Upload
bonita
View
44
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Computing Optimal Randomized Resource Allocations for Massive Security Games. Presenter : Jen Hua Chi Advisor : Yeong Sung Lin. Introduction Stackelberg games Compact Security Game Model Algorithms: ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) Evaluation. Agenda. Motivation : - PowerPoint PPT Presentation
Citation preview
Computing Optimal Randomized Resource Allocations forMassive Security Games
Presenter : Jen Hua ChiAdvisor : Yeong Sung Lin
2
Agenda
Introduction Stackelberg games Compact Security Game Model Algorithms: ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) Evaluation
3
Introduction
Motivation : Providing security for transportation systems, computer networks, and other critical infrastructure. Recent work : Paruchuri et. al. uses a game-theoretic approach to create randomized security policies for traffic checkpoints and canine patrols at the Los Angeles International Airport (LAX).
4
Introduction
A limitation of existing solution methods : 1. Size 2. Computing infeasible Now: subway systems, random baggage screening, container inspections at ports, and scheduling for the Federal Air Marshals Service.
US commercial airlines fly 27,000 domestic flights and over 2000 international flight each day. The Federal Air Marshal Service (FAMS) has law enforcement authority for commercial air transportation.
Flights should not necessarily have equal weighting in a randomized schedule.
5
Introduction
Key questions :1. How to efficiently allocate resources
to protect against a wide variety of potential threats?
2. The adversarial aspect of security domains poses unique challenges for resource allocation.
Randomization => Game Theory
6
Problems
An individual air marshal’s potential departures are constrained by their current location, and schedules must account for flight and transition times.
Normal form of Stackelberg game model can only present the the cost of a combinatorial explosion in the size of the strategy space and payoff representation.
=> Compact Security Game Model
7
Introduction
New techniques: 1. Randomized security resource allocation 2. First algorithm (ERASER) Dramatically reduce both space and time requirements for the multiple-resource case 3. Two additional algorithms: (ORIGAMI, ORIGAMI-MILP) Improving performance 4. Incorporating additional scheduling and resource constraints into the model: ERASER-C
8
Agenda
Introduction Stackelberg games Compact Security Game Model Algorithms: ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) Evaluation
9
Stackelberg Games
Stackelberg Games A ‘leader’ moves first, and the ‘follower’ observes the leader’s strategy before acting.
Related games: border patrolling, computer job scheduling, security patrolling.
It can models the capability of malicious attackers to employ surveillance in planning attacks.
10
Stackelberg Games
Normal form: 1. Two players: a defender, Θ an attacker, ψ 2. Pure strategy set: σΘ Є ΣΘ, σψ Є Σψ
3. Mixed strategy set: δΘ Є ΔΘ, δψ Є Δψ
4. Payoffs for each player: ΩΘ : Σψ x ΣΘ R 5. Attacker’s strategy function: Fψ : ΔΘ Δψ
11
Stackelberg Equilibrium
It is a form of subgame perfect equilibrium.
Subgame : partial sequences of actions Two types of unique Stackelberg equilibria:
1. Strong 2. Weak A strong Stackelberg equilibrium exists in all Stackelberg games, but a weak Stackelberg equilibrium may not.
12
Definition 1
A pair of strategies (δΘ, FΨ) form a Strong Stackelberg Equilibrium (SSE) if they satisfy the following:
The leader plays a best-response: ΩΘ(δΘ, FΨ(δΘ)) ≥ ΩΘ(δ’Θ, FΨ(δ’Θ))∀δ’Θ ∈ ΔΘ. 2. The follower play a best-response: ΩΨ(δΘ, FΨ(δΘ)) ≥ ΩΨ(δΘ, δΨ)∀δΘ ∈ ΔΘ, δΨ ∈ ΔΨ. 3. The follower breaks ties optimally for the leader: ΩΘ(δΘ, FΨ(δΘ)) ≥ ΩΘ(δΘ, δΨ)∀δΘ ∈ ΔΘ, δΨ ∈ Δ∗Ψ(δΘ), whereΔ∗
Ψ(δΘ) is the set of follower best-responses, as above.
Attacker 根據 defender 行為,選擇對應的策略
Attacker 從mixed
strategy set中任意選擇
13
Agenda
Introduction Stackelberg games Compact Security Game Model Algorithms: ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) Evaluation
14
Compact Security Game Model
A set of targets that may be attacked: T = {t1, …, tn}
A set of resources available to cover these targets, R = {r1, . . . , rm} (all resources are identical)
Four payoffs of each target:
Example payoffs for an attack on a target.
