Resource Distribution in Multiple Attacks with Imperfect Detection of the Attack Outcome

This article extends the previous research of consecutive attacks strategy by assuming that an attacker observes the outcome of each attack imperfectly. With given probabilities it may wrongly identify a destroyed target as undestroyed, and wrongly identify an undestroyed target as destroyed. The outcome of each attack is determined by a contest success function that depends on the amount of resources allocated by the defender and the attacker to each attack. The article suggests a probabilistic model of the multiple attacks and analyzes how the target destruction probability and the attacker's relative resource expenditure are impacted by the two probabilities of incorrect observation, the attacker's and defender's resource ratio, the contest intensity, the number of attacks, and the resource distribution across attacks. We analyze how the attacker chooses the number of attacks, the attack stopping rule, and the optimal resource distribution across attacks to maximize its utility.     

Efficiency of Even Separation of Parallel Elements with Variable Contest Intensity

The article considers strategic defense and attack of a system that can be separated into parallel elements. The defender distributes its resource between separation and protecting the elements from outside attacks. The vulnerability of each element is determined by an attacker‐defender contest success function, which depends on a contest intensity that may increase or decrease through the separation process. The article determines criteria of separation efficiency for systems without performance redundancy and 1‐out‐of‐N and Q‐out‐of‐N systems with performance redundancy. For the systems with performance redundancy the cases of expected damage proportional to the probability that the demand is not met, and expected damage proportional to the unsupplied demand, are considered.     

Defender–Attacker Games with Asymmetric Player Utilities

The presence of strategic attackers has become an important factor in the security and protection of systems, especially since the 9/11/2001 attacks, and considerable efforts have been dedicated to its study. When defending against the strategic attacker, many existing studies assume that the attacker would seek to minimize the defender's utility, which implies that the defender and attacker have symmetric utilities. However, the attacker's objective is determined by its own valuation of the system and target of the attack, which is not necessarily consistent with the defender's utility. If the attacker unexpectedly targets a different utility, then the defense strategy might no longer be optimal. In particular, the defense strategy could be inferior if the attacker's utility is not known to the defender. This study considers a situation where the defender's utility is the system survivability and the attacker's utility is the expected number of destroyed elements in the system. We investigate possible attack strategies under these two different utilities and compare (a) the conservative defense strategy when the attack utility is unknown to the defender with (b) the optimal defense strategy when the attack utility is known to the defender. We show that the conservative protection strategy is still optimal under asymmetric utilities when the contest intensity is smaller than one.     

A General Framework for the Assessment of Power System Vulnerability to Malicious Attacks

The protection and safe operations of power systems heavily rely on the identification of the causes of damage and service disruption. This article presents a general framework for the assessment of power system vulnerability to malicious attacks. The concept of susceptibility to an attack is employed to quantitatively evaluate the degree of exposure of the system and its components to intentional offensive actions. A scenario with two agents having opposing objectives is proposed, i.e., a defender having multiple alternatives of protection strategies for system elements, and an attacker having multiple alternatives of attack strategies against different combinations of system elements. The defender aims to minimize the system susceptibility to the attack, subject to budget constraints; on the other hand, the attacker aims to maximize the susceptibility. The problem is defined as a zero‐sum game between the defender and the attacker. The assumption that the interests of the attacker and the defender are opposite makes it irrelevant whether or not the defender shows the strategy he/she will use. Thus, the approaches “leader–follower game” or “simultaneous game” do not provide differences as far as the results are concerned. The results show an example of such a situation, and the von Neumann theorem is applied to find the (mixed) equilibrium strategies of the attacker and of the defender.     

