Network Inspection for Detecting Strategic Attacks

Dahan, Mathieu; Sela, Lina; Amin, Saurabh

doi:10.1287/opre.2021.2180

Cited by 9 publications

(7 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We also look into the impact of varying interdiction budget B I and monitoring budget B M simultaneously on the optimal objective value while setting a common total budget: B I + B M = 15. Specifically, in addition to having (B I , B M ) = (5, 10), for each of the instances solved between 1 min and 1 h under SVI, we created six new settings: (B I , B M ) = (1, 14), (3, 12), (7, 8), (9,6), (11,4), and (13, 2). Note that this setting is different from considering the NISG given a shared budget that can be allocated towards either interdiction or monitoring decisions.…”

Section: Sensitivity Analyses On Key Problem Parametersmentioning

confidence: 99%

“…Okamoto et al [28] examine a network flow interdiction problem in which the evader minimizes inflicted damages, while the defender maximizes damages minus the attack costs. Dahan et al [11] study a network inspection game in which the defender determines a node inspection strategy that minimizes the number of detectors while achieving a target expected detection rate in the worst case. Basilico et al [4] consider a multi‐stage game with an infinite horizon.…”

Section: Introduction and Problem Statementmentioning

confidence: 99%

See 1 more Smart Citation

A two‐stage network interdiction‐monitoring game

2022

View full text Add to dashboard Cite

We study a network interdiction problem involving two agents: a defender and an evader. The evader seeks to traverse a path from a source node to a terminus node in a directed network without being detected. The game takes place in two stages. In the first stage, the defender removes a set of arcs in the network. In the second stage, the defender and evader play a simultaneous game. The defender monitors a set of arcs, thus increasing the probability that the evader will be detected on that arc (if the evader uses the arc). The evader selects a source-terminus path. Because the second stage is played simultaneously, both agents use mixed-strategy solutions. We approach the solution of the second-stage problem by proposing a constraint-and-column generation algorithm. We show that both the constraint-generation and column-generation problems are NP-hard. Accordingly, we prescribe approximate versions of these problems that can be solved more efficiently. Our algorithm relies on solving the approximate versions until it is necessary to obtain an exact solution of the constraint-generation and column-generation problems. Then, to link the first-and second-stage problems, we model the original problem using an epigraph reformulation, which we solve using a Benders-decomposition based approach. The efficacy of our approach is demonstrated on a set of randomly generated test instances.

show abstract

Section: Sensitivity Analyses On Key Problem Parametersmentioning

confidence: 99%

Section: Introduction and Problem Statementmentioning

confidence: 99%

A two‐stage network interdiction‐monitoring game

2022

View full text Add to dashboard Cite

show abstract

“…Game theory has successfully been used to study problems in the domain of cybersecurity (and network security more broadly) [6,7,8,9,10,11,12,13]. In particular, it has proven successful for sensor allocation problems [13,14,15]. In our model, the defender allocates heterogeneous sensors in order to detect multiple attacks caused by a strategic attacker.…”

Section: Introductionmentioning

confidence: 99%

“…Thus we model the interactions between both players using a zero-sum game, in which both players may potentially select randomized strategies. This feature is known to be desirable in security settings in which finite resources are allocated [14,16].…”

Section: Introductionmentioning

confidence: 99%

“…Previous simultaneous security models, such as in [17,18,19,20], assume that each detection device is homogeneous. In this work, we extend the model in [14] by accounting for the potential heterogeneity in detection accuracy of the sensors available to the defender. In particular, we study how the detection heterogeneity of the defender's resources affects the strategies of both players.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Network Inspection Using Heterogeneous Sensors for Detecting Strategic Attacks

Mccann¹,

Dahan²

2022

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

We consider a two-player network inspection game, in which a defender allocates sensors with potentially heterogeneous detection capabilities in order to detect multiple attacks caused by a strategic attacker. The objective of the defender (resp. attacker) is to minimize (resp. maximize) the expected number of undetected attacks by selecting a potentially randomized inspection (resp. attack) strategy. We analytically characterize Nash equilibria of this large-scale zero-sum game when every vulnerable network component can be monitored from a unique sensor location. We then leverage our equilibrium analysis to design a heuristic solution approach based on minimum set covers for computing inspection strategies in general. Our computational results on a benchmark cyber-physical distribution network illustrate the performance and computational tractability of our solution approach.

show abstract

The all-pairs vitality-maximization (VIMAX) problem

Paul,

Martonosi

2024

Ann Oper Res

View full text Add to dashboard Cite

Traditional network interdiction problems focus on removing vertices or edges from a network so as to disconnect or lengthen paths in the network; network diversion problems seek to remove vertices or edges to reroute flow through a designated critical vertex or edge. We introduce the all-pairs vitality maximization problem (VIMAX), in which vertex deletion attempts to maximize the amount of flow passing through a critical vertex, measured as the all-pairs vitality of the vertex. The assumption in this problem is that in a network for which the structure is known but the physical locations of vertices may not be known (e.g., a social network), locating a person or asset of interest might require the ability to detect a sufficient amount of flow (e.g., communications or financial transactions) passing through the corresponding vertex in the network. We formulate VIMAX as a mixed integer program, and show that it is NP-Hard. We compare the performance of the MIP and a simulated annealing heuristic on both real and simulated data sets and highlight the potential increase in vitality of key vertices that can be attained by subset removal. We also present graph theoretic results that can be used to narrow the set of vertices to consider for removal.

show abstract

Network Inspection for Detecting Strategic Attacks

Cited by 9 publications

References 40 publications

A two‐stage network interdiction‐monitoring game

A two‐stage network interdiction‐monitoring game

Network Inspection Using Heterogeneous Sensors for Detecting Strategic Attacks

The all-pairs vitality-maximization (VIMAX) problem

Contact Info

Product

Resources

About