In this work, we use a network to capture the relationships and interactions within a group of individuals, e.g., it serves as the medium for the spread of infectious disease or computer worms. To model diffusion dynamics of an emerging infectious disease or computer worms within the underlying network, we adopt a simple and intuitive model called the Independent Cascade Model (IC). This model was originally proposed in interacting particle systems [Durrett1988, Liggett2012]
from probability theory, and it has been widely used to capture the diffusion dynamics in many domains such as viral marketing.
Due to incomplete knowledge of attackers’ profile and plan, it is extremely difficult, if not impossible to predict their attacking strategy. Notice that under IC model, the propagation probability on each edge plays an important role in predicting the diffusion process of an attack. Therefore, the attacker has strong incentive to manipulate this parameter by purposely affecting individuals’ interaction preferences, and hence network structure. In the example of spreading infectious disease, this could be done by creating certain events, such as a party, to change the frequency and distribution of individuals’ interactions within a network. Take the spread of computer worms as another example, the attacker could send some phishing email to the victim, indicating that successfully forwarding a virus-infected file to her friends could earn her some rewards. This somewhat changes the propagation probabilities between friends. In addition, the skillful attackers could adjust their strategy according to our current monitoring strategy. In this work, we assume that an attacker can launch an attack by (1) distributing a limited number of seeds to the social network, and/or (2) manipulating the propagation probabilities on a limited number of edges. Take the spread of computer worms as one example. Our model aims to capture the most powerful attacker, we can simply set that adjustable interval to be empty for those weaker attackers. All these have made it extremely challenging to design a robust monitoring strategy. On the defender’s side, we are allowed to select a limited number of individuals as monitors, such that the attack can be detected as long as at least one of those monitors have been infected. We aim at designing the optimal selection of monitors to monitor the outbreak.
In this work, we introduce and study the -Monitoring game. We say a monitoring strategy succeeds if either of the following conditions are satisfied: (1) the outbreak fails to reach individuals, or (2) the outbreak has been detected before reaching individuals. The ultimate goal is to find a monitoring strategy that can maximizes the expected gain in the worst-case. Our work is built upon recent work in security games, and we propose using an algorithmic framework of double-oracle methods to solve our problem.
The main contributions are summarized as follows.
(1) A major contribution of this work is introducing a new problem, -outbreak monitoring, that combines recent research in security games and in influence maximization. The framework and method developed in this paper can be applied to a broad range of domains involving monitoring intentional outbreaks in a network such as cyber malware or rumor spread.
(2) Drawing from existing studies on security games, we propose using an algorithmic framework of double-oracle methods. We propose algorithms for both the defender’s and the attacker’s oracle problems, which are used iteratively to provide pure-strategy best responses for both players. We present NP-hardness proofs for the defender oracle problem, and propose an approximation algorithm to solve it.
2 Related Work
Our work is closely related to competitive influence maximization and rumor blocking [Bharathi et al.2007, Borodin et al.2010, He et al.2012, Tsai et al.2012, Howard2010]. However, our problem is different in three ways: (1) Attacker’s primary objective is beyond simply maximizing the number of infections. It is equally important to avoid being detected at early stage. (2) Defender’s objective is focusing on outbreak detection instead of blocking. (3) We consider a different, possibly the strongest, attacker model. First of all, we assume that the attacker can select the seeds and manipulate the propagation probability on some edges. Most existing works assume that the attacker can only select a few seeds. Secondly, we treat the choice of attacker’s strategy as adversarial rather than stochastic. Rather than one-player models, we are interested in generating equilibrium strategy.
Many existing work in security game focus on domains that were modeled as graphs [Basilico and Gatti2011, Jain et al.2011, Halvorson et al.2009, Haghtalab et al.2015]. Another closely related work is [Haghtalab et al.2015], their objective is to select a group of monitors that maximizes the detection probability of an outbreak before it reaches a target, however they focus on finding a pure strategy without featuring probabilistic components. In addition, they do not allow the attacker to manipulate the propagation probabilities. We are the first to study the adversarial outbreak monitoring problem that combines recent research in security games and in influence maximization.
