Stackelberg Equilibria for Two-Player Network Routing Games on Parallel Networks

03/12/2020 ∙ by David Grimsman, et al. ∙ The Regents of the University of California 0

We consider a two-player zero-sum network routing game in which a router wants to maximize the amount of legitimate traffic that flows from a given source node to a destination node and an attacker wants to block as much legitimate traffic as possible by flooding the network with malicious traffic. We address scenarios with asymmetric information, in which the router must reveal its policy before the attacker decides how to distribute the malicious traffic among the network links, which is naturally modeled by the notion of Stackelberg equilibria. The paper focuses on parallel networks, and includes three main contributions: we show that computing the optimal attack policy against a given routing policy is an NP-hard problem; we establish conditions under which the Stackelberg equilibria lead to no regret; and we provide a metric that can be used to quantify how uncertainty about the attacker's capabilities limits the router's performance.



There are no comments yet.


page 1

page 2

page 3

page 4

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

I Introduction

This paper addresses a network routing game between a player that wants to route legitimate traffic from a source node to a destination node and another player that wants to block traffic by flooding the network with malicious traffic. We refer to these players as the router and the attacker. Motivated by network security problems, we are interested in scenarios of asymmetric information, where the router exposes its policy to the attacker before the attacker needs to select its policy. The problem formulation considered here is motivated by the so-called Crossfire attack in which an attacker persistently degrades network connectivity by targeting a selected set of links within the network, while adjusting to changes in routing policies [1]. The defense against such attacks has been the subject of recent work [2, 3, 4, 5].

The Nash equilibrium is an attractive solution concept for noncooperative games because it leads to very strong notions of equilibria, in that neither player regrets its choice after the outcome of the game is revealed [6]. However, such equilibria often do not exist in problems of asymmetric information. The Stackelberg equilibrium is an alternative solution concept where one player (the leader) must select and reveal its policy before the other player (the follower) makes a decision [7]. This type of equilibrium specifically addresses the information asymmetry that we consider here and has been applied to domains closely related to the problem considered in this paper, including network routing [8], scheduling [9], and channel allocation for cognitive radios [10], but also has application in supply chain and marketing channels [11] among other fields. The Stackelberg equilibrium is a concept that is also well-suited for security of critical infrastructure systems [12] and has been applied to surveillance problems that include the ARMOR program at the Los Angeles International Airport [13], the IRIS program used by the US Federal Air Marshals [14], power grid security [15], and defending oil reserves [12]. These two types of equilibria have also been studied extensively for various types of security games [16].

This paper includes three main contributions:

  1. Theorem 1 establishes that computing the attacker’s optimal response to a routing policy is an NP-hard problem.

  2. Theorem 2 determines conditions on the network under which Stackelberg equilibria lead to no-regret policies (i.e., are also Nash).

  3. Section IV explores how uncertainty in knowledge about the capabilities of the attacker translates into performance loss for the router. Theorem 3 provides a closed-form expression which quantifies this for a two-link network.

We focus on a network consisting solely of parallel links that directly connect source and destination. Even within this simple set of networks, the computation of the optimal attack policy turns out to have higher complexity than one might expect. For any fixed routing policy, we show in Section III that the computation of the “optimal” distribution of a fixed budget of attack traffic among the parallel links is an NP-hard problem with respect to the scaling parameter . From the attacker’s perspective, “optimal” means that the attacker can prevent as much traffic as possible from reaching the destination, by flooding network links so that legitimate traffic in excess the links’ capacity is dropped.

As noted above, Nash equilibria have the desirable feature that they lead to no regret by both players, a feature that is generally not shared by Stackelberg equilibria. It turns out that in the network routing games considered here, Stackelberg equilibria only lead to no-regret (i.e., are also Nash equilibria) in the extreme cases where the attacker controls a very large or a very small amount of traffic. We show this to be true for parallel networks in Section IV. For these two extreme cases, we actually provide explicit formulas for the optimal Stackelberg/Nash routing policies. Not surprisingly in view of the NP-hardness result, no explicit formulas are provided for intermediate levels of attack traffic.

