The Price of Usability: Designing Operationalizable Strategies for Security Games

We consider the problem of allocating scarce security resources among heterogeneous targets to thwart a possible attack. It is well known that deterministic solutions to this problem being highly predictable are severely suboptimal. To mitigate this predictability, the game-theoretic security game model was proposed which randomizes over pure ( deterministic) strategies, causing confusion in the adversary. Unfortunately, such mixed strategies typically randomize over a large number of strategies, requiring security personnel to be familiar with numerous protocols, making them hard to operationalize. Motivated by these practical considerations, we propose an easy to use approach for computing strategies that are easy to operationalize and that bridge the gap between the static solution and the optimal mixed strategy. These strategies only randomize over an optimally chosen subset of p ure strategies whose cardinality is selected by the defender, enabling them to conveniently tune the trade-off between ease of operationalization and efficiency using a single design parameter. We show that the problem of computing such operationalizable strategies is NP-hard, formulate it as a mixedinteger optimization problem, provide an algorithm for computing e-optinal equilibria, and an efficient heuristic. We evaluate the performance of our approach on the problem of screening for threats at airports and show that the Price of Usability, i.e., the loss in optimality to obtain a strategy that is easier to operationalize, is typically not high.

[1]  Mina Guirguis,et al.  Don't Bury your Head in Warnings: A Game-Theoretic Approach for Intelligent Allocation of Cyber-security Alerts , 2017, IJCAI.

[2]  F. Paas Training strategies for attaining transfer of problem-solving skill in statistics: A cognitive-load approach. , 1992 .

[3]  Milind Tambe,et al.  Preventing Illegal Logging: Simultaneous Optimization of Resource Teams and Tactics for Security , 2016, AAAI.

[4]  Maria-Florina Balcan,et al.  Commitment Without Regrets: Online Learning in Stackelberg Security Games , 2015, EC.

[5]  Sarit Kraus,et al.  An efficient heuristic approach for security against multiple adversaries , 2007, AAMAS '07.

[6]  Milind Tambe,et al.  The Deployment-to-Saturation Ratio in Security Games , 2012, AAAI.

[7]  Bo An,et al.  Computing Optimal Mixed Strategies for Security Games with Dynamic Payoffs , 2015, IJCAI.

[8]  Milind Tambe,et al.  One Size Does Not Fit All: A Game-Theoretic Approach for Dynamically and Effectively Screening for Threats , 2016, AAAI.

[9]  Milind Tambe,et al.  Get Me to My GATE on Time: Efficiently Solving General-Sum Bayesian Threat Screening Games , 2016, ECAI.

[10]  J. Sweller,et al.  Effects of schema acquisition and rule automation on mathematical problem-solving transfer. , 1987 .

[11]  Milind Tambe,et al.  Protecting Moving Targets with Multiple Mobile Resources , 2013, J. Artif. Intell. Res..

[12]  Aranyak Mehta,et al.  Playing large games using simple strategies , 2003, EC '03.

[13]  J. Meigs,et al.  WHO Technical Report , 1954, The Yale Journal of Biology and Medicine.

[14]  Vincent Conitzer,et al.  Complexity of Computing Optimal Stackelberg Strategies in Security Resource Allocation Games , 2010, AAAI.

[15]  Noam Nisan,et al.  Proceedings of the 4th ACM conference on Electronic commerce , 2003 .

[16]  Milind Tambe,et al.  Staying Ahead of the Game: Adaptive Robust Optimization for Dynamic Allocation of Threat Screening Resources , 2017, IJCAI.

[17]  Nicola Basilico,et al.  Leader-follower strategies for robotic patrolling in environments with arbitrary topologies , 2009, AAMAS.

[18]  Michael Wooldridge,et al.  Proceedings of the 24th International Conference on Artificial Intelligence , 2015 .