ABSTRACTIn this article, we investigate a generalized two‐player inspection game between an attacker and a defender who allocates multiple resources across a critical system. Specifically, the attacker targets components of the system while the defender coordinates multiple inspection units to monitor disjoint subsets of components and detect attacks. However, detection is assumed to be imperfect and depends on inspected locations as well as targeted components. This feature permits to model of detection efficacy as a function of the detection technology employed, the system's physical properties, and external environmental factors. The defender (respectively, attacker) aims to minimize (respectively, maximize) the expected number of attacks on the system that remain undetected. We solve this large‐scale zero‐sum game by analytically characterizing the marginal inspection and attack probabilities in equilibrium. Our analysis provides novel insights into the players' behaviors and the criticality of system components, revealing a complex dependence on players' resources and the distribution of detection probabilities across monitoring sets. Using a benchmark water pipeline network, we demonstrate how the proposed solutions can be leveraged to provide recommendations for security agencies regarding the type of detectors to acquire and how to coordinate them based on the characteristics of the system to inspect.
Read full abstract