Robust Strategy against Unknown Risk-averse Attackers in Security Games

Stackelberg security games (SSGs) are now established as a powerful tool in security domains. In this paper, we consider a new dimension of security games: the risk preferences of the attacker. Previous work assumes a risk-neutral attacker that maximizes his expected reward. However, extensive studies show that the attackers in some domains are in fact risk-averse, e.g., terrorist groups in counter-terrorism domains. The failure to incorporate the risk aversion in SSG models may lead the defender to suffer significant losses. Additionally, defenders are uncertain about the degree of attacker’s risk aversion. Motivated by this challenge this paper provides the following five contributions: (i) we propose a novel model for security games against risk-averse attackers with uncertainty in the degree of their risk aversion; (ii) we develop an intuitive MIBLP formulation based on previous security games research, but find that it finds locally optimal solutions and is unable to scale up; (iii) based on insights from our MIBLP formulation, we develop our scalable BeRRA algorithm that finds globally ǫ-optimal solutions; (iv) our BeRRA algorithm can also be extended to handle other risk-aware attackers, e.g., risk-seeking attackers; (v) we show that we do not need to consider attacker’s risk attitude in zero-sum games.