Motivated by the nontrivial dependence of the Stackelberg policy on the total amount of traffic controlled by the attacker, we also study how uncertainty in affects routing performance. Previous work in this area has modeled this type of uncertainty as a distribution over the possible values of , giving rise to routing policies that give an optimal expected value on the cost function [17]. However, in this work, we define a metric for the “value of information” about the power of the attacker that compares the amount of traffic that the attacker could block if the router knew precisely versus the amount of traffic it could block if the router had to select a policy without precise knowledge of . The latter scenario generally leads to an increase in blocked traffic. We show in Section V a closed-form expression for the value of information in two-link networks.

Ii Model

This paper focuses on a two-player network routing game where the system operator is tasked with deriving a routing policy to maximize the throughput of a given single source / single destination parallel network in the presence of an adversary. The network is comprised of a set of edges , where each edge is associated with a given capacity . The system operator, which we will henceforth refer to as the router, is tasked with with designing a routing profile which routes units of traffic across this network. A feasible routing profile satisfies and for all edges . We denote the convex set of all admissible routing profiles as where denotes the capacities of all edges.

This work considers the existence of an attacker whose goal is to block as much routed traffic as possible by reducing the capacities of the edges in the network through a cross-fire style attack where the attacker can send up to units of non-responsive traffic on various edges in the network. An adversarial attack can be characterized by a routing profile which satisfies and for all edges . We denote the set of all admissible adversarial attack policies as . We will often refer to as the attack budget of the adversary. Given an admissible routing profile and an adversarial attack , the amount of legitimate traffic blocked on any edge is defined as


and the total blocked traffic in the system as . Since the routing policy is non-responsive, the adversarial choice effectively reduces the capacity on each edge from to . Lastly, we will often omit highlighting the functional dependence on the parameters , , and for brevity, e.g., express as merely , when this dependence is clear.

One focus of this paper is to characterize different forms of equilibria in this two-player network routing game. In general, we will assume that a router is required to choose the routing strategy first and the adversary can respond accordingly. The most natural class of equilibria that captures this phenomena is that of Stackelberg equilibria (SE), which consists of any pair of routing profiles such that


If satisfies (3), we refer to as a best response attack to . A second class of equilibria that we focus on is Nash equilibria (NE), which focuses on situations where both the router and adversary are required to select their strategy without knowledge of the other’s choice. A NE is defined as any pair of profiles such that


We refer to as the set of all SE for values , and likewise for NE. Note that given the definitions above, . In the event where , this implies that the router is not strategically disadvantaged by having to reveal its choice before the adversary selects its policy. However, while a SE will always exist, the same does not hold true for NE. Furthermore, this paper will address how knowledge of the exact value of impacts the existence and efficacy of such equilibria.

Example 1
(a) An example network. Suppose that and . Then, for instance on edge 4, since the capacity is 12, 2 units of traffic are blocked. In total we see that , , , , and , which results in .
(b) This figure showcases one of the contributions of this paper: a characterization of where no NE exist (gray region) and when all SE are also NE (white regions) for the network in (a). For any values , one of those two properties must hold. See Example 1 and Theorem 2 for more details.
Fig. 1: An example network showcasing the model and regions of where NE exist.

We begin with the following example highlighting the complexity of computing NE and SE in such a routing game. To that end, consider the example shown in Figure 0(a) with and and denote the edge set as and edge capacities as . Given a routing profile and an attack profile , it follows from (1) that the traffic blocked on each edge is 1, 1, 0, 2 and 0, respectively. Note that these strategy profiles neither capture a NE or SE as there are numerous adversarial strategies that could increase the total blocked traffic given the routing profile , e.g., .

The plot in Figure 0(b) highlights the distinction between NE and SE for the considered routing problem for all pairs satisfying . For instance, when and (see point in Figure 0(b)), any SE is also a NE. One such routing profile is , as this does not allow the attacker to block any traffic. When and (point ), we see a similar phenomenon, where the attacker has much more power. In fact, observe that the routing profile and attack profile constitute both a SE and NE. The router is able to design a policy such that the attacker can only block traffic, the best the router can achieve given . Thus the router has no incentive to deviate, and clearly the attacker cannot. Lastly, when and (point ) we begin to notice a discrepancy between NE and SE in the sense that given any profiles , if (5) is satisfied then (4) is not satisfied. For example, consider the profiles and and note that satisfies (5). If the attacker implements this policy, then is not a NE, since the router would benefit unilaterally by moving some traffic from edge 5 to another unblocked edge. The forthcoming Theorem 2 provides the characterization shown in Figure 0(b).

