Non-Additive Security Games

Security agencies have found security games to be useful models to understand how to better protect their assets. The key practical elements in this work are: (i) the attacker can simultaneously attack multiple targets, and (ii) different targets exhibit different types of dependencies based on the assets being protected (e.g., protection of critical infrastructure, network security, etc.). However, little is known about the computational complexity of these problems, especially when there exist dependencies among the targets. Moreover, previous security game models do not in general scale well. In this paper, we investigate a general security game where the utility function is defined on a collection of subsets of all targets, and provide a novel theoretical framework to show how to compactly represent such a game, efficiently compute the optimal (minimax) strategies, and characterize the complexity of this problem. We apply our theoretical framework to the network security game. We characterize settings under which we find a polynomial time algorithm for computing optimal strategies. In other settings we prove the problem is NP-hard and provide an approximation algorithm. Introduction The nature of resource allocation in practical security games often results in exponentially many pure strategies for the defender, such that the defender’s optimal mixed strategy is hard to solve. In the past few years, several works have tried to resolve this issue from both theoretical and practical perspectives (Kiekintveld et al. 2009; Korzhyk, Conitzer, and Parr 2010; Jain et al. 2011; Letchford and Conitzer 2013; Xu et al. 2014; Xu 2016). A common restriction in these works is to either assume that the attacker only attacks one target, or that different targets are independent. The latter implies that the payoff of a group of targets is the sum of the payoffs of each one (Korzhyk, Conitzer, and Parr 2011). In practice, there exists various dependencies among the targets such that attacking one target will influence the others. Traditional models that ignore the inherent synergistic effects among the targets could lead to catastrophic consequences (Buldyrev et al. 2010). Motivated by this phenomenon, some recent works have investigated the security game with dependent targets (Shakarian, Lei, and Lindelauf 2014; Vorobeychik and Letchford 2015). Copyright c © 2017, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved. However, these works are limited to specific dependencies and provide neither a systematic understanding of complexity properties, nor an efficient algorithm. For example, Shakarian et al. (2014) assumes that the attacker and defender can choose a subset of nodes in a power grid and their utilities are dependent on the set of disconnected loads. They show that the defender best response problem (DBR) can be solved in polynomial time if the attacker attacks at most one target, while NP-hard in other cases. However, their complexity results cannot be easily reduced to the complexity of determining the defender’s mixed strategies. In this paper, we introduce a new security game, which we call the Non-additivity Security Game (NASG). It is a nonzero-sum game including two players the defender and attacker, and n targets, denoted by [n] = {1, 2, . . . , n}. We model various dependencies among the targets by defining the strategy of each player as a subset of [n] and adopt a general set function as the utilities. Specifically, the attacker obtains benefits for successfully attacked targets and pays a cost for its strategy. Also, the defender will lose benefits for those targets and also pays a cost. A critical feature of the NASG is that the benefit and cost for several targets is not the summation of each target’s utility, instead, it is dependent on the specific combination of targets.. At a high level, the main challenge of NASG is that both the size of the strategy space and the number of utility functions are Θ(2). We are interested whether the following well understood questions in the case of additive utility functions can be addressed under the non-additivity assumption. • How to compactly represent the NASG and how to efficiently compute the mixed strategies of NASG? • What is the complexity of computing the mixed strategies of NASG? To answer these questions, we make the following contributions: (1) We provide the conditions for compactly representing the NASG and prove that there exists poly(n) number of variables in the compact model if the number of non-additive utility functions is poly(n). The main technique is isomorphism and projection of a polytope. (2) We design an algorithmic framework to efficiently compute the mixed strategies for NASGs by reducing the original problem to an oracle problem. The main technique is to design a polynomial-time vertex mapping algorithm from the lowdimensional polytope to a simplex; (3) We prove that the above oracle problem and the computation of mixed strategies of NASG can be reduced to each other in polynomialtime under a reasonable restriction. Furthermore, we show that such an oracle problem is a problem of maximizing a pseudo-boolean function; (4) Finally, we apply our theoretical framework to the network security game. We provide polynomial-time algorithms for some kinds of networks and security measures, while for the general case, we show the NP-hardness and propose an approximation algorithm. All the proofs in this paper are left to the supplemental material due to space constraints. Problem Description and Preliminary We begin by defining the NASG as a two-player normalform non-zero-sum game. Players and targets: The NASG contains two players (a defender and an attacker), and n targets, indexed by set [n] , {1, 2, . . . , n}. Strategies and utility functions: A pure strategy for each player is a subset of [n]. In the general case, we consider the complete pure strategy space of attacker and defender, defined as the power set 2 , {V |V ⊆ [n]}, denoted by A and D, respectively. So there are N , 2 pure strategies for both players. Let set function Ca(·) : A → R and Cd(·) : D → R be the attacker’s and defender’s cost function, respectively, and the set function B(·) : A → R be the benefit function. Remark 1. Traditional models do not consider a cost function, instead, they assume that there exists a resource constraint such that certain strategies, i.e., subsets of [n], are restricted. In our paper, we explicitly consider the cost function but do not have such resource constraints1. In cybersecurity applications, security resources are available for a cost and can be used to replace resource constraints, as illustrated in (Vorobeychik and Letchford 2015). {B(A), Ca(A), Cd(A)|A ∈ A} = |A| = |A| = O(2) Tie-breaking Rule: When the attacker and defender choose strategy A ∈ A and D ∈ D, targets in the set A\D are successfully attacked by the attacker. Moreover, both players pay the cost for their strategy, and the attacker’s and defender’s payoff is given by [B(A\D) − Ca(A)] and [−B(A\D)− Cd(D)], respectively.