Presentation is loading. Please wait.

Presentation is loading. Please wait.

Game Theory for Security: Lessons Learned from Deployed Applications Milind Tambe Chris Kiekintveld Richard John & teamcore.usc.edu.

Published byBeatrix Scott Modified over 9 years ago

Similar presentations

Presentation on theme: "Game Theory for Security: Lessons Learned from Deployed Applications Milind Tambe Chris Kiekintveld Richard John & teamcore.usc.edu."— Presentation transcript:

1 Game Theory for Security: Lessons Learned from Deployed Applications Milind Tambe Chris Kiekintveld Richard John & teamcore.usc.edu

2 Motivation: Infrastructure Security Limited security resources: Selective checking Adversary monitors defenses, exploits patterns LAX 50 miles

3 Game Theory: Bayesian Stackelberg Games Security allocation: (i) Target weights; (ii) Opponent reaction Stackelberg: Security forces commit first Bayesian: Uncertain adversary types Optimal security allocation: Weighted random Strong Stackelberg Equilibrium (Bayesian) NP-hard Terminal #1 Terminal #2 Terminal #1 5, -3 -1, 1 Terminal #2 -5, 52, -1 Police Adversary

4 Game Theory for Infrastructure Security: Outline Deployed real world applications Research challenges Efficient algorithms: Scale-up to real-world problems Human adversary: Bounded rationality & observations Observability: Adversary surveillance uncertainty Payoff uncertainty:.. Evaluation Algorithms: AAMAS(06,07,08,09); AAAI (08,10),...under review… Algorithmic & experimental GT: AAMAS’09, AI Journal (2010), … Observability: AAMAS’10,… Applications: AAMAS Industry track (08,09), AI Magazine (09), Journal ITM (09), Interfaces (10), Informatica (10),…

5 Deployed Applications: ARMOR & IRIS ARMOR: Randomized checkpoints & canine at LAX (August 2007) IRIS: Randomized allocation of air marshals to flights (October 2009)

6 In Progress TSA: Towards national deployment Spring’2011 GUARDS: Currently evaluation, testing Coast Guard: Pilot demonstration Boston, March 2011 Los Angeles Sheriff’s Dept: Ticketless travelers… GUARDS PROTECTAcronym

7 Outline of Presentation Deployed real world applications Research challenges Efficient algorithms: Scale-up to real-world problems Observability: Adversary surveillance uncertainty Human adversary: Bounded rationality, observation power Payoff uncertainty: Payoffs not point values; distributions Evaluation

8 Efficient Algorithms Challenges: Combinatorial explosions due to Defender strategies: Allocations of resources to targets E.g. 100 flights, 10 FAMS Attacker strategies: Attack paths E.g. Multiple attack paths to targets in a city Adversary types: Adversary strategy combination

9 Scale-up: Defender actions Scale-up: Attacker actions Scale-up: Attacker types Domain structure exploited Exact or Approx Type of equilibrium Algorithm Low MediumNone ApproxSSEASAP 2007 Low MediumNone ExactSSE DOBSS 2008 Low MediumNone Exact rationality, observation COBRA 2009 MediumLow High ( Security game, 1 target ) ExactSSEORIGAMI 2009 MediumLow High (Security game, 2 targets) ApproxSSEERASER 2009 MediumLow Med (Security game, N targets) ExactSSEASPEN 2010 Medium LowHigh (zero- sum, graph) ApproxSSERANGER 2010 Review 2010 ARMOR IRIS-I IRIS-II IRIS-III SCALE-UP

10 ARMOR: Multiple Adversary Types Term #1Term #2 Term#1 5, -3 -1, 1 Term#2 -5, 52, -1 Term #1Term #2 Term#1 2, -1 -3, 4 Term#2 -3, 13, -3 Term #1Term #2 Term#1 4, -2 -1,0.5 Term#2 -4, 31.5, -0.5 NP-hard Previous work: Linear programs using Harsanyi transformation 111111121121112112211211………222222 Terminal #1 3.3,-2.2 2.3,… Terminal #2 -3.8,2.6…,…

11 Mixed-integer programs No Harsanyi transformation Significantly more efficient than previous approaches at the time Multiple Adversary Types: Decomposition for Bayesian Stackelberg Games