Covered Uncovered
DefenderAttacker Covered Uncover
edDefender 5 -20Attacker -10 30
15
Compact Security Game Model
Restrict to attack a single target with probability 1
Vector MeaningC A coverage vectorct The probability that each target is
coveredA The probability of attacking a
target
16
Compact Security Game Model
The defender’s expected payoff: Given A, C, U(C, A) = Σt∈Tat (ct x+ (1 − ct) ) The attacker’s expected payoff on target t:
Given C, U(t, C) = ct )+ (1 − ct) Γ(C) = {t : UΨ(t, C) ≥ UΨ(t’, C) ∀ t’∈ T}. (Γ(C) : attack set)
Covered Uncovered
17
Compact Security Game Model
In a strong Stackelberg equilibrium, the attacker selects the target in the attack set with maximum payoff for the defender.
Let t∗ denote this optimal target
Players The expected SSE payoff
Defender
Θ(C) = UΘ(t∗, C)
Attacker Ψ(C) =UΨ(t∗, C)
18
Compact Security Game Model
Any security game represented in this compact form can also be represented in normal form.
Attack vector A attacker’s pure strategies
For the defender, each possible allocation of resources corresponds to a pure strategy in the normal form.
There are n choose m ways to allocate m resources to n targets.
19
Compact Security Game Model
The probability assigned to a pure strategy covering targets i and j:
+ = c1 --(1) + = c2
+ = c3
+ = c4
ΩΘ defines a payoff for each combination of a resource allocation schedule and target.
20
Compact Security Game Model
Form Player Strategy Payoff function size
Compact form
Defender n continuous variables
4n variables
Attacker n continuous variables
Normal form
Defender n Choose m variables
n(n Choose m)
Attacker n continuous variables
21
Agenda
Introduction Stackelberg games Compact Security Game Model Algorithms: ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) Evaluation
22
ERASER
ERASER algorithm (Efficient Randomized Allocation of SEcurity Resources) 1. Input: a security game in compact form 2. A mixed-integer linear program (MILP)
23
ERASER
max d (5)at ∈ {0, 1} ∀t ∈ T (6)
Σt∈T at = 1 (7)ct ∈ [0, 1] ∀t ∈ T (8)
Σt∈T ct ≤ m (9) d − UΘ(t,C) ≤ (1 − at) Z ∀t ∈ T (10)0 ≤ k − UΨ(t,C) ≤ (1 − at) Z ∀t ∈ T
(11)
UΨ(t,C) ≤ k
24
ERASER
THEOREM 1. For any feasible ERASER coverage vector, there is a corresponding mixed strategy δΘ that implements the desired coverage probabilities. THEOREM 2. A pair of attack and coverage vectors (C,A) is optimal for the ERASER MILP correspond to at least one SSE of the game.
25
Compact Security Game Model
Payoff structure 1. The defender always benefits by having additional resources covering an attacked target, while the attacker is always worse off attacking a more heavily defended target. 2. < (t) and (t) > (t)
26
Compact Security Game Model
Observation (1/3 ) All else equal, increasing ct for any target not in Γ(C) has no effect on Θ(C) or Ψ(C). Observation (2/3) If Γ(C) ⊂ Γ(C’) and ct = c’t for all t ∈Γ(C) then Θ(C) ≤ Θ(C’).Observation (3/3) If Ψ(C)= x, then ct ≥ for every target t with (t) > x.
x = ct()+(1−ct) .
27
ORIGAMI algorithm
Optimizing Resources in GAmes using Maximal Indifference
1. Start: A target that has maximal (t) 2. Each time the attack set is expanded, the coverage of each target is updates to maintain the indifference of attacker payoffs within the attack set.
28
ORIGAMI algorithm
3. Termination conditions (1/2) When adding the next target to the attack set requires more total coverage probability than the defender has resources available. 4. Termination conditions (2/2) When any target t is covered with probability 1. The expected value for an attack on this target cannot be reduced below (t).5. Maximize the number of targets. Maximize total coverage probability.
29
ORIGAMI algorithm
THEOREM 3. ORIGAMI computes a coverage vector C that is optimal for the ERASER MILP, and is therefore consistent with a SSE of the security game.
30
ORIGAMI-MILP
ORIGAMI algorithm + MILP algorithm min k (12) γt ∈ {0, 1} ∀t ∈ T (13)
ct ∈ [0, 1] ∀t ∈ T (14) Σt∈Tct ≤ m (15) UΨ(t,C) ≤ k ∀t ∈ T (16) k − UΨ(t,C) ≤ (1 − γt) ・ Z ∀t ∈ T (17)
ct ≤ γt ∀t ∈ T (18)
31
ORIGAMI-MILP
THEOREM 4. ORIGAMI-MILP generates an optimal solutionfor the ERASER MILP.
