Securing interdependent assets

Abstract

Stackelberg security game models have become among the leading practical game theoretic approaches to security, having seen actual deployment in the LAX Airport, the United States Federal Air Marshals Service, and the United States Coast Guard, among others. However, most techniques for computing optimal security policies in Stackelberg games to date do not explicitly account for interdependencies among targets. We introduce a novel framework for computing optimal randomized security policies in networked (interdependent) domains. Our framework rests upon a Stackelberg security game model, within which we explicitly capture the indirect spread of damages due either to malicious attacks or unintended failures. We proceed to specify a particular simple, yet natural model of damage spread based on a graphical representation of asset interdependencies coupled with an independent failure cascade model. For the general model, we present an algorithm based on submodularity of the attacker's decision problem, in combination with local search, to approximate optimal security resource allocation across the assets, and show experimentally that our algorithm is far more scalable than an alternative exact approach, yields nearly optimal results, and offers substantial improvement over a well-known heuristic alternative. We then show that in a particular important special case we can compute optimal security policies exactly and efficiently. We proceed to apply our framework to study comparative network resilience, unifying previously disparate strands of research in the area, and to offer insights into other aspects of the interdependent security problem.