We introduce a novel framework for computing optimal randomized security policies in networked domains which extends previous approaches in several ways. First, we extend previous linear programming techniques for Stackelberg security games to incorporate benefits and costs of arbitrary security configurations on individual assets. Second, we offer a principled model of failure cascades that allows us to capture both the direct and indirect value of assets, and extend this model to capture uncertainty about the structure of the interdependency network. Third, we extend the linear programming formulation to account for exogenous (random) failures in addition to targeted attacks. Fourth, we allow the attacker to choose among several capabilities in attacking a target, and, in a limited way, allow the attacker to attack multiple targets simultaneously. The goal of our work is two-fold. First, we offer techniques to compute optimal security strategies in realistic settings involving interdependent security. Second, our computational framework enables us to attain theoretical insights about security on networks.
[1]
Nicolas Christin,et al.
Secure or insure?: a game-theoretic analysis of information security games
,
2008,
WWW.
[2]
Manish Jain,et al.
Computing optimal randomized resource allocations for massive security games
,
2009,
AAMAS.
[3]
David P. Morton,et al.
Stochastic Network Interdiction
,
1998,
Oper. Res..
[4]
H. Kunreuther,et al.
Interdependent Security
,
2003
.
[5]
Manish Jain,et al.
Security Games with Arbitrary Schedules: A Branch and Price Approach
,
2010,
AAAI.
[6]
Sarit Kraus,et al.
Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games
,
2008,
AAMAS.