Iii Problem Hardness

In this section, we show that finding the best response attack policy in (3) is NP-Hard. We formally define it as follows:

Problem 1

Given a parallel network with edges , corresponding capacities , a routing policy , and attack power , find which satisfies (3), i.e., a best response attack policy.

Note that an instance of the problem can be defined by , and we show how the complexity of the problem scales with the number of edges in the parallel network.

Theorem 1

Problem 1 in NP-Hard on the scaling variable .

The theorem is proved by reducing the 0-1 Knapsack Problem (KP), a known NP-Hard problem, to Problem 1. We do this by showing that if all are “sufficiently small”, then any best response attack must either block all traffic on an edge or block none of it. Thus finding the best response attack is simply finding the set of edges to fully block, corresponding to the discrete nature of the items in the 0-1 KP. This implies any method for solving these instances of Problem 1 will also solve the 0-1 KP.

The following lemma defines “sufficiently small” in this context:

Lemma 1

Consider an instance of Problem 1 , where


for some . Then for any which is a solution to Problem 1.

We prove the contrapositive statement. Let be such that . Define , and observe by definition that . Then it must be true that , otherwise the attacker could block more routed traffic by redistributing as much attack traffic as possible from to the other edges in . Therefore, (6) must be false.

Given this, we proceed with the proof of Theorem 1. The 0-1 KP can be defined as follows: assume we have items, where each item has a cost and a value . Given a total cost constraint , find the combination of items with maximum total which does not exceed . More formally stated, determine

subject to

where . This problem is known to be NP-Hard in the number of items [18].

Mapping a 0-1 KP to Problem 1 can be done with the following method: let every item be mapped to an edge in a parallel network, , , and , where satisfies


for all . By Lemma 1, we know that any solution to this subset of instances of Problem 1 has the property that every edge will either have all routed traffic blocked or none. Therefore, the problem can be reformulated as

subject to

This problem yields an equivalent solution to that in (7), since the constraints are the same, and each objective function is a scaled version of the other. Thus solving this instance of Problem 1 will also solve 0-1 KP and shows that Problem 1 is NP-Hard.

Iv Equilibria

In this section, we present results that describe precisely the relationship between SE and NE in our model. For some , we denote it’s total capacity as .

Theorem 2

Consider a parallel network with capacities , routing demand , and adversarial routing power . The set of Nash Equilibria is nonempty and if and only if one of the following is satisfied: 111While finding the maxima in (10) and (11) may appear to be computationally intractable given the number of edges in the network, it is true that the maximizing for both (10) and (11) is of the form {1, 2, …, k }, where the edges are ordered starting with highest capacity to the lowest. Therefore, finding either maxima is equivalent to finding the best value of , which can be completed in linear time.


Note that since , then a lower bound on is


We now begin with a few observations about router best responses:

  1. For a policy pair , if for all , then , and the router has no incentive to deviate. If satisfies (5), then is both a SE and a NE.

  2. For a policy pair , if for all , then , the lower bound in (12). Thus the router has no incentive to deviate. If also satisfies (5), then is both a SE and a NE.

  3. For a policy pair , if there exist such that and , then (4) is not satisfied. Therefore, is not a NE.

We now proceed with proving Theorem 2. To that end, consider the routing policy , where


We first show that is feasible. Let be the largest set in . Then if and only if


where we define . Since this is true, it follows that


thus is feasible.

Note that if satisfies (10), then for any allowable attack , for all . Hence by observation 1, is a SE and a NE. Since must hold for any SE, we conclude that .

We now turn our attention the case in (11). To this end, consider the routing policy , where


This policy is feasible, which can be shown using a similar argument as that given above for the feasibility of . If satisfies (11), then for any allowable attack , for all . By observation 2, is a SE and a NE. Since for any SE, we conclude that .

Suppose that does not satisfy (10). Let and denote . Then


Here we have omitted some of the algebra to allow for space constraints. If minimizes the expression in the righthand side of (21), then there exists an such that . Since , it must be true that for any SE , there must be an edge where .

Suppose that does not satisfy (11). Let and denote . Then


where again we have omitted the algebra for the sake of space. If minimizes the rightmost expression in (22), then there must exist an attack policy where . Since , it must be true that for any SE , there must be an edge where . Therefore, by observation 3 we conclude that when satisfies neither (10) nor (11), no NE can exist.

