Computing Optimal Randomized Resource Allocations for Massive Security Games Presenter : Jen Hua Chi...

Computing Optimal Randomized Resource Allocations forMassive Security Games

Presenter : Jen Hua Chi

Advisor : Yeong Sung Lin

2

Agenda

Introduction Stackelberg games Compact Security Game Model Algorithms:

ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) Evaluation

3

Introduction

Motivation : Providing security for transportation systems, computer networks, and other critical infrastructure. Recent work ：　 Paruchuri et. al. uses a game-theoretic approach 　 to create randomized security policies for traffic 　 checkpoints and canine patrols at the Los Angeles 　 International Airport (LAX).

4

Introduction

A limitation of existing solution methods ：　 1. Size

2. Computing infeasible Now: subway systems, random baggage screening, container inspections at ports, and scheduling for the Federal Air Marshals Service.

US commercial airlines fly 27,000 domestic flights and over 2000 international flight each day. The Federal Air Marshal Service (FAMS) has law enforcement authority for commercial air transportation.

Flights should not necessarily have equal weighting in a randomized schedule.

5

Introduction

Key questions ：1. How to efficiently allocate resources

to protect against a wide variety of potential threats?

2. The adversarial aspect of security domains poses unique challenges for resource allocation.

Randomization => Game Theory

6

Problems

An individual air marshal’s potential departures are constrained by their current location, and schedules must account for flight and transition times.

Normal form of Stackelberg game model can only present the the cost of a combinatorial explosion in the size of the strategy space and payoff representation.

=> Compact Security Game Model

7

Introduction

New techniques:

1. Randomized security resource allocation

2. First algorithm (ERASER)

Dramatically reduce both space and time

requirements for the multiple-resource case

3. Two additional algorithms:

(ORIGAMI, ORIGAMI-MILP)

Improving performance

4. Incorporating additional scheduling and

resource constraints into the model:

ERASER-C

8

Agenda



9

Stackelberg Games

Stackelberg Games A ‘leader’ moves first, and the ‘follower’ observes the leader’s strategy before acting.

Related games: border patrolling, computer job scheduling, security patrolling.

It can models the capability of malicious attackers to employ surveillance in planning attacks.

10

Stackelberg Games

Normal form:

1. Two players: a defender, Θ

an attacker, ψ

2. Pure strategy set: σΘ Є ΣΘ, σψ Є Σψ

3. Mixed strategy set: δΘ Є ΔΘ, δψ Є Δψ

4. Payoffs for each player:

ΩΘ ： Σψ x ΣΘ R

5. Attacker’s strategy function:

Fψ ： ΔΘ Δψ

11

Stackelberg Equilibrium

It is a form of subgame perfect equilibrium.

Subgame ： partial sequences of actions Two types of unique Stackelberg equilibria:

1. Strong

2. Weak A strong Stackelberg equilibrium exists in all Stackelberg games, but a weak Stackelberg equilibrium may not.

12

Definition 1

A pair of strategies (δΘ, FΨ) form a Strong Stackelberg Equilibrium (SSE) if they satisfy the following:

The leader plays a best-response:

ΩΘ(δΘ, FΨ(δΘ)) ≥ ΩΘ(δ’Θ, FΨ(δ’Θ))∀δ’Θ ∈ ΔΘ.

2. The follower play a best-response:

ΩΨ(δΘ, FΨ(δΘ)) ≥ ΩΨ(δΘ, δΨ)∀δΘ ∈ ΔΘ, δΨ ∈ ΔΨ.

3. The follower breaks ties optimally for the leader:

ΩΘ(δΘ, FΨ(δΘ)) ≥ ΩΘ(δΘ, δΨ)∀δΘ ∈ ΔΘ, δΨ ∈ Δ∗Ψ(δΘ), whereΔ∗

Ψ(δΘ) is the set of follower best-responses, as above.

Attacker 根據 defender 行為，選擇對應的策略

Attacker 從mixed

strategy set中任意選擇

13

Agenda



14

Compact Security Game Model

A set of targets that may be attacked: T = {t1, …, tn}

A set of resources available to cover these targets, R = {r1, . . . , rm} (all resources are identical)

Four payoffs of each target:

Example payoffs for an attack on a target.