An Attacker–defender Resource Allocation Game with Substitution and Complementary Effects

The United States is funding homeland security programs with a large budget (e.g., 74.4 billion for FY 2019). A number of game-theoretic defender–attacker models have been developed to study the optimal defense resource allocation strategies for the government (defender) against the strategic adversary (attacker). However, to the best of our knowledge, the substitution or complementary effects between different types of defensive resources (e.g., human resource, land resource, and capital resource) have not been taken into consideration even though they exist in practice. The article fills this gap by studying a sequential game-theoretical resource allocation model and then exploring how the joint effectiveness of multiple security investments influences the defensive budget allocation among multiple potential targets. Three false belief models have been developed in which only the defender, only the attacker, and both the defender and attacker hold false beliefs about the joint effectiveness of resources. Regression analysis shows that there are significant substitution effects between human and capital resources. The results show that the defender will suffer a higher loss if he fails to consider the substitution or complementary effects. Interestingly, if the attacker holds a false belief while the defender does not, the defender will suffer an even higher loss, especially when the resources are substitutes. However, if both the attacker and defender hold false beliefs, there will be lower loss when resources are complementary. The results also show that the defender should allocate the highly effective resource when the resources substitute each other. This article provides some new insights to the homeland security resource allocation.     

A Study on a Sequential One‐Defender‐N‐Attacker Game

Government usually faces threat from multiple attackers. However, in the literature, researchers often model attackers as one monolithic player who chooses whether to attack, how much investment to spend, and on which target, instead of treating multiple attackers as independent agents. This modeling strategy may potentially cause suboptimal defense investment if the attackers have vastly different interests and preferences and may not be combined as one in theory. In this article, we develop a sequential game with complete information. This model considers one defender explicitly dealing with multiple unmergeable attackers. Thorough numerical experiments are conducted using ratio and exponential contest success functions under different scenarios. The result is also contrasted with the corresponding single attacker model to study the effect of mishandling multiple attackers. The propositions and observations drawn from the numerical experiments provide insights for government decision making with a better understanding of the attackers' behavior.     

Choosing What to Protect

We study a strategic model in which a defender must allocate defensive resources to a collection of locations, and an attacker must choose a location to attack. The defender does not know the attacker's preferences, while the attacker observes the defender's resource allocation. The defender's problem gives rise to negative externalities, in the sense that increasing the resources allocated to one location increases the likelihood of an attack at other locations. In equilibrium, the defender exploits these externalities to manipulate the attacker's behavior, sometimes optimally leaving a location undefended, and sometimes preferring a higher vulnerability at a particular location even if a lower risk could be achieved at zero cost. Key results of our model are as follows: (1) the defender prefers to allocate resources in a centralized (rather than decentralized) manner; (2) as the number of locations to be defended grows, the defender can cost effectively reduce the probability of a successful attack only if the number of valuable targets is bounded; (3) the optimal allocation of resources can be nonmonotonic in the relative value of the attacker's outside option; and (4) the defender prefers his or her defensive allocation to be public rather than secret.     

A Comparative Analysis of PRA and Intelligent Adversary Methods for Counterterrorism Risk Management

In counterterrorism risk management decisions, the analyst can choose to represent terrorist decisions as defender uncertainties or as attacker decisions. We perform a comparative analysis of probabilistic risk analysis (PRA) methods including event trees, influence diagrams, Bayesian networks, decision trees, game theory, and combined methods on the same illustrative examples (container screening for radiological materials) to get insights into the significant differences in assumptions and results. A key tenent of PRA and decision analysis is the use of subjective probability to assess the likelihood of possible outcomes. For each technique, we compare the assumptions, probability assessment requirements, risk levels, and potential insights for risk managers. We find that assessing the distribution of potential attacker decisions is a complex judgment task, particularly considering the adaptation of the attacker to defender decisions. Intelligent adversary risk analysis and adversarial risk analysis are extensions of decision analysis and sequential game theory that help to decompose such judgments. These techniques explicitly show the adaptation of the attacker and the resulting shift in risk based on defender decisions.     

Deterrence and Risk Preferences in Sequential Attacker–Defender Games with Continuous Efforts

Most attacker–defender games consider players as risk neutral, whereas in reality attackers and defenders may be risk seeking or risk averse. This article studies the impact of players' risk preferences on their equilibrium behavior and its effect on the notion of deterrence. In particular, we study the effects of risk preferences in a single‐period, sequential game where a defender has a continuous range of investment levels that could be strategically chosen to potentially deter an attack. This article presents analytic results related to the effect of attacker and defender risk preferences on the optimal defense effort level and their impact on the deterrence level. Numerical illustrations and some discussion of the effect of risk preferences on deterrence and the utility of using such a model are provided, as well as sensitivity analysis of continuous attack investment levels and uncertainty in the defender's beliefs about the attacker's risk preference. A key contribution of this article is the identification of specific scenarios in which the defender using a model that takes into account risk preferences would be better off than a defender using a traditional risk‐neutral model. This study provides insights that could be used by policy analysts and decisionmakers involved in investment decisions in security and safety.     