12 Scale-up: Defender actions Scale-up: Attacker actions Scale-up: Attacker types Domain structure exploited Exact or Approx Type of equilibrium Algorithm Low MediumNone ApproxSSEASAP 2007 Low MediumNone ExactSSE DOBSS 2008 Low MediumNone Exact rationality, observation COBRA 2009 MediumLow High ( Security game, 1 target ) ExactSSEORIGAMI 2009 MediumLow High (Security game, 2 targets) ApproxSSEERASER 2009 MediumLow Med (Security game, N targets) ExactSSEASPEN 2010 Medium LowHigh (zero- sum, graph) ApproxSSERANGER 2010 Medium LowHigh (zero- sum, graph) ExactSSESubmitted 2010 ARMOR IRIS-I IRIS-II IRIS-III SCALE-UP

13 Federal Air Marshals Service Flights (each day) ~27,000 domestic flights ~2,000 international flights International Flights from Chicago O’Hare Estimated 3,000-4,000 air marshals Massive scheduling problem: How to assign marshals to flights?

14 IRIS Scheduling Tool

15 Flight Information Resources Risk Information Game Model Game Model Solution Algorithm Solution Algorithm Randomized Deployment Schedule Randomized Deployment Schedule

16 IRIS: Large Numbers of Defender Strategies Strategy 1Strategy 2Strategy 3 Strategy 1 Strategy 2 Strategy 3 Strategy 4 Strategy 5 Strategy 6 Strategy 1Strategy 2Strategy 3 Strategy 1 Strategy 2 Strategy 3 Strategy 4 Strategy 5 Strategy 6 4 Flight tours 2 Air Marshals 100 Flight tours 10 Air Marshals 6 Schedules 1.73 x 10 13 Schedules: ARMOR out of memory FAMS: Joint Strategies

17 Addressing Scale-up in Defender Strategies Security game:Payoffs depend on attacked target covered or not Target independence Avoid enumeration of all joint strategies: Marginals: Probabilities for individual strategies/schedules Sample required joint strategies: IRIS I and IRIS II But: Sampling may be difficult if schedule conflicts IRIS I (single target/flight), IRIS II (pairs of targets) Branch & Price: Probabilities on joint strategies Enumerates required joint strategies, handles conflicts IRIS III (arbitrary schedules over targets)

18 Explosion in Defender Strategies: Marginals for Compact Representation Attack 1 Attack 2 Attack … Attack 6 1,2,3 5,-104,-8…-20,9 1,2,4 5,-104,-8…-20,9 1,3,5 5,-10-9,5…-20,9 … ………… ARMOR: 10 tours, 3 air marshalsPayoff duplicates: Depends on target covered IRIS MILP similar to ARMOR 10 instead of 120 variables y1+y2+y3…+y10 = 3 Construct samples over tour combos

19 IRIS Speedups: Efficient Algorithms II FAMS Ireland FAMS London ARMOR Actions ARMOR Runtime IRIS Runtime 6,0484.74s0.09s 85,275----1.57s

20 IRIS III Next generation of IRIS General scheduling constraints Schedules can be any subset of targets Resource can be constrained to any subset of schedules Branch and Price Framework Techniques for large-scale optimization Not an “out of the box” solution

21 IRIS III: Branch and Price: Branch & Bound + Column Generation First Node: all a i  [0,1] Lower bound 1: a 1 = 1, a rest = 0 Second node: a 1 = 0, a rest  [0,1] Lower bound 2: a 1 = 0, a 2 = 1, a rest = 0 Third node: a 1,a 2 = 0, a rest  [0,1] LB last: a k = 1, a rest = 0 Not “out of the box” Bounds and branching: IRIS I Column generation leaf nodes: Network flow

22 Column Generation “Master” Problem (mixed integer program) Restricted set of joint schedules “Slave” Problem Return the “best” joint schedule to add Target 3 Target 7 … … Resource Sink Capacity 1 on all links (N+1) th joint schedule Solution with N joint schedules Minimum cost network flow: Identifies joint schedule to add

23 Results: IRIS III IRIS II IRIS III B&P

24 Modeling Complex Security Games Approach: domain experts supply the model Experts must understand necessary game inputs What information is available? Sensitive? Number of inputs must be reasonable (tens, not thousands) What models can we solve computationally?