3 Diffusion Model and Problem Formulation
3.1 Network and Diffusion Model
In this work, we represent the social network using a directed graph . We use node set to represent the set of individuals and edge set to capture the relationships and interactions within a group of individuals, and serves as the medium for the spread of (infections) disease. To model diffusion dynamics of an emerging disease within the underlying social network, we adopt a simple and intuitive model called the Independent Cascade Model. The basic IC model can be roughly described as follows: The entire diffusion process starts with an initial set of infected nodes , called seeds, which could be intentionally selected by the attacker, and it unfolds in discrete steps in an randomized manner as follows. When node first becomes infected in step , it has a single chance to infect each currently un-infected neighbor ; it succeeds with a probability , a parameter called propagation probability. If succeeds, then will become infected in step , and the process is iterated till no more infections are possible. In the rest of this paper, let
denote the propagation probability vector. One natural extension of this model is calledrepeated independent cascade model, in which infected nodes remain active in all subsequent rounds, i.e., it attempts to infect all its uninfected neighbors in each round. All results derived in this paper can be extended to repeated independent model.
3.2 ()-Monitoring Game
We formulate the monitoring problem as a leader-follower Stackelberg game. The defender (security agencies) acts first and the attacker (terrorists) observes the defender’s strategy and then responds to it.
Attacker’s Strategies. We assume that the attacker can decide the distribution of seeds as well as adjust the propagation probability on some edges for its own benefit. Since it is not equally easy to adjust the propagation probabilities on different edges, we introduce the Adjustable Interval model [He and Kempe2014] to capture to what extent this information can be manipulated on different edges. In particular, the propagation probability on each edge is associated an adjustable interval, e.g., we use interval to present possible values of that can be chosen by the attacker. The attacker’s pure strategy is composed of two parts, the first part is to choose up to seeds, and in the second part, the attacker can manipulate the propagation probabilities on up to edges subject to each one’s adjustable interval. Let denote the strategy space of the attacker, thus the attacker’s pure strategy can be represented as where is the set of seeds that have been selected under pure strategy , and is the manipulated propagation probability under pure strategy . For ease of presentation, we call the attack launched under strategy as attack , and the resulting outbreak as outbreak
. A mixed attacker strategy is a probability distribution over pure strategies, i.e.,with representing the probability that is selected.
Defender’s Strategies. The defender’s pure strategy is to select up to monitoring nodes , called monitors, where is the defender’s strategy space, composing of all subsets of nodes with size no more than . We say an outbreak is detected by monitors if and only if at least one node from is infected by that outbreak. A mixed defender strategy is a probability distribution over pure strategies, i.e., with representing the probability that is selected.
The attacker has two potentially conflicting objectives. On the one hand, the attacker wants to maximize its impact by causing a greater spread of infection, on the other hand, it is equally important for the attacker to minimize the likelihood to be detected before it reaches that goal. To capture this tradeoff, we introduce the )-Monitoring Game, where and are two integers belonging to . We first define the -level outbreak as follows.
Definition 1 (-level Outbreak)
An -level outbreak is any outbreak that infects more than individuals.
-level measures the maximum impact of an outbreak if it has not been detected or stopped, a larger implies a greater spread of infection. We next formally define the utility model under )-Monitoring Game. As in most existing works, we assume a zero-sum game.
Definition 2 ()-Monitoring Game)
Given both players’ strategies and
The attacker’s utility is defined as the probability that an -level outbreak has been successfully launched and it has not been detected before reaching individuals.
The defender’s utility is defined as the probability that either the outbreak fails to reach individuals or it has been detected before reaching individuals.
We next briefly discuss two special cases in order to give a better illustration of our model. The first special case is when . Under this model, the attacker has minimum requirement on the impact of the attack, thus it poses even greater challenge on the defender’s side since the only goal of the attacker is to avoid the detection. As discussed later, one immediate observation is that the attacker will never choose more than one seed since it can only increase the likelihood to be detected. Another special case is when . This setting again pose the greatest challenge on the defender’s side. Regardless of the value of , the only way to defeat the attacker is to detect the outbreak at the very beginning. Typically, we require that is smaller than in order to compensate the reaction delays after the outbreak has been detected.