Counterterrorism resource allocation during a pandemic: The effects of dynamic target valuations when facing a strategic terrorist

The outbreak of pandemics such as COVID-19 can result in cascading effects for global systemic risk. To combat an ongoing pandemic, governmental resources are largely allocated toward supporting the health of the public and economy. This shift in attention can lead to security vulnerabilities which are exploited by terrorists. In view of this, counterterrorism during a pandemic is of critical interest to the safety and well-being of the global society. Most notably, the population flows among potential targets are likely to change in conjunction with the trend of the health crisis, which leads to fluctuations in target valuations. In this situation, a new challenge for the defender is to optimally allocate his/her resources among targets that have changing valuations, where his/her intention is to minimize the expected losses from potential terrorist attacks. In order to deal with this challenge, in this paper, we first develop a defender–attacker game in sequential form, where the target valuations can change as a result of the pandemic. Then we analyze the effects of a pandemic on counterterrorism resource allocation from the perspective of dynamic target valuations. Finally, we provide some examples to display the theoretical results, and present a case study to illustrate the usability of our proposed model during a pandemic.     

Game Theory and Risk Analysis

Risk analysts often analyze adversarial risks from terrorists or other intelligent attackers without mentioning game theory. Why? One reason is that many adversarial situations—those that can be represented as attacker‐defender games, in which the defender first chooses an allocation of defensive resources to protect potential targets, and the attacker, knowing what the defender has done, then decides which targets to attack—can be modeled and analyzed successfully without using most of the concepts and terminology of game theory. However, risk analysis and game theory are also deeply complementary. Game‐theoretic analyses of conflicts require modeling the probable consequences of each choice of strategies by the players and assessing the expected utilities of these probable consequences. Decision and risk analysis methods are well suited to accomplish these tasks. Conversely, game‐theoretic formulations of attack‐defense conflicts (and other adversarial risks) can greatly improve upon some current risk analyses that attempt to model attacker decisions as random variables or uncertain attributes of targets (“threats”) and that seek to elicit their values from the defender's own experts. Game theory models that clarify the nature of the interacting decisions made by attackers and defenders and that distinguish clearly between strategic choices (decision nodes in a game tree) and random variables (chance nodes, not controlled by either attacker or defender) can produce more sensible and effective risk management recommendations for allocating defensive resources than current risk scoring models. Thus, risk analysis and game theory are (or should be) mutually reinforcing.     

Behavioral Modeling of Adversaries with Multiple Objectives in Counterterrorism

Attacker/defender models have primarily assumed that each decisionmaker optimizes the cost of the damage inflicted and its economic repercussions from their own perspective. Two streams of recent research have sought to extend such models. One stream suggests that it is more realistic to consider attackers with multiple objectives, but this research has not included the adaption of the terrorist with multiple objectives to defender actions. The other stream builds off experimental studies that show that decisionmakers deviate from optimal rational behavior. In this article, we extend attacker/defender models to incorporate multiple objectives that a terrorist might consider in planning an attack. This includes the tradeoffs that a terrorist might consider and their adaption to defender actions. However, we must also consider experimental evidence of deviations from the rationality assumed in the commonly used expected utility model in determining such adaption. Thus, we model the attacker's behavior using multiattribute prospect theory to account for the attacker's multiple objectives and deviations from rationality. We evaluate our approach by considering an attacker with multiple objectives who wishes to smuggle radioactive material into the United States and a defender who has the option to implement a screening process to hinder the attacker. We discuss the problems with implementing such an approach, but argue that research in this area must continue to avoid misrepresenting terrorist behavior in determining optimal defensive actions.     

