An Iterative Security Game for Computing Robust and Adaptive Network Flows

The recent advancement in cyberphysical systems has led to an exponential growth in the use of automated devices which in turn has created new security challenges. By manipulating cyberphysical components, a potential attacker can modify the capacities of multiple edges so as to disrupt the network of interest. Existing robust network flow models typically assume that the entire flow of an attacked edge gets lost. However, in many practical systems, the flow of an attacked edge could potentially be rerouted through adjacent edges with residual capacity. In order to address this feature, we propose a robust and adaptive network flow model to effectively counter possible attacking behaviors of an adversary operating under a budget constraint. Specifically, we introduce a novel scenario generation approach based on an iterative two-player game between a defender and an adversary. We assume that the adversary always takes a best response (out of some feasible attacking scenarios) against the current flow scenario prepared by the defender. On the other hand, we assume that the defender considers all the attacking behaviors revealed by the adversary in previous iterations in order to generate a new robust (maximin) flow strategy. This iterative game continues until the objectives of both the players converge. We show that the robust and adaptive network flow problem is NP-hard and that the complexity of the adversary's decision problem grows exponentially with the network size and the adversary's budget value. We propose two principled heuristic approaches for solving the adversary's problem at the scale of a large urban network. Extensive computational results on multiple synthetic and real-world data sets demonstrate that the solution provided by the defender's problem significantly increases the amount of flow pushed through the network over four state-of-the-art benchmark approaches.

[1]  Patrick Jaillet,et al.  Models and Algorithms for Stochastic and Robust Vehicle Routing with Deadlines , 2016, Transp. Sci..

[2]  Bo An,et al.  Deploying PAWS: Field Optimization of the Protection Assistant for Wildlife Security , 2016, AAAI.

[3]  Jonathan Cole Smith,et al.  Exact algorithms for solving a Euclidean maximum flow network interdiction problem , 2014, Networks.

[4]  J. W. Herrmann,et al.  Game-Theoretic Analysis of Attack and Defense in Cyber-Physical Network Infrastructures , 2012 .

[5]  Donald Goldfarb,et al.  A computational comparison of the dinic and network simplex methods for maximum flow , 1988 .

[6]  D. R. Fulkerson,et al.  Maximal Flow Through a Network , 1956 .

[7]  Saurabh Amin,et al.  Security of Transportation Networks: Modeling Attacker-Defender Interaction , 2018, ArXiv.

[8]  Marcin Dziubinski,et al.  Network Design and Defence , 2012, Games Econ. Behav..

[9]  A. Ben-Tal,et al.  Adjustable robust solutions of uncertain linear programs , 2004, Math. Program..

[10]  Avrim Blum,et al.  Planning in the Presence of Cost Functions Controlled by an Adversary , 2003, ICML.

[11]  Ebrahim Nasrabadi,et al.  Robust and Adaptive Network Flows , 2013, Oper. Res..

[12]  Milind Tambe,et al.  STREETS: Game-Theoretic Traffic Patrolling with Exploration and Exploitation , 2014, AAAI.

[13]  James B. Orlin,et al.  A polynomial time primal network simplex algorithm for minimum cost flows , 1996, SODA '96.

[14]  Sarit Kraus,et al.  Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport , 2008, AAMAS.

[15]  Melvyn Sim,et al.  The Price of Robustness , 2004, Oper. Res..

[16]  Gerald G. Brown,et al.  Defending Critical Infrastructure , 2006, Interfaces.

[17]  Melvyn Sim,et al.  Robust discrete optimization and network flows , 2003, Math. Program..

[18]  Saurabh Amin,et al.  Signaling Game-based Misbehavior Inspection in V2I-enabled Highway Operations , 2018, 2018 IEEE Conference on Decision and Control (CDC).

[19]  R. Kevin Wood,et al.  Shortest‐path network interdiction , 2002, Networks.

[20]  Sepehr Assadi,et al.  The Minimum Vulnerability Problem , 2014, Algorithmica.

[21]  Wai Yuen Szeto Routing and scheduling hazardous material shipments: Nash game approach , 2013 .

[22]  Gerald G. Brown,et al.  Solving Defender-Attacker-Defender Models for Infrastructure Defense , 2011, ICS 2011.

[23]  Alper Atamtürk,et al.  Two-Stage Robust Network Flow and Design Under Demand Uncertainty , 2007, Oper. Res..

[24]  Michal Pióro,et al.  SNDlib 1.0—Survivable Network Design Library , 2010, Networks.

[25]  Shapour Azarm,et al.  Multiobjective Collaborative Robust Optimization With Interval Uncertainty and Interdisciplinary Uncertainty Propagation , 2008 .

[26]  Richard L. Church,et al.  Protecting Critical Assets: The r-interdiction median problem with fortification , 2007 .

[27]  Alexandre M. Bayen,et al.  On Cybersecurity of Freeway Control Systems: Analysis of Coordinated Ramp Metering Attacks , 2015 .

[28]  Gerald G. Brown,et al.  Operational Models of Infrastructure Resilience , 2015, Risk analysis : an official publication of the Society for Risk Analysis.

[29]  Gilbert Laporte,et al.  A game theoretic framework for the robust railway transit network design problem , 2010 .

[30]  Milind Tambe,et al.  Urban security: game-theoretic resource allocation in networked physical domains , 2010, AAAI 2010.

[31]  Dimitris Bertsimas,et al.  On the Power of Robust Solutions in Two-Stage Stochastic and Adaptive Optimization Problems , 2010, Math. Oper. Res..

