1 / 47

Path Disruption Games (Cooperative Game Theory meets Network Security)

Path Disruption Games (Cooperative Game Theory meets Network Security). Yoram Bachrach , Ely Porat Microsoft Research Cambridge. Agenda. Hospitals and Cost Sharing. Three private hospitals need an X-Ray machine Optimal solution Two cheap machines cost £10M Buy the £9M machine share it

elaine
Download Presentation

Path Disruption Games (Cooperative Game Theory meets Network Security)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Path Disruption Games(Cooperative Game Theory meets Network Security) YoramBachrach, Ely Porat Microsoft Research Cambridge

  2. Agenda

  3. Hospitals and Cost Sharing • Three private hospitals need an X-Ray machine • Optimal solution • Two cheap machines cost £10M • Buy the £9M machine share it • Private sector problem • Private hospitals negotiate • What to buy • How to share the costs

  4. X-Ray Problem • Some hospital pair must pay at least £6M • These hospitals can simply buy the cheap machine and pay only £5M • Any cost sharing agreement is unstable £9M p1 p2 p3

  5. Treasure Island • Jim, Billy and Smollett are looking for a buried treasure, worth a £1000 • Billy and Jim each have half of the map • Each half is useless on its own • Smollett has a ship that can sail to treasure island • Renting a ship from anyone else costs £800 • v(J)=v(B)=v(S)=v(J,S)=v(B,S)=£0 • v(J,B)=£200 • V(J,B,S)=£1000 • How should they split the gains?

  6. Treasure Island – Forming Coalitions £1000 £200

  7. Treasure Island – Sharing Rewards • Some agreements won’t last long, and others are stable • E.g. giving Smollett £900 and Jim and Billy £50 each • What is a fair way to divide the money? • Cannot win without Jim and Billy • Smollett’s ship really helps the gains £1000 p1 p2 p3

  8. UK Elections 2010: Budgets and Politics • No party had the required majority (326 seats) • Hung parliament • Second time since World War II • Previous time was 1974 • First coalition government to eventuate from elections • The Lib-Dems only had 57/650=8.8% of seats • But large influence on policy • Other alternative for the conservatives – government with labour • Not very appealing to the conservatives…

  9. An Alternate Universe • Would the Conservatives be more powerful or less powerful in this alternate universe? • Intuition: much more alternatives to choose from! • What determines the balance of power? • Suppose parties have to allocate a budget…

  10. Cooperative Games • Agents must cooperate to achieve their goals… • … but are still selfish • Maximize their share of the rewards • Obtain the outcome maximizing their utility • Minimize their own cost • Maximize their influence • What teams and agreements would form?

  11. Coalitional Game Theory

  12. Transferable Utility Games • Agents: • Coalition: • Characteristic function: • Two flavors: cost and surplus sharing • Simple coalitional games: • Coalitions either win or lose • Monotone games => • More agents => More money • Super-additive games • It is always worthwhile for coalitions to merge • The Grand Coalition would form

  13. Transferable Utility Games

  14. Agent properties • Veto agent • Can’t win without the agent (simple games) • Can’t generate any value without the agent (Non-simple games) • Dummy agent • Never contributes to any coalition • Equivalent agents , => • Contribute equally to any coalition that contains neither of them • Critical agent for a coalition • The coalition wins with the agent, but loses without the agent

  15. Payoffs • Imputations define how the total utility is distributed • A payoff vector such that • Individual rationality • Otherwise, an agent can do better alone • The payoff of a coalition C is • A coalition C is blocking if p(C) < v(C)

  16. Treasure Island – Imputations • Is the vector p=(900,50,50) blocked? By what coalition? • What about p=(100,500,400)? • And p=(100,899,1)? • Or p=(0,1,999)? • Stability does not mean fairness! 1000£ p1 900£ p2 50£ p3 50£

  17. The Core (Stability) • All imputations that are not blocked by any coalition • For any coalition C, p(C) ≥ v(C) • For cost sharing games, the inequality is reversed • No coalition is incentived to defect from the grand coalition • Gillies (1953) and von Neumann & Morgenstein (1947)

  18. Treasure Island – the Core • Two coalitions can block: • Only need to make sure get at least 200£ 1000£ p1 p2 p3 £200 £1000

  19. X-Ray Problem – the Core • c1 + c2 + c3 = £9M • For any imputation c, some pair must pay at least £6M • So ci+cj > 5 • However v( {I,j} ) = 5 • Thus any imputation c is blocked by some pair {i,j} • The core is empty £9M c1 c2 c3

  20. Weighted Voting Games (WVG) • Set of agents • Each agent has a weight • A game has a quota • A coalition C wins if • A simplegame (coalitions either win or lose)

  21. WVGs and the UK Elections • Game 1: [306, 258, 57; 326] • Game 2: [306, 258, 28, 29; 326] • What is a fair way of allocating the budget? • How does this “weight splitting” affect power? • Is power proportional to the weight?