Equilibrium. Given both players’ pure strategies and , let denote the utility function of the defender given both players’ pure strategies and , i.e., the probability that either the outbreak fails to reach individuals or it has been detected by before reaching individuals.The objective is to find the mixed strategy of the defender, corresponding to a Nash equilibrium of this monitoring game. Given the zero-sum assumption, i.e., the defender maximizes her minimum utility, the Stackelberg equilibrium is the same as the maximin equilibrium. Thus the optimal mixed defender strategy
can be computed by solving the following linear program (LP).Maximize subject to:
This LP has variables which could easily be exponential in the number of nodes, and the attacker strategy space could be infinite because each edge is associated with a continuous adjustable interval. In the rest of this paper, we develop a double oracle based algorithm to solve the above LP effectively.
4 Double-Oracle Approach
In this section, we present KNIGHT, a double-oracle based algorithm for solving monitoring games. We also analyze the computational complexity of determining best responses for both the defender and the attacker. As subroutines of KNIGHT, we give the algorithms to compute the optimal or near-optimal responses for both players.
The double oracle framework [McMahan et al.2003] first computes the equilibrium strategy for a smaller restricted game and then computes improving strategies for both players iteratively and eventually converges to a global equilibrium. Thus the key challenge reduces to computing the optimal or near-optimal responses for both players, which are called defender oracle and attacker oracle, respectively.
KNIGHT is listed in Algorithm 1. is the set of defender strategies generated so far, and is the set of attacker strategies generated so far. CoreLP() computes an equilibrium of the two-player zero-sum game consisting of the restricted set of pure strategies and , generated so far. The equilibrium over restricted strategy space can be solved efficiently as the strategy space is small. CoreLP returns , which are the current equilibrium mixed strategies for the defender and the attacker over and , respectively. The defender oracle (DO) generates a defender monitors that is a near best response for the defender against . Notice that is selected from all possible monitoring sets , which is not restricted to . The attacker oracle (AO) computes the best configuration against .
KNIGHT starts with a significantly small set of pure strategies for each player, and then expands these sets iteratively by applying the AO and DO to the current solution. Convergence is achieved when no improving strategy can be found for both players. Assume that both AO and BO can find the best response against the other player’s current strategy, the solution obtained is optimal to the original problem. However, the above assumption does not hold in this work since it is NP-hard to find the best response for the defender, we develop an approximate DO that leads to an near optimal solution to the original problem.
We first introduce the CoreLP, that is used to compute an equilibrium of the two-player zero-sum game consisting of the restricted set of pure strategies and . The standard formulation for computing a maximin strategy for the defender in a two-player zero-sum game is listed as follows.CoreLP(): Maximize subject to:
The dual of CoreLP is listed as follows.Dual of CoreLP(): Minimize subject to:
Recall that is the probability that either the outbreak fails to reach individuals or it has been detected by before reaching
individuals. If we can estimate the value ofaccurately, then CoreLP can be solved efficiently. Unfortunately, we next show that calculating the exact value of is -hard.
Calculating the exact value of is -hard, even under the special case when and .
Proof: We prove this lemma by reducing the influence estimation problem to it. The input of a influence estimation problem is a social network and a propagation probability vector . Given any source node and any target node , the objective is to calculate the probability that can be influenced or reached by under IC model. We convert an arbitrary instance of the influence estimation problem to an instance of outbreak detection problem by constructing an attacker’s strategy as , i.e., there is only one seed, and a defender’s strategy as , i.e., there is only one monitor. Since we assume that and , is the probability that the outbreak starting from can be detected by . Calculating is equivalent to calculating the probability that can be influenced or reached by in the given instance of the influence estimation problem.. It has been proved in [Chen et al.2010] that solving influence estimation problem is -hard, thus calculating the exact value of is -hard.
One standard approach to estimate is using Monte Carlo simulation, however, running such simulations are extremely time consuming. Instead, we can leverage a martingale approach developed in [Tang et al.2015] to estimate in near-linear time.
4.2 Defender Oracle
In this section, we describe the design of defender oracle. The defender oracle problem can be described as follows: generate the defender pure strategy (selecting a monitoring set) that maximizes the defender’s expected utility against a given attacker mixed strategy over .
Definition 3 (Influence Maximization Problem)
The input of an influence maximization problem is a social network and a propagation probability vector . The objective is to select a number of nodes that maximizes the expected cascade size.
The Defender Oracle problem is NP-hard, even under the special case when and .