25 Robustness We do not know exactly Strategies/capabilities Payoffs/preferences Observation capabilities … How can we take this into account? Richer models Faster algorithms to solve these models Sensitivity analysis

26 Approximating Infinite Bayesian Games Idea: replace point estimates for attacker payoffs with Gaussian distributions

27 Attacker Surveillance: Stackelberg vs Nash Defender commits first: Attacker conducts surveillance Stackelberg (SSE) Simultaneous move game: Attacker conducts no surveillance Mixed strategy Nash (NE) SSE NE = Minimax Set of defender strategies How should a defender compute her strategy? For security games with SSAS:

28 Evaluation of Real-World Applications “Application track” papers: Beyond run-time and optimality Difficult and not “Solved”! Reviewer questionsOperational perspective Do your algorithms work: are we safe? No 100% protection; only increase cost/uncertainty of attacker Turn off security apparatus for a year; compare ?? adversaries will cooperate..?? Send in a red teamNOT the right test Give us all the before/after dataSecurity sensitivities

29 So how can we evaluate?... No 100% security; are we better off than previous approaches? Models and simulations Human adversaries in the lab Expert evaluation Systems in use for a number of years: internal evaluations Future: Newer domains that allow validation in the real-world Criminologists (TSA)

30 Models & Simulations I

31 Human Adversaries In the Lab

32 Human Adversaries in the Lab ARMOR: Outperforms uninformed random, not Maximin COBRA: Anchoring bias, “epsilon-optimal”

33 Expert Evaluation I April 2008February 2009 LAX Spokesperson, CNN.com, July 14, 2010 : " Randomization and unpredictability is a key factor in keeping the terrorists unbalanced….It is so effective that airports across the United States are adopting this method."

34 Expert Evaluation II Federal Air Marshals Service (May 2010): We…have continued to expand the number of flights scheduled using IRIS….we are satisfied with IRIS and confident in using this scheduling approach. James B. Curren Special Assistant, Office of Flight Operations, Federal Air Marshals Service

35 What Happened at Checkpoints before and after ARMOR -- Not a Scientific Result! January 2009 January 3 rd Loaded 9/mm pistol January 9 th 16-handguns, 4-rifles,1-assault rifle; 1000 rounds of ammo January 10 th Two unloaded shotguns January 12 th Loaded 22/cal rifle January 17 th Loaded 9/mm pistol January 22 nd Unloaded 9/mm pistol Arrest data:

36 Deployed Applications: ARMOR, IRIS, GUARDS Research challenges Efficient algorithms: Scale-up to real-world problems Observability: Adversary surveillance uncertainty Human adversary: Bounded rationality, observation power …

37 Future Work I Protect networks (AAAI’10 under review) Adversary uncertainty (under review) Payoffs/types Surveillance … AB A?? B?

38 Future Work II: Game Theory and Human Behavior

39 Experiment result PT = Prospect theory QRE = Quantal Response Equilibrium

40 THANK YOU! tambe@usc.edu http://teamcore.usc.edu/security

Download ppt "Game Theory for Security: Lessons Learned from Deployed Applications Milind Tambe Chris Kiekintveld Richard John & teamcore.usc.edu."

Similar presentations

1 Material to Cover  relationship between different types of models  incorrect to round real to integer variables  logical relationship: site selection.

1 Material to Cover  relationship between different types of models  incorrect to round real to integer variables  logical relationship: site selection.
1 Constraint Satisfaction Problems A Quick Overview (based on AIMA book slides)

1 Constraint Satisfaction Problems A Quick Overview (based on AIMA book slides)
1 University of Southern California Keep the Adversary Guessing: Agent Security by Policy Randomization Praveen Paruchuri University of Southern California.

1 University of Southern California Keep the Adversary Guessing: Agent Security by Policy Randomization Praveen Paruchuri University of Southern California.
Randomized Sensing in Adversarial Environments Andreas Krause Joint work with Daniel Golovin and Alex Roper International Joint Conference on Artificial.

