430 likes | 580 Views
Computing Optimal Randomized Resource Allocations for Massive Security Games. Presenter : Jen Hua Chi Advisor : Yeong Sung Lin. Introduction Stackelberg games Compact Security Game Model Algorithms: ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) Evaluation. Agenda. Motivation :
E N D
Computing Optimal Randomized Resource Allocations forMassive Security Games Presenter : Jen Hua Chi Advisor : Yeong Sung Lin
Introduction • Stackelberggames • Compact Security Game Model • Algorithms: ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) • Evaluation Agenda
Motivation : Providing security for transportation systems, computer networks,and other critical infrastructure. • Recent work: Paruchuri et. al. uses agame-theoretic approach to create randomized security policies for traffic checkpoints and canine patrols at the Los Angeles International Airport (LAX). Introduction
A limitation of existing solution methods: 1. Size 2. Computing infeasible • Now: subway systems, random baggage screening, container inspections at ports, and scheduling for the Federal Air Marshals Service. • US commercial airlines fly 27,000 domestic flights and over2000 international flight each day. The Federal Air Marshal Service (FAMS) has law enforcementauthority for commercial air transportation. • Flights should not necessarily have equal weighting in a randomized schedule. Introduction
Key questions: • How to efficiently allocate resources to protect against a wide variety of potential threats? • The adversarial aspect of security domains poses unique challenges for resource allocation. • Randomization => Game Theory Introduction
An individual air marshal’s potential departures are constrained by their current location, and schedules must account for flight and transition times. • Normal form of Stackelberg game modelcan only present thethe cost of a combinatorial explosion in the size of the strategy space and payoff representation. =>Compact Security Game Model Problems
New techniques: 1. Randomized security resource allocation 2. First algorithm(ERASER) Dramatically reduce both space and time requirementsfor the multiple-resource case 3. Two additional algorithms: (ORIGAMI, ORIGAMI-MILP) Improving performance 4. Incorporating additional scheduling and resource constraints into the model: ERASER-C Introduction
Introduction • Stackelberg games • Compact Security Game Model • Algorithms: ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) • Evaluation Agenda
Stackelberg Games • A ‘leader’ moves first, and the ‘follower’ observes the leader’s strategy before acting. • Related games: border patrolling, computer job scheduling, security patrolling. • It can models the capability of malicious attackers to employ surveillance in planning attacks. StackelbergGames
Normal form: 1. Two players: a defender, Θ an attacker, ψ 2. Pure strategy set: σΘЄΣΘ, σψ ЄΣψ 3.Mixed strategy set: δΘЄΔΘ, δψ Є Δψ 4. Payoffs for each player: ΩΘ:Σψx ΣΘ R 5. Attacker’s strategy function: Fψ:ΔΘ Δψ Stackelberg Games
It is a form of subgame perfect equilibrium. • Subgame:partial sequences of actions • Two types of unique Stackelbergequilibria: 1. Strong 2. Weak • A strong Stackelbergequilibrium existsin all Stackelberg games, but a weak Stackelbergequilibrium may not. Stackelberg Equilibrium