Proof: Reduction from Influence Maximization problem to Defender Oracle: We convert an arbitrary instance of the influence maximization problem with social network and propagation probability vector to an instance of the defender oracle problem by constructing the same social network with an reversed propagation probability vector , i.e., . We next construct the attacker strategy space and attacker mixed strategy over .
Under the above setting, the defender oracle problem is to find a monitoring set that maximizes . Since we assume that and , is the probability that the outbreak under has been detected by . Because , each pure attacker strategy contains a single seed, say . Together with the setting that , we have is equivalent to the probability that is influenced by in the given instance of the influence maximization problem. Therefore find a monitoring set that maximizes under is equivalent to finding a set of nodes that maximizes the expected cascade size under .
Given a fixed attacker’s pure strategy , the defender’s utility function is submodular.
Proof: We adopt a triggering set based approach introduced in [Kempe et al.2003] to prove this lemma. Consider a point in the diffusion process under seed set , we can view the outcome of this random event as being determined by flipping a coin of bias . In particular, for each edge in , a coin of bias is flipped at the very beginning of the diffusion process. The edges for which the coin flip indicated an successful activation are declared to be live in ; the remaining edges are declared to be blocked in .
A node ends up getting infected if and only if there is a path from to consisting entirely of live edges.
Each sample point, say , in the probability space specifies one possible set of outcomes for all the coin flips on the edges. Let . We next prove that is submodular for every . Consider two monitoring sets , if the number of infected nodes under is smaller than , then . This is because the attacker fails to reach nodes, the defender always win. Thus . We next discuss the case when the number of infected nodes under is larger than .
(1) If has detected the outbreak before it reaches nodes, i.e., some node in has been infected by before it reaches nodes, then . This is because . Thus .
(2) If has not detected the outbreak before it reaches nodes, but does, then .
(3) If neither nor have detected the outbreak before it reaches nodes, consider the newly added monitor . If can not detect the outbreak before it reaches nodes either, then . Otherwise, .
Therefore , it follows that is submodular for every . Now we are ready to prove that is submodular. Since can be represented as a linear combination of , i.e., , then is submodular because the linear combination of submodular functions is submodular.
Lemma 3 together with the fact that the linear combination of submodular functions is submodular imply the following lemma.
Given an attacker’s mixed strategy , the defender’s utility function is submodular.
In the following, we propose a simple greedy algorithm (Algorithm 2), which starts with the empty set , and in each iteration , adds the node maximizing the marginal value to (ties broken arbitrarily):
A celebrated result by [Nemhauser et al.1978] proves that when the objective function is submodular, the greedy algorithm provides a constant approximation to the optimal solution. Then together with Lemma 4, we have the following theorem.
Algorithm 2 provides a (1-1/e)-factor approximation for the Defender Oracle problem.
4.3 Attacker Oracle
In this section, we describe the design of attacker oracle. The attacker oracle problem can be described as follows: generate the attacker pure strategy (selecting a seed set and a propagation probability vector ) that minimizes the defender’s expected utility against a given defender mixed strategy over .
Since and are assumed to be some constant, we can enumerate all combinations of seeds and edges in time . However, the searching space is still infinite because the adjustable interval of each edge is continuous. To tack this challenge, we next prove that our model can be reduced to an equivalent discrete space model.
Under the PI model, given a fixed defender mixed strategy , the defender’s expected utility is minimized by making each equal to or .
Proof: Pick any edge and fix the propagation probabilities of the other edges. Consider any defender pure strategy and attacker pure strategy , we define as the defender’s expected utility conditioned on the propagation probability of is . Let denote the probability that happens when the propagation probability of is . Then can be calculated as .
Inspired by [He and Kempe2016], let (resp. ) denote the set of all blocked (resp. live) edges in , then the probability for obtaining conditioned on can be calculated as:
In either case, is linear function of . Therefore the defender’s expected utility under mixed strategy , i.e., , is also a linear function of , and thus minimized at one of the endpoints of the interval.
The above lemma shows that we only need to consider of possible attacker pure strategies.
What if is large?
We next discuss the hardness of the attacker oracle problem when is large.
When is unbounded, the Attacker Oracle problem is NP-hard, even under the special case when .
Proof: This can be proved through reduction from set cover problem.
Definition 4 (Set Cover Problem)
We can represent an instance of Set Cover as a bipartite graph , where is the set of elements, and is the set of subsets of , and an edge for and means contains . The problem is to find a subset of minimize size such that all elements in are covered.