Refer again to the network in Figure 1. At point , and . Here we calculate , which means that satisfies (10). Thus the router can use the policy to ensure that the attacker cannot block any traffic. By Theorem 2, this also implies that is both a SE and a NE for any . At point , and . Here we calculate , which means that satisfies (11). Thus the router can use the policy , and from Theorem 2, is a NE and SE for any . At point , and . We calculate that and , therefore does not satisfy (10) or (11). By Theorem 2, we know that no NE can exist at this point.

Fig. 2: Two parallel networks in series. We use this example to illustrate the complexities for finding SE and NE in more general networks than just parallel. For instance, one cannot simply decompose the optimal attack problem into either attacking the set of edges between and , and attacking the edges between and . Even if we limited our scope to such attacks, which set of edges to attack depends on the value of , not merely on and . See Example 2 for more details.
Example 2

Consider now the example in Figure 2, a graph where two parallel networks are connected in series. We present this as a simple example to showcase the complexities that arise when studying the SE of non-parallel networks. For more complex networks, one might think that finding a best response attack could be limited to attacking a minimal cut-set in the network. However, even in this very simple example, we show that this isn’t the case, and in fact, a best response attack will often incorporate edges of multiple cut-sets in the network. Thus investigating parallel networks in this paper gives a natural simplification of the problem in order to address the questions of interest.

In Figure 2, denote as the cut-set of edges between and and as the cut-set of edges between and . Observe that regardless of the attacker’s capability, there always exists a SE route where all edges in have the same amount of traffic routed on them. We assume in the following cases that the router always uses such a policy, and therefore, we need only focus on the routing strategy across .

Let and . If the attacker restricts its attacks to a single cut-set or , then the router can choose its policy accordingly, for instance for , and for . Note that across each cut-set, this route satisfies (2). Attacking only , the attacker can block 1 unit of traffic, but attacking only , the attacker can block 1.25 units of traffic. This may seem unintuitive, since the total capacity of is less than that of . Furthermore, the best response for the attacker is to block some traffic on and some on . For instance, the attacker could block the 1 unit of traffic on edge 1, and then block all traffic on 3 of the edges in . Assuming that the router evenly distributes the remaining 1 unit of routed traffic that arrives at node , this attack would block 1.375 units of traffic. Therefore, solving for a SE must include all attacks across multiple cut-sets.

Given these complexities with even very simple non-parallel networks, the characterizations of SE and NE in Theorem 2 only apply to parallel networks. While this class of networks is sufficiently rich to ask the questions and showcase the phenomena that are relevant to this work, future work can ask similar questions in a broader setting.

V The Value of Information

In this section, we present preliminary results about the value to the router of knowing information about the attack power . In order to do this, we introduce some notation. We define


where satisfies (3). In other words, measures how much traffic is blocked in the attacker’s best response to , given . We also define


where is a SE. Recall that for the pair the same amount of traffic will be blocked by any SE .

As an example of both these functions, consider the plot in Figure 3 for a three-link parallel network where and . For the fixed route , the gray line represents how changes as a function of . Likewise, the orange line showcases as a function of . Observe that for all values of .

V-a Limited information

We limit the router’s knowledge of by stating that the router only knows that is in some interval . In light of this uncertainty, if the router chooses policy , then we can define the risk of on interval as


Intuitively, the value represents how much more traffic the attacker is able to block because the router chose policy instead of a SE policy for that value of . Thus the risk is the maximum such value across all . In other words, this measurement of risk shows, in the worst case, the advantage that the attacker gains by the router not knowing the true value of .

As an example, consider again the plot in Figure 3. If we assume that the router has no knowledge of (i.e., ), then the risk associated with the route is the maximum difference between the gray and orange lines, which is achieved at . Therefore, in this case we see that .

It turns out that the maximization in (25) can be restricted to a finite set of points in .

Lemma 2

For a parallel network,


where is the finite set , which has at most elements.

Fig. 3: A plot showing the amount of traffic blocked by an optimal attack for a SE routing policy (orange) versus the traffic blocked when the router selects specific routing policy (regardless of the value of ). Here , and . The fixed policy represented by the gray line is . We show the values of the risk for .

The full proof is given in Appendix-A, however here we provide some intuition: consider the plot in Figure 3. The orange line, , is piecewise linear, with no line slope being greater than 1. The grey line, , is also a piecewise linear function, with lines slopes either 0 or 1. The value of the risk is incurred at , where the attacker’s best response against is to fully block edges 2 and 3. Because the two lines are piecewise linear, the largest distance must take place at one of the points of discontinuity for the gray line inside the interval .

