An Iterative Security Game for Computing Robust and Adaptive Network Flows

The recent advancement in cyberphysical systems has led to an exponential growth in the use of automated devices which in turn has created new security challenges. By manipulating cyberphysical components, a potential attacker can modify the capacities of multiple edges so as to disrupt the network of interest. Existing robust network flow models typically assume that the entire flow of an attacked edge gets lost. However, in many practical systems, the flow of an attacked edge could potentially be rerouted through adjacent edges with residual capacity. In order to address this feature, we propose a robust and adaptive network flow model to effectively counter possible attacking behaviors of an adversary operating under a budget constraint. Specifically, we introduce a novel scenario generation approach based on an iterative two-player game between a defender and an adversary. We assume that the adversary always takes a best response (out of some feasible attacking scenarios) against the current flow scenario prepared by the defender. On the other hand, we assume that the defender considers all the attacking behaviors revealed by the adversary in previous iterations in order to generate a new robust (maximin) flow strategy. This iterative game continues until the objectives of both the players converge. We show that the robust and adaptive network flow problem is NP-hard and that the complexity of the adversary's decision problem grows exponentially with the network size and the adversary's budget value. We propose two principled heuristic approaches for solving the adversary's problem at the scale of a large urban network. Extensive computational results on multiple synthetic and real-world data sets demonstrate that the solution provided by the defender's problem significantly increases the amount of flow pushed through the network over four state-of-the-art benchmark approaches.

[1]  David P. Morton,et al.  Stochastic Network Interdiction , 1998, Oper. Res..

[2]  D. R. Fulkerson,et al.  Maximal Flow Through a Network , 1956 .

[3]  Marcin Dziubinski,et al.  Network Design and Defence , 2012, Games Econ. Behav..

[4]  Gilbert Laporte,et al.  A game theoretic framework for the robust railway transit network design problem , 2010 .

[5]  Milind Tambe,et al.  From physical security to cybersecurity , 2015, J. Cybersecur..

[6]  R. Vohra,et al.  Finding the most vital arcs in a network , 1989 .

[7]  Michal Pioro,et al.  SNDlib 1.0—Survivable Network Design Library , 2010 .

[8]  Patrick Jaillet,et al.  Improving Customer Satisfaction in Bike Sharing Systems through Dynamic Repositioning , 2019, IJCAI.

[9]  Arkadi Nemirovski,et al.  Robust Convex Optimization , 1998, Math. Oper. Res..

[10]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[11]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[12]  Gerald G. Brown,et al.  "Sometimes There is No Most-Vital" Arc: Assessing and Improving the Operational Resilience of Systems , 2013 .

[13]  Donald Goldfarb,et al.  A computational comparison of the dinic and network simplex methods for maximum flow , 1988 .

[14]  Saurabh Amin,et al.  Security of Transportation Networks: Modeling Attacker-Defender Interaction , 2018, ArXiv.

[15]  Saurabh Amin,et al.  Network flow routing under strategic link disruptions , 2015, 2015 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[16]  Michel Minoux,et al.  Accelerated greedy algorithms for maximizing submodular set functions , 1978 .

[17]  Vishal Gupta,et al.  Data-driven robust optimization , 2013, Math. Program..

[18]  Michael Poss,et al.  Affine recourse for the robust network design problem: Between static and dynamic routing , 2011, Networks.

[19]  Jonathan Cole Smith,et al.  Survivable network design under optimal and heuristic interdiction scenarios , 2007, J. Glob. Optim..

[20]  A. Ben-Tal,et al.  Adjustable robust solutions of uncertain linear programs , 2004, Math. Program..

[21]  J. Cole Smith,et al.  A Backward Sampling Framework for Interdiction Problems with Fortification , 2017, INFORMS J. Comput..

[22]  Patrick Jaillet,et al.  Models and Algorithms for Stochastic and Robust Vehicle Routing with Deadlines , 2016, Transp. Sci..

[23]  Laurent El Ghaoui,et al.  Robust Solutions to Uncertain Semidefinite Programs , 1998, SIAM J. Optim..

[24]  Richard L. Church,et al.  A bilevel mixed-integer program for critical infrastructure protection planning , 2008, Comput. Oper. Res..

[25]  Richard L. Church,et al.  Protecting Critical Assets: The r-interdiction median problem with fortification , 2007 .

[26]  Saurabh Amin,et al.  Signaling Game-based Misbehavior Inspection in V2I-enabled Highway Operations , 2018, 2018 IEEE Conference on Decision and Control (CDC).

[27]  Jonathan Cole Smith,et al.  Exact algorithms for solving a Euclidean maximum flow network interdiction problem , 2014, Networks.

[28]  Gerald G. Brown,et al.  Operational Models of Infrastructure Resilience , 2015, Risk analysis : an official publication of the Society for Risk Analysis.

[29]  Vincent Conitzer,et al.  A double oracle algorithm for zero-sum security games on graphs , 2011, AAMAS.

[30]  Patrick Jaillet,et al.  Regret based Robust Solutions for Uncertain Markov Decision Processes , 2013, NIPS.

[31]  David K. Y. Yau,et al.  A game theoretic study of attack and defense in cyber-physical systems , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[32]  Manish Jain,et al.  Security Games with Arbitrary Schedules: A Branch and Price Approach , 2010, AAAI.

[33]  Bo An,et al.  Deploying PAWS: Field Optimization of the Protection Assistant for Wildlife Security , 2016, AAAI.