[32]  Zhi-Quan Luo,et al.  Robust adaptive beamforming using worst-case performance optimization: a solution to the signal mismatch problem , 2003, IEEE Trans. Signal Process..

[33]  Chunyan Miao,et al.  Optimal Interdiction of Illegal Network Flow , 2016, IJCAI.

[34]  Jonathan Cole Smith,et al.  Survivable network design under optimal and heuristic interdiction scenarios , 2007, J. Glob. Optim..

[35]  Michel Minoux,et al.  Accelerated greedy algorithms for maximizing submodular set functions , 1978 .

[36]  Vishal Gupta,et al.  Data-driven robust optimization , 2013, Math. Program..

[37]  Alan Washburn,et al.  Two-Person Zero-Sum Games for Network Interdiction , 1995, Oper. Res..

[38]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[39]  Maria Paola Scaparra,et al.  Optimal Allocation of Protective Resources in Shortest-Path Networks , 2011, Transp. Sci..

[40]  Sara Mattia,et al.  The robust network loading problem with dynamic routing , 2010, Comput. Optim. Appl..

[41]  Xinghuo Yu,et al.  A Maximum-Flow-Based Complex Network Approach for Power System Vulnerability Analysis , 2013, IEEE Transactions on Industrial Informatics.

[42]  Laurent El Ghaoui,et al.  Robust Solutions to Uncertain Semidefinite Programs , 1998, SIAM J. Optim..

[43]  H. Vincent Poor,et al.  Infrastructure security games , 2014, Eur. J. Oper. Res..

[44]  R. Kevin Wood,et al.  Deterministic network interdiction , 1993 .

[45]  J. Alex Halderman,et al.  Green Lights Forever: Analyzing the Security of Traffic Infrastructure , 2014, WOOT.

[46]  Michael Poss,et al.  Affine recourse for the robust network design problem: Between static and dynamic routing , 2011, Networks.

[47]  Richard D. Wollmer,et al.  Removing Arcs from a Network , 1964 .

[48]  Gerald G. Brown,et al.  "Sometimes There is No Most-Vital" Arc: Assessing and Improving the Operational Resilience of Systems , 2013 .

[49]  Arkadi Nemirovski,et al.  Robust Convex Optimization , 1998, Math. Oper. Res..

[50]  Richard L. Church,et al.  Production , Manufacturing and Logistics An exact solution approach for the interdiction median problem with fortification , 2008 .

[51]  Özlem Ergun,et al.  The Maximum Flow Network Interdiction Problem: Valid inequalities, integrality gaps, and approximability , 2010, Oper. Res. Lett..

[52]  Richard L. Church,et al.  A bilevel mixed-integer program for critical infrastructure protection planning , 2008, Comput. Oper. Res..

[53]  Milind Tambe,et al.  Trends and Applications in Stackelberg Security Games , 2018 .

[54]  Saurabh Amin,et al.  Probability Distributions on Partially Ordered Sets and Network Security Games , 2018, ArXiv.

[55]  S. Lubore,et al.  Finding the N most vital links in flow networks , 2011 .

[56]  Supriyo Ghosh,et al.  Robust Repositioning to Counter Unpredictable Demand in Bike Sharing Systems , 2016, IJCAI.

[57]  J. Cole Smith,et al.  A Backward Sampling Framework for Interdiction Problems with Fortification , 2017, INFORMS J. Comput..

[58]  Vincent Conitzer,et al.  A double oracle algorithm for zero-sum security games on graphs , 2011, AAMAS.

[59]  Milind Tambe,et al.  From physical security to cybersecurity , 2015, J. Cybersecur..

[60]  Ravindra K. Ahuja,et al.  Network Flows: Theory, Algorithms, and Applications , 1993 .

[61]  David K. Y. Yau,et al.  A game theoretic study of attack and defense in cyber-physical systems , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[62]  Saurabh Amin,et al.  Network flow routing under strategic link disruptions , 2015, 2015 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[63]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[64]  David P. Morton,et al.  Stochastic Network Interdiction , 1998, Oper. Res..

[65]  Vladimir Marbukh,et al.  A Game-Theoretic Framework for Network Security Vulnerability Assessment and Mitigation , 2012, GameSec.

[66]  Patrick Jaillet,et al.  Improving Customer Satisfaction in Bike Sharing Systems through Dynamic Repositioning , 2019, IJCAI.

[67]  Milind Tambe,et al.  Using Abstractions to Solve Opportunistic Crime Security Games at Scale , 2016, AAMAS.

[68]  Patrick Jaillet,et al.  Regret based Robust Solutions for Uncertain Markov Decision Processes , 2013, NIPS.

[69]  Saurabh Amin,et al.  Securing Infrastructure Facilities: When Does Proactive Defense Help? , 2018, Dyn. Games Appl..

[70]  Ebrahim Nasrabadi,et al.  On the power of randomization in network interdiction , 2013, Oper. Res. Lett..

[71]  Arkadi Nemirovski,et al.  Robust solutions of Linear Programming problems contaminated with uncertain data , 2000, Math. Program..

[72]  Constantine Caramanis,et al.  Theory and Applications of Robust Optimization , 2010, SIAM Rev..

[73]  Manish Jain,et al.  Security Games with Arbitrary Schedules: A Branch and Price Approach , 2010, AAAI.

[74]  Jean C. Walrand,et al.  Towards a Metric for Communication Network Vulnerability to Attacks: A Game Theoretic Approach , 2012, GAMENETS.

[75]  Saurabh Amin,et al.  Probability Distributions on Partially Ordered Sets and Network Interdiction Games , 2018 .

[76]  R. Vohra,et al.  Finding the most vital arcs in a network , 1989 .