Finally, we define the value of information to the router for an interval as the minimum amount of risk that can be incurred for any routing policy. More formally stated,


We also denote the routing policy which minimizes (27) by . This value of information is meant to reflect how valuable (i.e., how much less traffic would be blocked) if the router knew the exact value of . For instance, if , then there exists a route which satisfies (2) for any value of , thus the router does not need to know the exact value. However, when is high, knowing would allow the router to ensure that less traffic is blocked. Figure 4 shows and for a two-link network.

V-B The Value of Information in Two-Link Networks

Lemma 2 provides a numerical procedure to compute the risk for a routing policy against an attack power interval for general parallel networks. For two-link networks, this means there exists a closed-form solution for and subsequently .

Fig. 4: A plot with an example two-link parallel network that shows a graphical interpretation for . The edge capacities in the network are , and . The orange line represents how much traffic is blocked at the SE for each value of , and the gray line is how much is blocked by a best response attack against for each value of . The interval is the blue shaded region. The value of information is the maximum difference between the two lines within the blue region.
Theorem 3

Consider a two-link parallel network, where . Suppose that the router only knows that . Then the value of information is


Before proving the theorem, we first give an example to provide some intuition. Consider the plot in Figure 4. In this network, , and . If the router knows the exact value of , it can choose a SE routing policy, which will make the difference between the lines 0 at that value of . If we assume that the router only knows that , then it must choose a policy to mitigate the risk associated with that loss of information. In this scenario, the router’s best option is to use (gray line), which minimizes the maximum difference between the two lines on . The value of the routing knowing is then this minimum maximum difference, i.e., .

To prove Theorem 3, we first show that we need only consider two attacks as best response.

Lemma 3

Consider a two-link network. For any ,




In other words, there always exists a best response attack policy where either (1) the attacker puts as much attack traffic as possible on edge 1 and the reminder on edge 2 (i.e., ); or (2) vice versa (i.e., ).

Let be a best response attack policy to . If , then the lemma is trivially true. Therefore, let be an edge where , then one can create a new attack policy by redistributing as much attack traffic as possible from the other edge to . Let this amount be , so . Then and . This implies , which is at equality since is a best response. Since , we conclude the proof.

Lemma 3 allows us to only consider two attack policies when solving for the best response, but it also gives us a simple way to solve for a SE. In the two-link case, is a SE routing policy if


Observe that if then satisfies (33), since moving traffic between the edges can only increase or . We will leverage this observation to find in the following proof.

Now we prove Theorem 3, beginning with the case when . First let , and denote as the value of the maximization in (10). When , we know from the proof of Theorem 2 that . When , then , therefore by the observation above, is a SE routing policy, and .

We now let - the other possible scenario when . Here we denote as the value of the maximization in (11). When , we know from the proof of Theorem 2 that . When , then Theorem 2 also informs that there must always be an edge where , in the two-link case, one edge is fully blocked and the other has no routed traffic blocked. It follows then that , and is a SE routing policy. We conclude that when , then .

For the remainder of the proof, we consider the case where is nonempty. We leverage the following lemma which simplifies the expression for .

Lemma 4

For a two-link network, if , then for any ,


When , then we know from Lemma 3 that for any ,


From the observation made above, a SE routing policy is therefore one where , i.e., such that


satisfies (33). It follows then for any that


As argued in the proof of Lemma 2, need not be included in the maximization in (26) if and need not be included if . Therefore, our calculation of can be further simplified:


where and . This implies that the minimizing value of in (41) is halfway between and , i.e.,


which implies that .

Vi Conclusion

In this paper, we studied a particular set of network routing games, wherein the attacker has full knowledge of the router policy before choosing its own policy. We showed that choosing such a best response attack policy is an NP-Hard problem over the class of parallel networks. We showed that in such networks, a SE policy is also a NE policy when the attack either doesn’t have enough attack power to affect anything, or where the attacker can block nearly everything. We concluded with a study on two-link networks and how the router’s uncertainty of the attack power can affect how much traffic is blocked. We also gave a method for designing routing policies to be as robust as possible against such uncertainty.

Future work will focus on expanding this value of information study first to parallel networks, and then to the set of all networks. Another path is to understand, when the routing policy is not centralized, but distributed, how each router can be incentivized to use local information to determine the proper routing policy.