[34]  J. Alex Halderman,et al.  Green Lights Forever: Analyzing the Security of Traffic Infrastructure , 2014, WOOT.

[35]  Maria Paola Scaparra,et al.  Optimal Allocation of Protective Resources in Shortest-Path Networks , 2011, Transp. Sci..

[36]  Richard L. Church,et al.  Production , Manufacturing and Logistics An exact solution approach for the interdiction median problem with fortification , 2008 .

[37]  Constantine Caramanis,et al.  Theory and Applications of Robust Optimization , 2010, SIAM Rev..

[38]  Sarit Kraus,et al.  Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport , 2008, AAMAS 2008.

[39]  Wai Yuen Szeto Routing and scheduling hazardous material shipments: Nash game approach , 2013 .

[40]  J. W. Herrmann,et al.  Game-Theoretic Analysis of Attack and Defense in Cyber-Physical Network Infrastructures , 2012 .

[41]  Alexandre M. Bayen,et al.  On Cybersecurity of Freeway Control Systems: Analysis of Coordinated Ramp Metering Attacks , 2015 .

[42]  Richard D. Wollmer,et al.  Removing Arcs from a Network , 1964 .

[43]  H. Vincent Poor,et al.  Infrastructure security games , 2014, Eur. J. Oper. Res..

[44]  Zhi-Quan Luo,et al.  Robust adaptive beamforming using worst-case performance optimization: a solution to the signal mismatch problem , 2003, IEEE Trans. Signal Process..

[45]  Dimitris Bertsimas,et al.  On the Power of Robust Solutions in Two-Stage Stochastic and Adaptive Optimization Problems , 2010, Math. Oper. Res..

[46]  Alper Atamtürk,et al.  Two-Stage Robust Network Flow and Design Under Demand Uncertainty , 2007, Oper. Res..

[47]  Sarit Kraus,et al.  Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport , 2008, AAMAS.

[48]  Saurabh Amin,et al.  Probability Distributions on Partially Ordered Sets and Network Interdiction Games , 2018 .

[49]  Milind Tambe,et al.  Urban security: game-theoretic resource allocation in networked physical domains , 2010, AAAI 2010.

[50]  Alan Washburn,et al.  Two-Person Zero-Sum Games for Network Interdiction , 1995, Oper. Res..

[51]  Ebrahim Nasrabadi,et al.  Robust and Adaptive Network Flows , 2013, Oper. Res..

[52]  Jean C. Walrand,et al.  Towards a Metric for Communication Network Vulnerability to Attacks: A Game Theoretic Approach , 2012, GAMENETS.

[53]  Chunyan Miao,et al.  Optimal Interdiction of Illegal Network Flow , 2016, IJCAI.

[54]  Sepehr Assadi,et al.  The Minimum Vulnerability Problem , 2014, Algorithmica.

[55]  Saurabh Amin,et al.  Securing Infrastructure Facilities: When Does Proactive Defense Help? , 2018, Dyn. Games Appl..

[56]  Shapour Azarm,et al.  Multiobjective Collaborative Robust Optimization With Interval Uncertainty and Interdisciplinary Uncertainty Propagation , 2008 .

[57]  Özlem Ergun,et al.  The Maximum Flow Network Interdiction Problem: Valid inequalities, integrality gaps, and approximability , 2010, Oper. Res. Lett..

[58]  Melvyn Sim,et al.  Robust discrete optimization and network flows , 2003, Math. Program..

[59]  Saurabh Amin,et al.  Probability Distributions on Partially Ordered Sets and Network Security Games , 2018, ArXiv.

[60]  R. Kevin Wood,et al.  Deterministic network interdiction , 1993 .

[61]  Gerald G. Brown,et al.  Solving Defender-Attacker-Defender Models for Infrastructure Defense , 2011, ICS 2011.

[62]  Milind Tambe,et al.  STREETS: Game-Theoretic Traffic Patrolling with Exploration and Exploitation , 2014, AAAI.

[63]  Supriyo Ghosh,et al.  Robust Repositioning to Counter Unpredictable Demand in Bike Sharing Systems , 2016, IJCAI.

[64]  R. Kevin Wood,et al.  Shortest‐path network interdiction , 2002, Networks.

[65]  Ebrahim Nasrabadi,et al.  On the power of randomization in network interdiction , 2013, Oper. Res. Lett..

[66]  Arkadi Nemirovski,et al.  Robust solutions of Linear Programming problems contaminated with uncertain data , 2000, Math. Program..

[67]  Sara Mattia,et al.  The robust network loading problem with dynamic routing , 2010, Comput. Optim. Appl..

[68]  Milind Tambe,et al.  Using Abstractions to Solve Opportunistic Crime Security Games at Scale , 2016, AAMAS.

[69]  Vladimir Marbukh,et al.  A Game-Theoretic Framework for Network Security Vulnerability Assessment and Mitigation , 2012, GameSec.

[70]  Xinghuo Yu,et al.  A Maximum-Flow-Based Complex Network Approach for Power System Vulnerability Analysis , 2013, IEEE Transactions on Industrial Informatics.

[71]  Milind Tambe,et al.  Trends and Applications in Stackelberg Security Games , 2018 .

[72]  Anne FINDING THE n MOST VITAL LINKS IN FLOW NETWORKS , 2022 .

[73]  Gerald G. Brown,et al.  Defending Critical Infrastructure , 2006, Interfaces.