Covered Uncovered

DefenderAttacker Covered Uncover

edDefender 5 -20Attacker -10 30

15


Restrict to attack a single target with probability 1

Vector MeaningC A coverage vectorct The probability that each target is

coveredA The probability of attacking a

target

16


The defender’s expected payoff:

Given A, C,

U(C, A) = Σt∈Tat (ct x+ (1 − ct) ) The attacker’s expected payoff on target t:

Given C,

U(t, C) = ct )+ (1 − ct)

Γ(C) = {t : UΨ(t, C) ≥ UΨ(t’, C) ∀ t’∈ T}.

(Γ(C) : attack set)

Covered Uncovered

17


In a strong Stackelberg equilibrium, the attacker selects the target in the attack set with maximum payoff for the defender.

Let t∗ denote this optimal target

Players The expected SSE payoff

Defender

Θ(C) = UΘ(t∗, C)

Attacker Ψ(C) =UΨ(t∗, C)

18


Any security game represented in this compact form can also be represented in normal form.

Attack vector A attacker’s pure strategies

For the defender, each possible allocation of resources corresponds to a pure strategy in the normal form.

There are n choose m ways to allocate m resources to n targets.

19


The probability assigned to a pure strategy covering targets i and j:

+ = c1 --(1)

+ = c2

+ = c3

+ = c4

ΩΘ defines a payoff for each combination of a resource allocation schedule and target.

20


Form Player Strategy Payoff function size

Compact form

Defender n continuous variables

4n variables

Attacker n continuous variables

Normal form

Defender n Choose m variables

n(n Choose m)

Attacker n continuous variables

21

Agenda



22

ERASER

ERASER algorithm (Efficient Randomized Allocation of SEcurity Resources) 1. Input: a security game in compact form 2. A mixed-integer linear program (MILP)

23

ERASER

max d (5)

at ∈ {0, 1} ∀t ∈ T (6)

Σt∈T at = 1 (7)

ct ∈ [0, 1] ∀t ∈ T (8)

Σt∈T ct ≤ m (9)

d − UΘ(t,C) ≤ (1 − at) Z ∀t ∈ T (10)

0 ≤ k − UΨ(t,C) ≤ (1 − at) Z ∀t ∈ T (11)

UΨ(t,C) ≤ k

24

ERASER

THEOREM 1. For any feasible ERASER coverage vector, there is a corresponding mixed strategy δΘ that implements the desired coverage probabilities. THEOREM 2. A pair of attack and coverage vectors (C,A) is optimal for the ERASER MILP correspond to at least one SSE of the game.

25


Payoff structure 1. The defender always benefits by having additional resources covering an attacked target, while the attacker is always worse off attacking a more heavily defended target. 2. < (t) and (t) > (t)

26


Observation (1/3 )

All else equal, increasing ct for any target not in

Γ(C) has no effect on Θ(C) or Ψ(C). Observation (2/3)

If Γ(C) ⊂ Γ(C’) and ct = c’t for all t ∈Γ(C) then

Θ(C) ≤ Θ(C’).Observation (3/3)

If Ψ(C)= x, then ct ≥ for

every target t with (t) > x.

x = ct()+(1−ct) .

27

ORIGAMI algorithm

Optimizing Resources in GAmes using Maximal Indifference

1. Start: A target that has maximal (t) 2. Each time the attack set is expanded, the coverage of each target is updates to maintain the indifference of attacker payoffs within the attack set.

28

ORIGAMI algorithm

3. Termination conditions (1/2) When adding the next target to the attack set requires more total coverage probability than the defender has resources available.

4. Termination conditions (2/2) When any target t is covered with probability 1. The expected value for an attack on this target cannot be reduced below (t).

5. Maximize the number of targets. Maximize total coverage probability.

29

ORIGAMI algorithm

THEOREM 3.

ORIGAMI computes a coverage vector C that is optimal for the ERASER MILP, and is therefore consistent with a SSE of the security game.

30

ORIGAMI-MILP

ORIGAMI algorithm + MILP algorithm

min k (12)

γt ∈ {0, 1} ∀t ∈ T (13)

ct ∈ [0, 1] ∀t ∈ T (14)

Σt∈Tct ≤ m (15)

UΨ(t,C) ≤ k ∀t ∈ T (16)

k − UΨ(t,C) ≤ (1 − γt) ・ Z ∀t ∈ T (17)

ct ≤ γt ∀t ∈ T (18)

31

ORIGAMI-MILP

THEOREM 4. ORIGAMI-MILP generates an optimal solutionfor the ERASER MILP.

