Protecting complex infrastructures against multiple strategic attackers

Infrastructures are analysed subject to defence by a strategic defender and attack by multiple strategic attackers. A framework is developed where each agent determines how much to invest in defending versus attacking each of multiple targets. A target can have economic, human and symbolic values, which generally vary across agents. Investment expenditure functions for each agent can be linear in the investment effort, concave, convex, logistic, can increase incrementally, or can be subject to budget constraints. Contest success functions (e.g., ratio and difference forms) determine the probability of a successful attack on each target, dependent on the relative investments of the defender and attackers on each target, and on characteristics of the contest. Targets can be in parallel, in series, interlinked, interdependent or independent. The defender minimises the expected damage plus the defence expenditures. Each attacker maximises the expected damage minus the attack expenditures. The number of free choice variables equals the number of agents times the number of targets, or lower if there are budget constraints. Each agent is interested in how his investments vary across the targets, and the impact on his utilities. Alternative optimisation programmes are discussed, together with repeated games, dynamic games and incomplete information. An example is provided for illustration.

[1]  T. Sandler,et al.  The Political Economy of Terrorism: The Economic Impact of Transnational Terrorism , 2005 .

[2]  Vicki M. Bier,et al.  Optimal Allocation of Resources for Defense of Simple Series and Parallel Systems from Determined Adversaries , 2003 .

[3]  Gregory Levitin,et al.  Survivability maximization for vulnerable multi-state systems with bridge topology , 2000, Reliab. Eng. Syst. Saf..

[4]  G. Woo Quantitative Terrorism Risk Assessment , 2002 .

[5]  Larry Samuelson,et al.  Choosing What to Protect: Strategic Defensive Allocation Against an Unknown Attacker , 2005 .

[6]  S. Skaperdas Contest success functions , 1996 .

[7]  M. Naceur Azaiez,et al.  Optimal resource allocation for security in reliability systems , 2007, Eur. J. Oper. Res..

[8]  Gerald G. Brown,et al.  Defending Critical Infrastructure , 2006, Interfaces.

[9]  Todd Sandler,et al.  Terrorist backlash, terrorism mitigation, and policy delegation , 2007 .

[10]  Todd Sandler,et al.  Terrorist Signalling and the Value of Intelligence , 2007, British Journal of Political Science.

[11]  K. Hausken Production and Conflict Models Versus Rent-Seeking Models , 2005 .

[12]  Gregory Levitin Optimal Defense Strategy Against Intentional Attacks , 2007, IEEE Transactions on Reliability.

[13]  Robert Powell,et al.  Allocating Defensive Resources with Private Information about Vulnerability , 2007, American Political Science Review.

[14]  Robert Powell,et al.  Sequential, nonzero-sum "Blotto": Allocating defensive resources prior to attack , 2009, Games Econ. Behav..

[15]  John A. Major Advanced Techniques for Modeling Terrorism Risk , 2002 .

[16]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[17]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[18]  I. M. Destler,et al.  Protecting the American Homeland , 2003 .

[19]  Kjell Hausken Strategic defense and attack for reliability systems , 2008, Reliab. Eng. Syst. Saf..

[20]  Lawrence A. Gordon,et al.  Sharing Information on Computer Systems Security: An Economic Analysis , 2003 .

[21]  R. Tollison,et al.  Toward a theory of the rent-seeking society , 1982 .

[22]  G. Beitel,et al.  Balanced Scorecard Method For Predicting TheProbability Of A Terrorist Attack , 2004 .

[23]  Kjell Hausken Strategic defense and attack for series and parallel reliability systems , 2008, Eur. J. Oper. Res..

[24]  K. Hausken Income, interdependence, and substitution effects affecting incentives for security investment , 2006 .

[25]  Kjell Hausken,et al.  Strategic Defense and Attack of Complex Networks , 2007, WEIS.

[26]  J. Hirshleifer Conflict and rent-seeking success functions: Ratio vs. difference models of relative success , 1989 .

[27]  R. Selten Reexamination of the perfectness concept for equilibrium points in extensive games , 1975, Classics in Game Theory.

[28]  Kjell Hausken,et al.  Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability , 2006, Inf. Syst. Frontiers.

[29]  Herbert A. Simon,et al.  The Sciences of the Artificial , 1970 .

[30]  Vicki M. Bier,et al.  Accident Precursor Analysis and Management: Reducing Technological Risk Through Diligence , 2004 .

