A Game-Theoretic Framework for Securing Interdependent Assets in Networks

Abstract

Large-scale networked systems, such as the power grid, are comprised of a large number of interconnected assets managed by multiple self-interested stakeholders. The interdependencies between the assets play a critical role in the security of the overall system, especially against strategic attackers who exploit these interdependencies to target valuable assets. In this work, we develop a general game-theoretic framework to model the security investments of resource-constrained stakeholders against targeted attacks. We consider two complementary problems: (i) where defenders are given a budget to minimize expected loss due to attacks and (ii) where defenders minimize security investment cost subject to a maximum security risk they are willing to tolerate per each valuable asset. For both problems, we establish the existence of Nash equilibria and show that the problem of computing the optimal defense allocation by a central authority and the (decentralized) problem of computing the best response for a single defender can be formulated as convex optimization problems. We then show that our framework can be applied to determine deployment of moving target defense (MTD) in networks. We first apply the game-theoretic framework on the IEEE 300 bus power grid network and compare the optimal expected loss (respectively, security investment cost) under centralized and Nash equilibrium defense allocations. We then show how our framework can be used to compute optimal deployment of MTD on an e-commerce system.

In a preliminary version of this work [20], we only investigated the security risk minimization game, and considered different sets of case studies.Abraham Clements is supported by Sandia National Laboratories. Sandia National Laboratories is a multimission laboratory managed and operated by National Technology and Engineering Solutions of Sandia LLC, a wholly owned subsidiary of Honeywell International Inc. for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-NA0003525. SAND2017-10889 B.This material is based in part upon work supported by the National Science Foundation under Grant Number CNS-1548114. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.

Chapter Appendix: Generalized Nash Equilibrium

In this section, we give a formal definition of a generalized Nash equilibrium (GNE) and state the required existence result that will be useful in our analysis. Let there be N players. The strategy set of player i is denoted as \(X_{i} \subseteq \mathbb{R}^{n_{i}}\). Let X: = Π_{i = 1}^N X_i, and X_−i: = Π_{j = 1, j ≠ i}^N X_j. Let \(C_{i}: X_{-i} \rightarrow 2^{X_{i}}\) be the set-valued map or correspondence that defines the feasible strategy set for player i at a given strategy profile of all other players. Let \(f_{i}: X \rightarrow \mathbb{R}\) denote the cost function for player i. We denote this game as Γ(N, {X_i}, {C_i}, {f_i}).

Definition 1.

A strategy profile x^∗ ∈ X is a GNE of Γ(N, {X_i}, {C_i}, {f_i}) if for every player i,

$$\displaystyle{ x_{i}^{{\ast}}\in \mathop{\text{argmin}}\limits_{x_{ i} \in C_{i}(x_{-i}^{{\ast}})}f_{ i}(x_{i},x_{-i}^{{\ast}}). }$$

(7.38)

Our proof of GNE existence in this chapter is based on the following general result.

Theorem 1.

Consider the game Γ(N, {X_i}, {C_i}, {f_i}). Assume for all players we have

1. 1.

   X _i is a nonempty, convex, and compact subset of an Euclidean space,

2. 2.

   C _i is both upper and lower semicontinuous,

3. 3.

   C_i(x_−i) is nonempty, closed, and convex for every x_−i ∈ X_−i ,

4. 4.

   f _i is continuous on the graph of C _i , and

5. 5.

   f_i(x_i, x_−i) is quasiconvex on C_i(x_−i) for every x ∈ X.

Then there exists a GNE.

The proof of the above theorem relies on Kakutani fixed-point theorem and Berge’s maximum theorem and is presented in [10, Theorem 3.1].

In many application, including for the defense cost minimization game studied in this chapter, we encounter a parametrized constraint set, i.e., C_i(x_−i) = {x_i ∈ X_i | g_ij(x_i, x_−i) ≤ 0, j = {1, 2, …, m_i}}. For this class of constraints, we have the following sufficient conditions for the upper and lower semicontinuity of C_i [16, Theorem 10,12].

Theorem 2.

Let \(C_{i}: X_{-i} \rightarrow 2^{X_{i}}\) be given by C_i(x_−i) = {x_i ∈ X_i | g_ij(x_i, x_−i) ≤ 0, j = {1, 2, …, m_i}}.

1. 1.

   Let \(X_{i} \subseteq \mathbb{R}^{n_{i}}\) be closed and all components g _ij ’s be continuous on X. Then, C _i is upper semicontinuous on X _{− i} .

2. 2.

   Let g _ij ’s be continuous and convex in x _i for each x _{− i} . If there exists \(\bar{x}\) such that \(g_{ij}(\bar{x}_{i},\bar{x}_{-i}) <0\) for all j, then C _i is lower semicontinuous at \(\bar{x}_{-i}\) and in some neighborhood of \(\bar{x}_{-i}\) .

Remark 5.

Some authors use the term hemicontinuity instead of semicontinuity [31]. The definitions coincide for closed and compact-valued correspondences, which is the case here.