A pair of strategies (δΘ, FΨ) form a Strong StackelbergEquilibrium (SSE) if they satisfy the following: The leader plays a best-response: ΩΘ(δΘ, FΨ(δΘ)) ≥ ΩΘ(δ’Θ, FΨ(δ’Θ))∀δ’Θ∈ ΔΘ. 2. The follower play a best-response: ΩΨ(δΘ, FΨ(δΘ)) ≥ ΩΨ(δΘ, δΨ)∀δΘ∈ ΔΘ, δΨ ∈ ΔΨ. 3. The follower breaks ties optimally for the leader: ΩΘ(δΘ, FΨ(δΘ)) ≥ ΩΘ(δΘ, δΨ)∀δΘ ∈ ΔΘ, δΨ ∈ Δ∗Ψ(δΘ), whereΔ∗Ψ(δΘ) is the set of follower best-responses, as above. Definition 1 Attacker從 mixedstrategyset中任意選擇 Attacker根據defender行為, 選擇對應的策略
Introduction • Stackelberg games • Compact Security Game Model • Algorithms: ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) • Evaluation Agenda
A set of targets that may be attacked:T = {t1, …, tn} • A set of resources available to coverthese targets, R = {r1, . . . , rm}(all resources are identical) • Four payoffs of each target: • Examplepayoffs for an attack on a target. Compact Security Game Model
Restrict to attack a single target with probability 1 Compact Security Game Model
The defender’s expected payoff: Given A, C, U(C, A) = Σt∈Tat(ct x+ (1 − ct)) • The attacker’s expected payoff on target t: Given C, U(t, C) = ct)+ (1 − ct) Γ(C) = {t : UΨ(t, C) ≥ UΨ(t’, C) ∀ t’∈ T}. (Γ(C) : attack set) Compact Security Game Model Uncovered Covered
In a strong Stackelberg equilibrium, the attacker selects the targetin the attack set with maximum payoff for the defender. • Let t∗ denote this optimal target Compact Security Game Model
Any security game represented in this compact form can also be represented in normal form. • Attack vector A attacker’s pure strategies • For the defender, each possible allocation of resources corresponds to a pure strategy in the normal form. • There are n choose m ways to allocate m resources to n targets. Compact Security Game Model
The probability assigned to a pure strategy covering targets i and j: + = c1--(1) + = c2 + = c3 + = c4 • ΩΘdefines a payoff foreach combination of a resource allocation schedule and target. Compact Security Game Model
Introduction • Stackelberg games • Compact Security Game Model • Algorithms: ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) • Evaluation Agenda
ERASER algorithm (Efficient Randomized Allocation of SEcurityResources) 1. Input: a security game in compact form 2. A mixed-integerlinear program (MILP) ERASER
max d (5) at ∈ {0, 1} ∀t ∈ T (6) Σt∈Tat = 1 (7) ct ∈ [0, 1] ∀t ∈ T (8) Σt∈Tct ≤ m (9) d − UΘ(t,C) ≤ (1 − at) Z ∀t ∈ T (10) 0≤ k − UΨ(t,C) ≤ (1 − at) Z ∀t ∈ T (11) ERASER UΨ(t,C) ≤ k
THEOREM 1. For any feasible ERASER coverage vector, there is a corresponding mixed strategy δΘ that implements the desired coverage probabilities. • THEOREM 2. A pair of attack and coverage vectors (C,A) is optimal for the ERASER MILP correspond to at least one SSE of the game. ERASER
Payoff structure 1. The defender always benefits by having additional resources covering an attacked target, while the attacker is always worse off attacking a more heavily defended target. 2. < (t) and (t) > (t) Compact Security Game Model
Observation (1/3 ) All else equal, increasing ct for any target not in Γ(C) has no effect on Θ(C) or Ψ(C). • Observation (2/3) If Γ(C) ⊂ Γ(C’) and ct = c’tfor all t ∈Γ(C) then Θ(C) ≤ Θ(C’). • Observation(3/3) If Ψ(C)= x, then ct ≥ for every target t with (t) > x. Compact Security Game Model x = ct()+(1−ct) .