32

Resource constraints

Modeling air marshals as resources, flights as targets, with payoffs defined by expert risk analysis.

Resource types can be used to specify different sets of legal schedules for each resource.

Adding these constraints effectively reduces the space of feasible coverage vectors.

Example: 1

2

3

33

ERASER-C (constrained)

. Adding the capability to represent certain kinds of resource and scheduling constraints

The first extension allows resources to be assigned to schedules covering multiple targets.

The second extension introduces resource

types,Ω = {ω1, . . . , ωv}.

34


Variables

Meaning Variables/ Functions

The relationship between targets and schedules

M : S × T → {0, 1}

The number of available resources of each type

R(ω)

Coverage capabilities for each type

Ca : S × Ω → {0, 1}

The total probability that is assigned to each schedule by all resource types

q

The probability assigned to a schedule by a specific type of resource

h

Large constant, relative to themaximum payoff

Z

35


max d (19)

at ∈ {0, 1} ∀t ∈ T (20)

ct ∈ [0, 1] ∀t ∈ T (21)

qs ∈ [0, 1] ∀s ∈ S (22)

hs,ω ∈ [0, 1] ∀s, ω ∈ S × Ω (23)

Σt∈ T at = 1 (24)

Σω∈Ωhs,ω = qs ∀s ∈ S (25)

Σs∈S qsM(s, t) = ct ∀t ∈ T (26)

Σs∈Shs,ωCa(s, ω)≤ R(ω) ∀ω∈ Ω (27)

hs,ω ≤ Ca(s, ω) ∀s, ω ∈ S × Ω (28)

d − UΘ(t,C) ≤ (1 − at) ・ Z ∀t ∈ T (29)

0 ≤ k − UΨ(t,C)≤ (1 − at) ・ Z ∀t ∈ T (30)

36

Agenda



37

Evaluation

DOBSS The ordering of the algorithms in terms of the size of the class of games:

ORIGAMI/ORIGAMI-MILP ⊂ ERASER ⊂ ERASER-C ⊂ DOBSS. First set of experiments: Compares the performance of DOBSS, ERASER, and ERASER-C on random game instances.

Next comparison: ERASER, ORIGAMI, and ORIGAMI-MILP on much larger instances that DOBSS is unable to solve.Final experiment: Compares the algorithms on relevant example games for the LAX and FAMS domains.

38

Evaluation(The first set of tests)

Generate random instances of compact security games of the form used by ERASER.

Independently randomly draw four integer payoffs for each target.

and are drawn from Uniform[0, 100], while and are drawn from Uniform[−100, 0].

(a) Runtimes for DOBSS,ERASER, and ERASER-C

(b) Memory use of DOBSS,ERASER, and ERASER-C

39

Evaluation(The first set of tests)

Comparing the performance of ERASER-C and DOBSS on games.

Random game instances now include schedules, resource types, and coverage mappings.

We test games with 3 resource types, and availability of [3, 3, 2] for each type.

There are twice as many schedules as targets, and each schedule covers a randomly-selected set of two targets.

(c) Runtimes for DOBSS andERASER-C

(d) Memory use of DOBSS and ERASER-C

40

Evaluation(The second set of tests)

Comparing the performance of ERASER, ORIGAMI, and ORIGAMI-MILP on very large games well beyond the limits of DOBSS.

(e)Runtime scaling of ERASER, ORIGAMI, and ORIGAMI-MILP

(f)Runtime scaling of ORIGAMI, and ORIGAMI-MILP

Comparing the runtimes of the three algorithms on games with 25 resources and up to 3000 targets.

Comparing the runtimes of the two algorithms on games with 1000 resources and up to 4000 targets.

41

Evaluation (Real data)

Actions DOBSS ERASER (-C)

LAX (6 canines)

784 0.94s 0.23s

FAMS (small) ~6,000 4.74s 0.09s

FAMS (large) ~85,000 435.6s* 1.57sTable 2: Runtimes on real data.

• Both examples cover a one week period, but cover different foreign and domestic airports to generate "small" and "large" tests.

42

Limitation Additional constraints are necessary if there are odd cycles possible in the schedules.

Thanks for your attention

Computing Optimal Randomized Resource Allocations for Massive Security Games Presenter : Jen Hua Chi...

Documents

Transcript of Computing Optimal Randomized Resource Allocations for Massive Security Games Presenter : Jen Hua Chi...