Randomized Sensing in Adversarial Environments Andreas Krause Joint work with Daniel Golovin and Alex Roper International Joint Conference on Artificial.
Game Theoretical Insights in Strategic Patrolling: Model and Analysis Nicola Gatti – DEI, Politecnico di Milano, Piazza Leonardo.

Game Theoretical Insights in Strategic Patrolling: Model and Analysis Nicola Gatti – DEI, Politecnico di Milano, Piazza Leonardo.
© 2015 McGraw-Hill Education. All rights reserved. Chapter 15 Game Theory.

© 2015 McGraw-Hill Education. All rights reserved. Chapter 15 Game Theory.
Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.

Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.
Playing Games for Security: An Efficient Exact Algorithm for Solving Bayesian Stackelberg Games Praveen Paruchuri, Jonathan P. Pearce, Sarit Kraus Catherine.

Playing Games for Security: An Efficient Exact Algorithm for Solving Bayesian Stackelberg Games Praveen Paruchuri, Jonathan P. Pearce, Sarit Kraus Catherine.
Wavelength Assignment in Optical Network Design Team 6: Lisa Zhang (Mentor) Brendan Farrell, Yi Huang, Mark Iwen, Ting Wang, Jintong Zheng Progress Report.

Wavelength Assignment in Optical Network Design Team 6: Lisa Zhang (Mentor) Brendan Farrell, Yi Huang, Mark Iwen, Ting Wang, Jintong Zheng Progress Report.
Dynamic Bayesian Networks (DBNs)

Dynamic Bayesian Networks (DBNs)
Computing equilibria of security games using linear integer programming Dima Korzhyk

Computing equilibria of security games using linear integer programming Dima Korzhyk
Adversarial Search Chapter 5.

Adversarial Search Chapter 5.
Security via Strategic Randomization Milind Tambe Fernando Ordonez Praveen Paruchuri Sarit Kraus (Bar Ilan, Israel) Jonathan Pearce, Jansuz Marecki James.

Security via Strategic Randomization Milind Tambe Fernando Ordonez Praveen Paruchuri Sarit Kraus (Bar Ilan, Israel) Jonathan Pearce, Jansuz Marecki James.
Computing Optimal Randomized Resource Allocations for Massive Security Games Presenter : Jen Hua Chi Advisor : Yeong Sung Lin.

Computing Optimal Randomized Resource Allocations for Massive Security Games Presenter : Jen Hua Chi Advisor : Yeong Sung Lin.
All Hands Meeting, 2006 Title: Grid Workflow Scheduling in WOSE (Workflow Optimisation Services for e- Science Applications) Authors: Yash Patel, Andrew.

All Hands Meeting, 2006 Title: Grid Workflow Scheduling in WOSE (Workflow Optimisation Services for e- Science Applications) Authors: Yash Patel, Andrew.
4 Feb 2004CS 3243 - Constraint Satisfaction1 Constraint Satisfaction Problems Chapter 5 Section 1 – 3.

4 Feb 2004CS Constraint Satisfaction1 Constraint Satisfaction Problems Chapter 5 Section 1 – 3.
Location Estimation in Sensor Networks Moshe Mishali.

Location Estimation in Sensor Networks Moshe Mishali.
Solving the Protein Threading Problem in Parallel Nocola Yanev, Rumen Andonov Indrajit Bhattacharya CMSC 838T Presentation.

Solving the Protein Threading Problem in Parallel Nocola Yanev, Rumen Andonov Indrajit Bhattacharya CMSC 838T Presentation.
Impact of Problem Centralization on Distributed Constraint Optimization Algorithms John P. Davin and Pragnesh Jay Modi Carnegie Mellon University School.

Impact of Problem Centralization on Distributed Constraint Optimization Algorithms John P. Davin and Pragnesh Jay Modi Carnegie Mellon University School.
1 Combinatorial Problems in Cooperative Control: Complexity and Scalability Carla Gomes and Bart Selman Cornell University Muri Meeting March 2002.

1 Combinatorial Problems in Cooperative Control: Complexity and Scalability Carla Gomes and Bart Selman Cornell University Muri Meeting March 2002.

Similar presentations

Ads by Google