Adversarial risk analysis for counterterrorism modeling

Recent large-scale terrorist attacks have raised interest in models for resource allocation against terrorist threats. The unifying theme in this area is the need to develop methods for the analysis of allocation decisions when risks stem from the intentional actions of intelligent adversaries. Most approaches to these problems have a game-theoretic flavor although there are also several interesting decision-analytic-based proposals. One of them is the recently introduced framework for adversarial risk analysis, which deals with decision-making problems that involve intelligent opponents and uncertain outcomes. We explore how adversarial risk analysis addresses some standard counterterrorism models: simultaneous defend-attack models, sequential defend-attack-defend models, and sequential defend-attack models with private information. For each model, we first assess critically what would be a typical game-theoretic approach and then provide the corresponding solution proposed by the adversarial risk analysis framework, emphasizing how to coherently assess a predictive probability model of the adversary's actions, in a context in which we aim at supporting decisions of a defender versus an attacker. This illustrates the application of adversarial risk analysis to basic counterterrorism models that may be used as basic building blocks for more complex risk analysis of counterterrorism problems.     

Intelligent Adversary Risk Analysis: A Bioterrorism Risk Management Model

The tragic events of 9/11 and the concerns about the potential for a terrorist or hostile state attack with weapons of mass destruction have led to an increased emphasis on risk analysis for homeland security. Uncertain hazards (natural and engineering) have been successfully analyzed using probabilistic risk analysis (PRA). Unlike uncertain hazards, terrorists and hostile states are intelligent adversaries who can observe our vulnerabilities and dynamically adapt their plans and actions to achieve their objectives. This article compares uncertain hazard risk analysis with intelligent adversary risk analysis, describes the intelligent adversary risk analysis challenges, and presents a probabilistic defender–attacker–defender model to evaluate the baseline risk and the potential risk reduction provided by defender investments. The model includes defender decisions prior to an attack; attacker decisions during the attack; defender actions after an attack; and the uncertainties of attack implementation, detection, and consequences. The risk management model is demonstrated with an illustrative bioterrorism problem with notional data.     

Defense Resource Distribution Between Protection and Redundancy for Constant Resource Stockpiling Pace

The article considers the optimal resource distribution in a parallel system between increasing protection and providing redundancy in a situation when the attacker's and defender's resources are stockpiling and the resource increment rate is constant. It is assumed that the system must perform within an exogenously given time horizon and the attack time probability is uniformly distributed along this horizon. The defender optimizes the resource distribution in order to minimize the system destruction probability during the time horizon. First, we find the optimal pace of construction of the new redundant elements assuming that the construction must start in the initial stage of the stockpiling process. We show that starting construction of new elements in the beginning of the system's existence results in its high initial vulnerability. Introducing the time delay before starting the construction can reduce the initial system vulnerability and the entire system destruction probability. The problem of optimization of time delay and new element construction pace is considered with and without constraint on the initial system vulnerability. Examples illustrating the methodology of the optimal defense strategy analysis are presented.     

Defender–Attacker Decision Tree Analysis to Combat Terrorism

We propose a methodology, called defender–attacker decision tree analysis, to evaluate defensive actions against terrorist attacks in a dynamic and hostile environment. Like most game‐theoretic formulations of this problem, we assume that the defenders act rationally by maximizing their expected utility or minimizing their expected costs. However, we do not assume that attackers maximize their expected utilities. Instead, we encode the defender's limited knowledge about the attacker's motivations and capabilities as a conditional probability distribution over the attacker's decisions. We apply this methodology to the problem of defending against possible terrorist attacks on commercial airplanes, using one of three weapons: infrared‐guided MANPADS (man‐portable air defense systems), laser‐guided MANPADS, or visually targeted RPGs (rocket propelled grenades). We also evaluate three countermeasures against these weapons: DIRCMs (directional infrared countermeasures), perimeter control around the airport, and hardening airplanes. The model includes deterrence effects, the effectiveness of the countermeasures, and the substitution of weapons and targets once a specific countermeasure is selected. It also includes a second stage of defensive decisions after an attack occurs. Key findings are: (1) due to the high cost of the countermeasures, not implementing countermeasures is the preferred defensive alternative for a large range of parameters; (2) if the probability of an attack and the associated consequences are large, a combination of DIRCMs and ground perimeter control are preferred over any single countermeasure.     

