Security Game with Non-additive Utilities and Multiple Attacker Resources Hello everyone, welcome to this talk about~~~ I'm a PhD student working with Prof. Ness Shroff at The Ohio State University. To begin with, what is the security game? Sinong Wang Ness Shroff SIGMETRICS 2017, UIUC
Classical Security Game Model The classical security game is two-player normal-form game between an attacker and a defender. n targets: . Pure strategies: Attacker’s pure strategy is , the attacker’s pure strategy space is simply . Defender’s pure strategy can be represented by a subset , the defender’s pure strategy space is . The classic security game model is a 2-player normal form non-zero-sum game. With one player is attacker, the other player is the defender. There exists number of n targets, each target is indexed by 1,2,…,n. The defender is assumed to have limited resources… Payoff structure: if attacker choose strategy {i} and defender choose strategy D, Attacker’s payoff: Defender’s payoff:
Classical Security Game Model Mixed strategies (Probabilistic policy) It specifies the probabilities of playing each pure strategy. Attacker and defender’s mixed strategy is a probability vector Expected utility:
Classical Security Game Model The classical security game provides a defense strategy based on following two solution concepts: Nash equilibrium (NE) Attacker and defender move simultaneously. A pair of mixed strategies forms a NE if and only if Strong Stackelberg equilibrium (SSE) Defender is in the leader’s position, attacker is in the follower’s position. Let denote attacker’s best response function to defender’s mixed strategy q, a pair of mixed strategies forms a SSE if and only if Based on~~~, we can define the following expected utility function~~ The goal of security game is to solve the following two solution concepts:
Applications of the Classical Security Game (2) IRIS in Federal Air Marshal Service (FAMS) Allocate limited number of Air Marshals to protect the flights. Defender pure strategy space: Only 100 flights and 10 air marshals yields 1013 pure strategies. Real problem size: over 27000 flights per day. [2]: Target: flights Resource: air marshal. Resource Schedules Targets The second application is the IRIS system in the FAMS. The goal is to… In this problem, [2] Tsai J, Rathi S, Kiekintveld C, et al. IRIS-A Tool for Strategic Security Allocation in Transportation Networks[J]. AAMAS 09.
Classical Security Game Model Challenges to solve the classical security game: Exponentially large defender pure strategy space. It is impossible to solve the NE by traditional Lemke–Howson algorithm. It is impossible to solve the SSE by traditional multiple Linear Programming approach (Conitzer & Sandholm 2006). From the above application domains, we can see that the difficult to solve this security game is that number of… which pose a significant challenge to the current game-solver. For example, in the… Is it possible to solve the security game in the real problem size?
Existing results Compact representation (Kiekintveld, AAMAS 09’): For example, reduce 1013 strategies to 200 strategies in FAMS. Limitation: only provide a solution based on the compact strategy. Recovering problem (Korzhyk&Conitzer, AAAI 11’): recover defender’s mixed strategy from the solution of the compact model by Birkhoff-von Neumann Theorem. Limitation: defender’s strategy space satisfies a specific condition. Unified theory in single attacker resource (Xu, EC 16’): Solving the NE/SSE of security game with single attacker resource is equivalent to solving a defender oracle problem. A unified theoretical understanding of existing results. The first work by Kiekintveld Key Question 1: what is the complexity of security game with multiple attacker resources and/or non-additive utility functions?
Existing results Security game with multiple attacker resources (Korzhyk, AAAI 13’) Attacker can simulatenously attack c targets Additive utility functions: Defender resource is homogenous: NE can be determined in O(poly(n)) time by 6-states transition algorithm. Limitation: Defender resources in most domains are heterogeneous: FAMS, Patrolling, Urban security and costly resources. Key Question 2: is it possible to compute NE efficiently in cases where defender resources are heterogeneous?
General Security Game Model Attacker choose at most c targets to attack. Pure strategies Attacker’s pure strategy is , the attacker’s pure strategy space is a uniform matroid . Defender’s pure strategy can be represented by a subset , the defender’s pure strategy space is . The expected utility is given by In the general security game model. The attacker is assumed to attack at most c targets. Bilinear form are the attacker’s and defender’s payoff matrices.