[31]  G. Tullock Efficient Rent Seeking , 2001 .

[32]  K. Hausken Probabilistic Risk Analysis and Game Theory , 2002, Risk analysis : an official publication of the Society for Risk Analysis.

[33]  Avinash Dixit,et al.  Games of Strategy , 1999 .

[34]  Gregory Levitin,et al.  Optimal separation of elements in vulnerable multi-state systems , 2001, Reliab. Eng. Syst. Saf..

[35]  Walter Enders,et al.  Applying analytical methods to study terrorism , 2007 .

[36]  E. Rasmussen Games and Information , 1989 .

[37]  George E. Apostolakis,et al.  Identification of critical locations across multiple infrastructures for terrorist actions , 2007, Reliab. Eng. Syst. Saf..

[38]  T. Sandler,et al.  Global Terrorism: Deterrence Versus Pre-Emption , 2006 .

[39]  Vicki M. Bier,et al.  Protection of simple series and parallel systems with components of different values , 2005, Reliab. Eng. Syst. Saf..

[40]  J. Harsanyi Games with Incomplete Information Played by 'Bayesian' Players, Part III. The Basic Probability Distribution of the Game , 1968 .

[41]  T. Sandler,et al.  What do we know about the substitution effect in transnational terrorism , 2003 .

[42]  M. Šitum,et al.  Value of life. , 2002, Croatian medical journal.

[43]  Kjell Hausken,et al.  Protection vs. redundancy in homogeneous parallel systems , 2008, Reliab. Eng. Syst. Saf..

[44]  John C. Harsanyi,et al.  Games with Incomplete Information Played by "Bayesian" Players, I-III: Part I. The Basic Model& , 2004, Manag. Sci..

[45]  Vicki M. Bier,et al.  Subsidies in Interdependent Security With Heterogeneous Discount Rates , 2007 .

[46]  Vicki M. Bier,et al.  Secrecy in Defensive Allocations as a Strategy for Achieving More Cost-Effec tive Att acker Dett errence , 2009 .

[47]  Charles E Ebeling,et al.  An Introduction to Reliability and Maintainability Engineering , 1996 .

[48]  Gregory Levitin,et al.  Efficiency of even separation of parallel elements with variable contest intensity. , 2008, Risk analysis : an official publication of the Society for Risk Analysis.

[49]  Gregory Levitin,et al.  Optimal allocation of multi-state elements in linear consecutively connected systems with vulnerable nodes , 2003, Eur. J. Oper. Res..

[50]  J. Hirshleifer Anarchy and its Breakdown , 1995, Journal of Political Economy.

[51]  S. Skaperdas CONFLICT AND ATTITUDES TOWARD RISK , 1990 .

[52]  D. Shier Network Reliability and Algebraic Structures , 1991 .

[53]  Gregory Levitin,et al.  Minmax defense strategy for complex multi-state systems , 2009, Reliab. Eng. Syst. Saf..

[54]  Gregory Levitin,et al.  False targets efficiency in defense strategy , 2009, Eur. J. Oper. Res..

[55]  Philip D. Straffin,et al.  Game theory and strategy , 1993 .

[56]  Aroop K. Mahanty,et al.  THEORY OF PRODUCTION , 1980 .

[57]  R. Powell Defending against Terrorist Attacks with Limited Resources , 2007, American Political Science Review.

[58]  Gregory Levitin Maximizing survivability of acyclic transmission networks with multi-state retransmitters and vulnerable nodes , 2002, Reliab. Eng. Syst. Saf..

[59]  C. Berridge An Introduction to Reliability and Maintainability. , 1984 .

[60]  Anindya Ghose,et al.  The Economic Incentives for Sharing Security Information , 2004, Inf. Syst. Res..

[61]  K. Hausken Information sharing among firms and cyber attacks , 2007 .

[62]  Gregory Levitin,et al.  Optimal multilevel protection in series-parallel systems , 2003, Reliab. Eng. Syst. Saf..

[63]  Gregory Levitin,et al.  Optimizing survivability of vulnerable series-parallel multi-state systems , 2003, Reliab. Eng. Syst. Saf..

[64]  Gregory Levitin,et al.  False targets vs. redundancy in homogeneous parallel systems , 2009, Reliab. Eng. Syst. Saf..

[65]  Gregory Levitin,et al.  Optimizing survivability of multi-state systems with multi-level protection by multi-processor genetic algorithm , 2003, Reliab. Eng. Syst. Saf..