We convert an arbitrary instance of the influence maximization problem with bipartite graph to an instance of the attacker oracle problem by constructing the social network with propagation probability vector defined as follows
In the rest of the proof, we assume that . Notice that implies that there is no way for the defender to detect the outbreak on time, thus regardless of the deployment of the monitoring set, the attacker can always win as long as the outbreak reaches nodes. Therefore, the attacker oracle problem is reduced to selecting a set of seeds that maximizes the probability of reaching nodes.
We next prove that given a Set Cover instance, there exists a solution with size if and only if there exists a solution of attacker oracle instance with such that at least nodes can be reached with probability 1. Assume the Set Cover instance has a solution with size . Then every node in must be connected to some of those nodes in . Consider the attacker oracle instance, the attacker can choose those nodes as seeds to reach at least with probability , i.e., the probability that the outbreak reaches is . Conversely, if there exist seeds that can infect nodes with probability 1, then it must be the case that all seeds are from and they can infect all nodes in . It follows that those seeds can serve as a solution of the Set Cover instance.
To find the optimal solution of the Set Cover instance, we can solve the attacker oracle instance with for , and find the smallest that can reach nodes with probability , and corresponding seed set is an optimal solution of the Set Cover instance.
Improved Results when
We next discuss a special case of attacker oracle when . It is interesting to find that if there is no requirement on the scale of the outbreak, e.g, , then the attacker’s objective is reduced to creating an outbreak that is least likely to be detected. Therefore, it is always preferable for the attacker to (1) keep the number of seeds small, and (2) reduce the propagation probabilities of certain edges to their minimum level. It follows that the attacker’s best strategy is to select only one seed, e.g., , and reduce the propagation probabilities of edges to their lower ends. Then the time complexity of enumerating all attacker pure strategies is improved to .
4.4 Put It All Together
Recall that if both DO and AO can be solved optimally, then the double oracle algorithm (Algorithm 1) terminates with a solution which is guaranteed to be optimal. However, Theorem 1 shows that greedy is an -approximate DO. We next extend the optimality results to approximate oracles in the following theorem, the proof is based on Theorem 2 in [McMahan and Gordon2003].
The Double Oracle approach returns a -approximate mixed monitoring strategy.
5 Empirical Evaluation
To evaluate the performance of our monitoring strategy, we conduct extensive experiments on the Gnutella datasets [Leskovec and Krevl2014]. Gnutella is a peer-to-peer file sharing network. We simulate attacks and track the outbreaks on a snapshot of the network, with nodes and edges, where nodes represent hosts in the network topology and edges represent connections between the hosts. For independent cascade model, each edge is assigned a propagation probability randomly selected from . We set be a constant for each edge while satisfying the condition of . To obtain the value of , we leverage a martingale based approach developed in [Tang et al.2015] to get an accurate estimation in near-linear time. In our experiments, the attacker can choose up to seeds and manipulate the propagation probability of up to edges. We vary the value of , , and the budget of the defender , to examine the effect of these parameters on the quality of our solutions. To obtain statistically sound results, we run the simulation rounds for each parameter setting, and the average value is reported in the following.
Figure 1 shows the comparison of the expected utility of the defender under different levels of an attack. Recall that an -level outbreak infects more than individuals without being controlled. In a particular network, a larger indicates a higher chance for the defender to win the game, since the offender has to infect more individuals to complete the attack. In our experiments, we vary the value of from to , where denotes the number of nodes in the network and for our dataset. As expected, we observe that the expected utility of the defender increases as increases. We also examine the effect of on the expected utility. As shown in the figure, the expected utility is increasing with . This is because, as increases, the defender can tolerant a larger spread of the attack in the network, leading to a higher chance of detecting the attack with a specific number of monitoring nodes. We also observe that as the budget of the defender increases from to , the expected utility also increases, for the reason that with a higher budget, more monitoring nodes can be deployed to detect the attack, which leads to a higher chance for the defender to win the game.
In this work, we introduce and study the -Monitoring game. Our goal is find a mixed monitoring strategy that maximizes the expected gain from the defender’s side. We study this problem under adversarial model without knowing attacker’s strategy. To tackle this problem, we propose a novel monitoring strategy based on an algorithmic framework of double-oracle methods. We iteratively produce a single player’s best-response to the opponent’s strategy, and add those strategies to the restricted game for the next iteration. If both player’s best-responses can be computed in each iteration, then this approach terminates with a solution which is guaranteed to be optimal. Our adversarial setting leads to a robust solution in practice.