Challenges: Classic security game General security game Both exponentially large attacker and defender’s pure strategy space. Exponential number of utility functions. Classic security game General security game # Pure strategies # Utility functions From this model, we can see that the basic challenge is.. So it is hard to use the existing techniques and requrires solve this general model. Need new theory to tackle the general security game with multiple attacker resources and non-additive utilities.
Scenario I: zero-sum, non-additive, constant c The benefit (loss) of attacker is the loss (benefit) of the defender. and for any A and D. Constant c The number of attacker’s pure strategies and utility functions is poly(n). The defender’s pure strategy space is still exponentially large NE and SSE are equivalent in the zero-sum game. Computing the NE/SSE of zero-sum game can be formulated as the following minimax problem, Challenges: solving an exponential large optimization problem. The first scenario is.. The zero-sum means that… The constant c implies that… It is well known that…
Scenario I: zero-sum, non-additive, constant c Decomposable property of payoff matrix. Theorem 1. The payoff matrix can be decomposed as where are the diagonal matrices, , are binary matrices, and Na and Nd are the number of attacker and defender’s pure strategies. Nd Na One important technical result of our compact representation is the following decomposition property of payoff matrix. We show that.. Na Na Nd 1 1 1 1 0 1 0 1 0 0 1 1 0 0 0 1 ? 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 ? 1 1 1 1 ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ 1 1 0 1 0 0 ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ 0 1 0 0 1 0 ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ 0 1 0 0 0 1 ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ ⋯ 0 0 × × Na
Scenario I: zero-sum, non-additive, constant c Closed-Form expression of decomposed matrices: Diagonal matrices: Binary matrices: Index functions and that maps each pure strategy to an integer. Common utilities: Mobius transformation of original utility functions, One important technical result of our compact representation is the following decomposition property of payoff matrix. We show that..
Scenario I: zero-sum, non-additive, constant c Compact representation Based on above decomposition results , we have exp(n) variables Transformation: poly(n) variables So, based on this decomposition result, we can define…. And the isomorphic polytope… We call the isomorphic because we can show that the matrix EJK is invertible and there exists an one-one correspondence between the vertices of these two polytopes. Then we can transform the original minimax problem into the following form.. You can see that, compared with the traditional problem, we have only poly(n) of variables and the objective function has a much simpler form. Transformed polytope:
Scenario I: zero-sum, non-additive, constant c Compact representation: S is defined as the non-additive support set: projection Then we can eliminate the variables with zero coefficients in matrix Db and Dl, which is equivalent to project the original problem into a lower dimension. Here we use...to denote low-dimension polytope. Based on the result that H_a and H_d is convex, we can solve this compact minimax problem by the following linear programing problem. One basic observation in this LP is that…. vertices set of Ha poly(n) variables, possibly exponential number of constraints.
Scenario I: zero-sum, non-additive, constant c Main results of solving NE/SSE: is the binary representation of defender’s pure strategy space: Each equal to 1 if target i is covered; 0, otherwise S is the non-additive support set. Theorem 2. There is a poly(n) time algorithm to compute the NE/SSE for zero-sum security games with constant c, if and only if the follow defender oracle problem (DOP) can be solved in poly(n) time. Our main result in this scenario is following:…. Here the decision variables are a n-dimensional binary vector, and S is defined as…, which consists of all the pure strategies with non-zero common utilities defined as the M transformation of.. One special case is following: when all utility functions are additive, we can show that the support set S is simply the target set, and the original DOP will degenerate to the following linear program over epsilon. This result is similar with Xu’s result but extend to multiple attacker resources. Solving the NE/SSE with multiple attacker resources and non-additive utility functions is NP-hard.
