then
9:                  
10:              end if
11:              
12:              return
13:         else if  then
14:              
15:              return
16:         else
17:              
18:              
19:         end if
20:     end for
21:end for
22:for  do
23:     find such that
24:     if , and  then
25:         
26:     else
27:         
28:     end if
29:end for
30:
31:
32:
33:
Algorithm 1 Computation of the value, and active targets

5 Dual Analysis: Structural Properties of the Defender’s Strategy and Algorithms

In this section, we present structural results for the optimal strategy of the defender, and present an algorithm to compute and its corresponding optimal strategy. From the definition of , we obtain the following:

where denote the element of . From (1), can be written in the following form,

where,

(21)

where , and is a combinatorial matrix. Since is a combinatorial matrix, . Moreover, from lemma 1, for any feasible there exists a feasible .

The following lemma provides the structure of .

Lemma 4

satisfies one of the following conditions:

  1. [label=()]

  2. , and ,

  3. , and ,
    and ,
    where , , .

Proof

Let the sequence of indices satisfy the following condition:

(22)

Note that .

First, we show that