- [Basilico and Gatti2011] Nicola Basilico and Nicola Gatti. Automated abstractions for patrolling security games. In AAAI, 2011.
- [Bharathi et al.2007] Shishir Bharathi, David Kempe, and Mahyar Salek. Competitive influence maximization in social networks. In International Workshop on Web and Internet Economics, pages 306–311. Springer, 2007.
- [Borodin et al.2010] Allan Borodin, Yuval Filmus, and Joel Oren. Threshold models for competitive influence in social networks. In International Workshop on Internet and Network Economics, pages 539–550. Springer, 2010.
- [Chen et al.2010] Wei Chen, Chi Wang, and Yajun Wang. Scalable influence maximization for prevalent viral marketing in large-scale social networks. In Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 1029–1038. ACM, 2010.
- [Durrett1988] Richard Durrett. Lecture notes on particle systems and percolation. Brooks/Cole Pub Co, 1988.
- [Haghtalab et al.2015] Nika Haghtalab, Aron Laszka, Ariel D Procaccia, Yevgeniy Vorobeychik, and Xenofon Koutsoukos. Monitoring stealthy diffusion. In Data Mining (ICDM), 2015 IEEE International Conference on, pages 151–160. IEEE, 2015.
- [Halvorson et al.2009] Erik Halvorson, Vincent Conitzer, and Ronald Parr. Multi-step multi-sensor hider-seeker games. In IJCAI, volume 9, pages 159–166, 2009.
- [He and Kempe2014] Xinran He and David Kempe. Stability of influence maximization. In Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 1256–1265. ACM, 2014.
- [He and Kempe2016] Xinran He and David Kempe. Robust influence maximization. In Proceedings of the 22Nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD ’16, pages 885–894, New York, NY, USA, 2016. ACM.
- [He et al.2012] Xinran He, Guojie Song, Wei Chen, and Qingye Jiang. Influence blocking maximization in social networks under the competitive linear threshold model. In SDM, pages 463–474. SIAM, 2012.
- [Howard2010] Nicholas Jacob Howard. Finding optimal strategies for influencing social networks in two player games. PhD thesis, Massachusetts Institute of Technology, 2010.
- [Jain et al.2011] Manish Jain, Dmytro Korzhyk, Ondřej Vaněk, Vincent Conitzer, Michal Pěchouček, and Milind Tambe. A double oracle algorithm for zero-sum security games on graphs. In The 10th International Conference on Autonomous Agents and Multiagent Systems-Volume 1, pages 327–334. International Foundation for Autonomous Agents and Multiagent Systems, 2011.
- [Kempe et al.2003] David Kempe, Jon Kleinberg, and Éva Tardos. Maximizing the spread of influence through a social network. In Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining, pages 137–146. ACM, 2003.
- [Leskovec and Krevl2014] Jure Leskovec and Andrej Krevl. SNAP Datasets: Stanford large network dataset collection. http://snap.stanford.edu/data, June 2014.
- [Liggett2012] Thomas Liggett. Interacting particle systems, volume 276. Springer Science & Business Media, 2012.
H Brendan McMahan and Geoffrey J Gordon.
Planning in cost-paired markov decision process games.In NIPS Workshop: Planning for the Real-World, volume 3, 2003.
- [McMahan et al.2003] H Brendan McMahan, Geoffrey J Gordon, and Avrim Blum. Planning in the presence of cost functions controlled by an adversary. In ICML, pages 536–543, 2003.
- [Nemhauser et al.1978] George L Nemhauser, Laurence A Wolsey, and Marshall L Fisher. An analysis of approximations for maximizing submodular set functions i. Mathematical Programming, 14(1):265–294, 1978.
- [Tang et al.2015] Youze Tang, Yanchen Shi, and Xiaokui Xiao. Influence maximization in near-linear time: A martingale approach. In Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data, pages 1539–1554. ACM, 2015.
- [Tsai et al.2012] Jason Tsai, Thanh Hong Nguyen, and Milind Tambe. Security games for controlling contagion. In AAAI, 2012.