  22. Power in WVGs • Consider • No single agent wins • Any coalition of two agents wins • The grand coalition wins • No agent has more power than any other • Voting power is not proportional to voting weight • Ability to change the outcome of the game with your vote • How do we measure voting power?

  23. Fairness • Return of the Pirates Treasure Island (1000£) Treasure Cave (2000£)

  24. Fairness Requirements • A solution concept maps a game (characteristic function) to an imputation for that game • Efficiency Axiom: • Dummy Axiom: dummy agents get nothing • Symmetry Axiom: Equivalent agents get the same • Additivity axiom: • If a game is composed of two sub-games • (v+w)(C) = v(C)+w(C) • E.g. playing both treasure island and treasure cave • Then an agent’s payoff in v+w is the sum of her payoffs in v and in w • Is there a solution concept that fulfills all these fairness axioms?

  25. Marginal Contribution • Treasure island • The coalition has a value of 0£ • No full map • The coalition has a value of 1000£ • Agent has a marginal contribution of 1000£-0£=10000£ to coalition

  26. Marginal Contribution • Treasure island • The coalition has a value of 200£ • Full map, no ship • The coalition has a value of 1000£ • Agent has a marginal contribution of 1000£-200£=800£ to coalition

  27. The Shapley Value: Fairness • Given an ordering of the agents in I, denotes the set of agents that appear before i in • The Shapley value is an agent’s marginal contribution to its predecessors, averaged across all permutations • The only solution concepts that fulfills all of the previously defined fairness axioms • Can also be used to measure power

  28. Treasure Island – the Shapley Value

  29. Power Indices • Power in weighted voting games can be computed using the Shapley value • WVGs are simple games • The Shapely value measures the proportion of coalitions where an agent is critical • Each permutation has exactly one critical agent • Simple generative model • Are there alternative models or power indices?

  30. Power in the UK Elections • Game 1: [306, 258, 57; 326] • Game 2: [306, 258, 28, 29; 326] • Split makes the labour less powerful • But the power goes to the conservatives… • … not the Lib-Dems

  31. Security in Networks • Physical network security • Placing checkpoints • Locations for routine checks • Network security • Protecting servers and links from attacks • Various costs for different nodes and links • How easy it is to deploy a check point • Performance degradation for protected servers • How should the budget be spent on security resources?

  32. Blocking an adversary s t

  33. Blocking an adversary s t

  34. Blocking an adversary s t

  35. Blocking an adversary s t

  36. Blocking an adversary s t

  37. Blocking an adversary s t

  38. Blocking an adversary s t

  39. Incorporating costs 3 1 2 s 2 t 8 5 2 3 7 2

  40. Incorporating costs 3 1 2 s 2 t 8 5 2 3 7 2

  41. Network Security Hotspots • Agents must for coalitions to successfully block the adversary • Obtain a certain reward or budget for achieving the task • How should this reward be shared between the agents • Stability • No subset of the coalition should have an incentive to form an alternative coalition • Fairness • Reflect the contribution of the each agent • Security resources are limited • Which node / link should be allocated these resources first? • Power indices allow finding such reliability hotspots

  42. Path Disruption Games • Games played on a graph G=<V,E> (a network) • Simple version (PDGs): coalition wins if it can block the adversary and loses otherwise • Model with costs (PDGCs): a coalition is guaranteed a reward r for blocking the adversary, but incurs the cost of its checkpoints

  43. Power and Security Suppose all check points have equal probability,50%, of blocking the adversary or not blocking We have limited security resources Which nodes should be protected first? “Powerful” nodes are more critical Suppose we can only choose one node where the adversary is blocked with 100% probability The Banzhaf index of a node is the probability of stopping the adversary when: This node blocks with probability 100% All other nodes block with probability of 50%

  44. Stability in PDGs: the Core • Given a reward for blocking the adversary what check point coalitions would form? • We want the agents to work under enforceable contracts: • Which check points are used and • How to share the reward • The core constitutes a stable allocation • A distribution not in the core would break down the coalition structure • Unable to agree on a contract and infinite negotiation

  45. Results • PDGs (several adversaries, no cost) • Can test for veto agents and compute the core in polynomial time • Computing the maximal excess for an imputation (payoff vector) is NP-complete • NP-hard to compute the least core • Testing for dummy agents is coNP-Complete • Computing the Banzhaf index is #P-complete • But for trees it is computing in polynomial time

  46. Results (cont.) • Model with costs (PDGCs): • Computing the value of a coalition is NP-hard • Min cost vertex cut • Can do better for trees

  47. Conclusion & Future Directions Suggested a game theoretic model for network security based on blocking adversaries Future work Other solution concepts: power indices, nucleolus, kernel More complex network security domains

More Related