Optimizing Resources in GAmes using Maximal Indifference 1. Start: A target that has maximal (t) 2. Each time the attack set is expanded, the coverage of each target is updates to maintain the indifference of attacker payoffs within the attack set. ORIGAMI algorithm
3. Termination conditions (1/2) When adding the next target to the attack set requires more total coverage probability than the defender has resources available. 4. Termination conditions (2/2) When any target t is covered with probability 1. The expected value for an attack on this target cannot be reduced below (t). 5. Maximize the number of targets. Maximize total coverage probability. ORIGAMI algorithm
THEOREM 3. ORIGAMI computes a coverage vector C that is optimal for the ERASER MILP, and is therefore consistent with a SSE of the security game. ORIGAMI algorithm
ORIGAMI algorithm + MILP algorithm min k (12) γt ∈ {0, 1} ∀t ∈ T (13) ct∈ [0, 1] ∀t ∈ T (14) Σt∈Tct ≤ m (15) UΨ(t,C) ≤ k ∀t ∈ T (16) k − UΨ(t,C) ≤ (1 − γt) ・ Z ∀t ∈ T (17) ct≤ γt∀t ∈ T (18) ORIGAMI-MILP
THEOREM 4. ORIGAMI-MILP generates an optimal solution for the ERASER MILP. ORIGAMI-MILP
Modeling air marshals as resources, flights as targets, with payoffs defined by expert risk analysis. • Resource types can be used to specify different sets of legal schedules for each resource. • Adding theseconstraints effectively reduces the space of feasible coverage vectors. • Example: Resource constraints 1 2 3
. Adding the capability to represent certain kinds of resource and scheduling constraints • The first extension allows resources to be assigned to schedules covering multiple targets. • The second extension introduces resource types,Ω = {ω1, . . . , ωv}. ERASER-C (constrained)
Variables ERASER-C (constrained)
max d (19) at∈ {0, 1} ∀t ∈ T (20) ct∈ [0, 1] ∀t ∈ T (21) qs∈ [0, 1] ∀s ∈ S (22) hs,ω ∈[0, 1] ∀s, ω ∈ S × Ω (23) Σt∈Tat= 1 (24) Σω∈Ωhs,ω= qs∀s ∈ S (25) Σs∈SqsM(s, t) = ct ∀t ∈ T (26) Σs∈Shs,ωCa(s, ω)≤ R(ω) ∀ω∈ Ω (27) hs,ω ≤ Ca(s, ω)∀s, ω ∈ S × Ω (28) d − UΘ(t,C) ≤ (1 − at) ・ Z∀t ∈ T (29) 0 ≤ k − UΨ(t,C)≤ (1 − at) ・ Z ∀t ∈ T (30) ERASER-C (constrained)
Introduction • Stackelberg games • Compact Security Game Model • Algorithms: ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) • Evaluation Agenda
DOBSS • The ordering of the algorithms in terms of the size of the class of games: ORIGAMI/ORIGAMI-MILP ⊂ ERASER ⊂ ERASER-C ⊂ DOBSS. • First set of experiments: Compares the performance of DOBSS, ERASER, and ERASER-C on random game instances. • Next comparison: ERASER, ORIGAMI, and ORIGAMI-MILPon much larger instances that DOBSS is unable to solve. • Final experiment: Compares the algorithms on relevant example games for the LAX and FAMS domains. Evaluation
Generate random instances of compactsecurity games of the form used by ERASER. • Independently randomly draw four integer payoffs for each target. • and are drawn from Uniform[0, 100], while and are drawn from Uniform[−100, 0]. Evaluation(The first set of tests) (a) Runtimes for DOBSS, ERASER, and ERASER-C (b) Memory use of DOBSS, ERASER, and ERASER-C
Comparing the performance of ERASER-C and DOBSS on games. • Random game instances now include schedules, resource types, and coverage mappings. • We test games with 3 resource types, and availability of [3, 3, 2] for each type. • There are twice as many schedules as targets, and each schedule covers a randomly-selected set of two targets. Evaluation(The first set of tests) (c) Runtimes for DOBSS and ERASER-C (d) Memory use of DOBSS and ERASER-C
Comparing the performance of ERASER, ORIGAMI, andORIGAMI-MILP on very large gameswell beyond the limits ofDOBSS. Evaluation(The second set of tests) Comparing the runtimes of the three algorithms on games with 25 resources and up to 3000 targets. Comparing the runtimes of the twoalgorithms on games with 1000 resources and up to 4000 targets. (e)Runtime scaling of ERASER, ORIGAMI, and ORIGAMI-MILP (f)Runtime scaling of ORIGAMI, and ORIGAMI-MILP
Both examples cover a one weekperiod, but cover • different foreign and domestic airports to generate • "small" and "large" tests. Evaluation (Real data) Table 2: Runtimes on real data.
Additional constraints are necessary if there are odd cycles possible in the schedules. Limitation