Behavioral Determinants of Target Shifting and Deterrence in an Analog Cyber-Attack Game

This study examines how exploiting biases in probability judgment can enhance deterrence using a fixed allocation of defensive resources. We investigate attacker anchoring heuristics for conjunctive events with missing information to distort attacker estimates of success for targets with equal defensive resources. We designed and conducted a behavioral experiment functioning as an analog cyber attack with multiple targets requiring three stages of attack to successfully acquire a target. Each stage is associated with a probability of successfully attacking a layer of defense, reflecting the allocation of resources for each layer. There are four types of targets that have nearly equal likelihood of being successfully attacked, including one type with equally distributed success probabilities over every layer and three types with success probabilities that are concentrated to be lowest in the first, second, or third layer. Players are incentivized by a payoff system that offers a reward for successfully attacked targets and a penalty for failed attacks. We collected data from a total of 1,600 separate target selections from 80 players and discovered that the target type with the lowest probability of success on the first layer was least preferred among attackers, providing the greatest deterrent. Targets with equally distributed success probabilities across layers were the next least preferred among attackers, indicating greater deterrence for uniform-layered defenses compared to defenses that are concentrated at the inner (second or third) levels. This finding is consistent with both attacker anchoring and ambiguity biases and an interpretation of failed attacks as near misses.     

Robust allocation of a defensive budget considering an attacker's private information

Attackers' private information is one of the main issues in defensive resource allocation games in homeland security. The outcome of a defense resource allocation decision critically depends on the accuracy of estimations about the attacker's attributes. However, terrorists' goals may be unknown to the defender, necessitating robust decisions by the defender. This article develops a robust-optimization game-theoretical model for identifying optimal defense resource allocation strategies for a rational defender facing a strategic attacker while the attacker's valuation of targets, being the most critical attribute of the attacker, is unknown but belongs to bounded distribution-free intervals. To our best knowledge, no previous research has applied robust optimization in homeland security resource allocation when uncertainty is defined in bounded distribution-free intervals. The key features of our model include (1) modeling uncertainty in attackers' attributes, where uncertainty is characterized by bounded intervals; (2) finding the robust-optimization equilibrium for the defender using concepts dealing with budget of uncertainty and price of robustness; and (3) applying the proposed model to real data.     

Modeling Arbitrary Layers of Continuous‐Level Defenses in Facing with Strategic Attackers

We propose a novel class of game‐theoretic models for the optimal assignment of defensive resources in a game between a defender and an attacker. Compared to the other game‐theoretic models in the literature of defense allocation problems, the novelty of our model is that we allow the defender to assign her continuous‐level defensive resources to any subset (or arbitrary layers) of targets due to functional similarity or geographical proximity. We develop methods to solve for equilibrium, and illustrate our model using numerical examples. Compared to traditional models that only allow for individual target hardening, our results show that our model could significantly increase the defender's payoff, especially when the unit cost of defense is high.     

Security of Separated Data in Cloud Systems with Competing Attack Detection and Data Theft Processes

Empowered by virtualization technology, service requests from cloud users can be honored through creating and running virtual machines. Virtual machines established for different users may be allocated to the same physical server, making the cloud vulnerable to co‐residence attacks where a malicious attacker can steal a user's data through co‐residing their virtual machines on the same server. For protecting data against the theft, the data partition technique is applied to divide the user's data into multiple blocks with each being handled by a separate virtual machine. Moreover, early warning agents (EWAs) are deployed to possibly detect and prevent co‐residence attacks at a nascent stage. This article models and analyzes the attack success probability (complement of data security) in cloud systems subject to competing attack detection process (by EWAs) and data theft process (by co‐residence attackers). Based on the suggested probabilistic model, the optimal data partition and protection policy is determined with the objective of minimizing the user's cost subject to providing a desired level of data security. Examples are presented to illustrate effects of different model parameters (attack rate, number of cloud servers, number of data blocks, attack detection time, and data theft time distribution parameters) on the attack success probability and optimization solutions.