Scenario I: zero-sum, non-additive, constant c The main technical development Moibus transform poly(n) vertex mapping Zeta transform The main technical development consists of three steps… Ellipsoid method (Grotschel&Lovász,81’) Separation Oracle for Hd
Scenario II: non-zero-sum, additive, arbitrary c When attacker has single resource, the previous work (Yin, 12’) utilizes a non-linear transformation to construct an equivalent (NE) zero-sum game. However, this is not the case for the multiple attacker resources. Several counter examples have been constructed (Korzhyk 12’). The attacker can attack arbitrary number of targets (both players’ strategy space can be exponentially large). The last scenario is the non-zero-sum game but suppose additive utility functions and arbitrary number of attacker resources. It is well known that.. In this case, both players pure strategy space is exponential large but number of utility function is polynomial number due to the additive assumption. Exponentially large
Scenario II: non-zero-sum, additive, arbitrary c A nice property under additive assumption. Lemma. If the utility functions are additive, the common utility functions satisfy The non-additive support set ? 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 S={1,2,…,n}=[n]. n non-zero elements The last scenario is the non-zero-sum game but suppose additive utility functions and arbitrary number of attacker resources. It is well known that.. In this case, both players pure strategy space is exponential large but number of utility function is polynomial number due to the additive assumption. Theorem 3. There is a poly(n) time algorithm to compute the NE of security game in scenario II, if and only if the DOP can be solved in poly(n) time. It is possible to compute NE efficiently in cases where defender resources are heterogeneous.
Scenario II: non-zero-sum, additive, arbitrary c The structure of : LAX airport checkpoint deployment problem: DOP is a uniform matroid, recover the results of (Korzhyk 13’) in multiple attacker resource scenario. Geographic constrained patrolling problem: DOP is a weighted bipartite matching problem, we can solve it in poly(n) time. Finally, let’s discuss some application of our theoretical framwork. Resources (police) Targets (route)
Scenario II: non-zero-sum, additive, arbitrary c The structure of : Federal air marshal scheduling problem: DOP is a maximum weighted coverage problem, we can solve it in poly(n) time in some cases; while NP- hard in other cases. Costly defense resources: DOP is a knapsack problem, NP-hard, but can be solved in Pseudo-polynomial time. Air marshals Schedules Finally, let’s discuss some application of our theoretical framwork. Flights
Single attacker resources Multiple attacker resources Conclusions Scenarios Single attacker resources Multiple attacker resources Homogenous heterogeneous Additive utility functions Zero-sum SSE,NE[3][4][5][6] SSE,NE[7] SSE,NE Non-zero-sum SSE [5],NE [3][4] Non-additive utility functions / SSE Conclusions: We proposed a completely new theoretical framework to answer the open questions proposed by the security game community. We significantly extend both the polynomial solvable and NP-hard classes. [3] C. Kiekintveld, et al. Computing optimal randomized resource allocations for massive security games. AAMAS 09’ [4] Dmytro Korzhyk, et al. Stackelberg vs. nash in security games, Journal of Artificial intelligence 13’ [5] Haifeng Xu. The mysteries of security games: Equilibrium computation becomes combinatorial algorithm design. EC 16’ [6] Joshua Letchford et al. Solving security games on graphs via marginal probabilities. AAAI, 13’ [7] Dmytro Korzhyk et al. Security games with multiple attacker resources. IJCAI 13’
Thanks Q&A https://u.osu.edu/sinong/ Thank you very much for your attention and here is the QR code of our wall paper. https://u.osu.edu/sinong/
Applications of the Classical Security Game (1) ARMOR in Los Angeles International Airport [1]: The first deployed game theory-based security system (since 2007). Allocate limited vehicle checkpoints and canine units to roads and terminals. Defender pure strategy space: 800 defender pure strategies in real system. NE/SSE can be efficiently determined by standard algorithms. check point canie patrol Target: roads and terminals Resource: vehicles and cannie units The first application is the famous ARMOR system in protecing the LAX… The goal is to…. In this problem…. [1] Pita J, Jain M, Marecki J, et al. Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport. AAMAS 08.
Scenario III: non-zero-sum, additive, arbitrary c Main technical development Strategy profile is a NE of non-zero-sum and additive security game. Transformation and projection Compact representation Affine transformation n-dimensional saddle point problem The main technical steps consists of following four steps. Sion’s minimax theorem Linear program Reduced to DOP