32
Resource constraints
Modeling air marshals as resources, flights as targets, with payoffs defined by expert risk analysis.
Resource types can be used to specify different sets of legal schedules for each resource.
Adding these constraints effectively reduces the space of feasible coverage vectors.
Example: 1
2
3
33
ERASER-C (constrained)
. Adding the capability to represent certain kinds of resource and scheduling constraints
The first extension allows resources to be assigned to schedules covering multiple targets.
The second extension introduces resource
types,Ω = {ω1, . . . , ωv}.
34
ERASER-C (constrained)
Variables
Meaning Variables/ FunctionsThe relationship between targets and schedules
M : S × T → {0, 1}
The number of available resources of each type
R(ω)
Coverage capabilities for each type
Ca : S × Ω → {0, 1}
The total probability that is assigned to each schedule by all resource types
q
The probability assigned to a schedule by a specific type of resource
h
Large constant, relative to themaximum payoff
Z
35
ERASER-C (constrained)
max d (19) at ∈ {0, 1} ∀t ∈ T (20) ct ∈ [0, 1] ∀t ∈ T (21)
qs ∈ [0, 1] ∀s ∈ S (22) hs,ω ∈ [0, 1] ∀s, ω ∈ S × Ω (23) Σt∈ T at = 1 (24) Σω∈Ωhs,ω = qs ∀s ∈ S (25)
Σs∈S qsM(s, t) = ct ∀t ∈ T (26)
Σs∈Shs,ωCa(s, ω)≤ R(ω) ∀ω∈ Ω (27) hs,ω ≤ Ca(s, ω) ∀s, ω ∈ S × Ω (28)
d − UΘ(t,C) ≤ (1 − at) ・ Z ∀t ∈ T (29) 0 ≤ k − UΨ(t,C)≤ (1 − at) ・ Z ∀t ∈ T (30)
36
Agenda
Introduction Stackelberg games Compact Security Game Model Algorithms: ERASER, ORIGAMI, ORIGAMI-MILP, ERASER (-C) Evaluation
37
Evaluation
DOBSS The ordering of the algorithms in terms of the size of the class of games:
ORIGAMI/ORIGAMI-MILP ⊂ ERASER ⊂ ERASER-C ⊂ DOBSS. First set of experiments: Compares the performance of DOBSS, ERASER, and ERASER-C on random game instances.
Next comparison: ERASER, ORIGAMI, and ORIGAMI-MILP on much larger instances that DOBSS is unable to solve.Final experiment: Compares the algorithms on relevant example games for the LAX and FAMS domains.
38
Evaluation(The first set of tests)
Generate random instances of compact security games of the form used by ERASER.
Independently randomly draw four integer payoffs for each target.
and are drawn from Uniform[0, 100], while and are drawn from Uniform[−100, 0].
(a) Runtimes for DOBSS,ERASER, and ERASER-C
(b) Memory use of DOBSS,ERASER, and ERASER-C
39
Evaluation(The first set of tests)
Comparing the performance of ERASER-C and DOBSS on games.
Random game instances now include schedules, resource types, and coverage mappings.
We test games with 3 resource types, and availability of [3, 3, 2] for each type.
There are twice as many schedules as targets, and each schedule covers a randomly-selected set of two targets.
(c) Runtimes for DOBSS andERASER-C
(d) Memory use of DOBSS and ERASER-C
40
Evaluation(The second set of tests)
Comparing the performance of ERASER, ORIGAMI, and ORIGAMI-MILP on very large games well beyond the limits of DOBSS.
(e)Runtime scaling of ERASER, ORIGAMI, and ORIGAMI-MILP
(f)Runtime scaling of ORIGAMI, and ORIGAMI-MILP
Comparing the runtimes of the three algorithms on games with 25 resources and up to 3000 targets.
Comparing the runtimes of the two algorithms on games with 1000 resources and up to 4000 targets.
41
Evaluation (Real data)
Actions DOBSS ERASER (-C)LAX (6
canines)784 0.94s 0.23s
FAMS (small) ~6,000 4.74s 0.09sFAMS (large) ~85,000 435.6s* 1.57sTable 2: Runtimes on real data.
• Both examples cover a one week period, but cover different foreign and domestic airports to generate "small" and "large" tests.
42
Limitation Additional constraints are necessary if there are odd cycles possible in the schedules.
Thanks for your attention