  • [1] M. S. Kang, S. B. Lee, and V. D. Gligor, “The crossfire attack,” in 2013 IEEE Symposium on Security and Privacy.   IEEE, 2013, pp. 127–141.
  • [2] D. Gkounis, V. Kotronis, and X. Dimitropoulos, “Towards defeating the crossfire attack using sdn,” arXiv preprint arXiv:1412.2013, 2014.
  • [3] A. Aydeger, N. Saputro, K. Akkaya, and M. Rahman, “Mitigating crossfire attacks using sdn-based moving target defense,” in 2016 IEEE 41st Conference on Local Computer Networks (LCN).   IEEE, 2016, pp. 627–630.
  • [4] D. Gkounis, V. Kotronis, C. Liaskos, and X. Dimitropoulos, “On the interplay of link-flooding attacks and traffic engineering,” ACM SIGCOMM Computer Communication Review, vol. 46, no. 2, pp. 5–11, 2016.
  • [5] A. Raj, T. Truong-Huu, P. M. Mohan, and M. Gurusamy, “Crossfire attack detection using deep learning in software defined its networks,” arXiv preprint arXiv:1812.03639, 2018.
  • [6] J. Nash, “Non-cooperative games,” Annals of mathematics, pp. 286–295, 1951.
  • [7] H. Von Stackelberg, Market structure and equilibrium.   Springer Science & Business Media, 2010.
  • [8] Y. A. Korilis, A. A. Lazar, and A. Orda, “Achieving network optima using stackelberg routing strategies,” IEEE/ACM transactions on networking, vol. 5, no. 1, pp. 161–173, 1997.
  • [9] T. Roughgarden, “Stackelberg scheduling strategies,” SIAM journal on computing, vol. 33, no. 2, pp. 332–350, 2004.
  • [10] M. Bloem, T. Alpcan, and T. Başar, “A stackelberg game for power control and channel allocation in cognitive radio networks,” in Proceedings of VALUETOOLS.   ICST (Institute for Computer Sciences, Social-Informatics and …, 2007, p. 4.
  • [11] X. He, A. Prasad, S. P. Sethi, and G. J. Gutierrez, “A survey of stackelberg differential game models in supply and marketing channels,” Journal of Systems Science and Systems Engineering, vol. 16, no. 4, pp. 385–413, 2007.
  • [12] G. Brown, M. Carlyle, J. Salmerón, and K. Wood, “Defending critical infrastructure,” Interfaces, vol. 36, no. 6, pp. 530–544, 2006.
  • [13] J. Pita, M. Jain, J. Marecki, F. Ordóñez, C. Portway, M. Tambe, C. Western, P. Paruchuri, and S. Kraus, “Deployed armor protection: the application of a game theoretic model for security at the los angeles international airport,” in Proceedings of the 7th IFAAMAS: industrial track.   International Foundation for Autonomous Agents and Multiagent Systems, 2008, pp. 125–132.
  • [14] M. Jain, J. Tsai, J. Pita, C. Kiekintveld, S. Rathi, M. Tambe, and F. Ordónez, “Software assistants for randomized patrol planning for the lax airport police and the federal air marshal service,” Interfaces, vol. 40, no. 4, pp. 267–290, 2010.
  • [15] G. G. Brown, W. M. Carlyle, J. Salmeron, and K. Wood, “Analyzing the vulnerability of critical infrastructure to attack and planning defenses,” in Emerging Theory, Methods, and Applications.   INFORMS, 2005, pp. 102–123.
  • [16] D. Korzhyk, Z. Yin, C. Kiekintveld, V. Conitzer, and M. Tambe, “Stackelberg vs. nash in security games: An extended investigation of interchangeability, equivalence, and uniqueness,”

    Journal of Artificial Intelligence Research

    , vol. 41, pp. 297–327, 2011.
  • [17] P. Paruchuri, J. P. Pearce, J. Marecki, M. Tambe, F. Ordonez, and S. Kraus, “Playing games for security: An efficient exact algorithm for solving bayesian stackelberg games,” in Proceedings of the 7th IFAAMAS-Volume 2.   International Foundation for Autonomous Agents and Multiagent Systems, 2008, pp. 895–902.
  • [18] H. Kellerer, U. Pferschy, and D. Pisinger, Knapsack problems.   Springer, Berlin, 2004.


-a Proof for Lemma 2

Fix and . Since all parameters except are fixed, we use the notation and