Augmented probability simulation for adversarial risk analysis in general security games

Abstract

Although widely used, standard game-theoretic approaches to security games face severe shortcomings, being the common knowledge assumption a critical one. Adversarial Risk Analysis (ARA) is an alternative modeling framework that mitigates such limitations.
However, from a computational perspective, ARA is much more involved than its game theoretical counterparts. We propose an approach for finding ARA solutions to security games represented as bi-agent influence diagrams that is based on augmented probability simulation. We motivate this approach using two simple cases: sequential and simultaneous defend-attack models. We next provide the general framework and illustrate it in handling risks in a cybersecurity setting.

 Security games | Adversarial risk analysis |  Augmented probability simulation 

References

1. Banks, D. L., Aliaga, J. R., and Insua, D. R. (2015). Adver sarial Risk Analysis. CRC Press.
   
2. Bielza, C., Müller, P., and Insua, D. R. (1999). Decision anal ysis by augmented probability simulation. Management Science, 45(7):995–1007.
   
3. Brown, G., Carlyle, M., Salmerón, J., and Wood, K. (2006). Defending critical infrastructure. Interfaces, 36(6):530– 544.
   
4. Brown, G. G., Carlyle, W. M., and Wood, R. K. (2008). Opti mizing Department of Homeland Security defense invest ments: Applying Defender-Attacker(-Defender) optimiza tion to terror risk assessment and mitigation. National Academies Press, Washington, DC:. Appendix E.
   
5. Chacon, J. (2020). The modal age of statistics. International Statistical Review, 88(1):122–141.
   
6. Chung, K. L. (2001). A Course in Probability Theory. Aca demic Press.
   
7. Ekin, T., Naveiro, R., Insua, D. R., and Torres-Barrán, A. (2022). Augmented probability simulation methods for sequential games. European Journal of Operational Research.
   
8. French, S. and Insua, D. R. (2000). Statistical decision theory. Wiley.
   
9. Gil, C. and Parra-Arnau, J. (2019). An Adversarial-Risk Analysis Approach to Counterterrorist Online Surveil lance. Sensors, 19(3).
   
10. Gil, C., Rios Insua, D., and Rios, J. (2016). Adversarial Risk Analysis for Urban Security Resource Allocation. Risk Analysis, 36(4):727–741.
    
11. González-Ortega, J., Insua, D. R., and Cano, J. (2019). Ad versarial risk analysis for bi-agent influence diagrams: An algorithmic approach. European Journal of Opera tional Research, 273(3):1085–1096.
    
12. Hargreaves-Heap, S. and Varoufakis, Y. (2004). Game the ory: a critical introduction. New York, Routledge. Harsanyi, J. C. (1967). Games with incomplete informa tion played by “Bayesian” players, I–III Part I. the basic model. Management science, 14(3):159–182. Hausken, K. (2011). Strategic defense and attack of series systems when agents move sequentially. IIE Transac tions, 43(7):483–504.
    
13. Joshi, C., Aliaga, J. R., and Insua, D. R. (2020). Insider threat modeling: An adversarial risk analysis approach. IEEE Transactions on Information Forensics and Security, 16:1131–1142.
    
14. Kadane, J. B. and Larkey, P. D. (1982). Subjective proba bility and the theory of games. Management Science, 28(2):113–120.
    
15. Koller, D. Milch, B. (2003). Multi-agent influence dia grams for representing and solving games. Games and Economic Behavior, 45(1):181–221.
    
16. Korzhyk, D., Yin, Z., Kiekintveld, C., Conitzer, V., and Tambe, M. (2011). Stackelberg vs. Nash in security games: An extended investigation of interchangeabil ity, equivalence, and uniqueness. Jour. Art. Intell. Res., 41:297–327.
    
17. Naveiro, R., Redondo, A., Insua, D. R., and Ruggeri, F. (2019). Adversarial classification: An adversarial risk analysis approach. International Journal of Approximate Reasoning, 113:133 – 148.
    
18. Raiffa, H. (1982). The art and science of negotiation (2003 ed.). Cambridge, MA: Harvard University Press. Raiffa, H., Richardson, J., and Metcalfe, D. (2002). Negoti ation analysis: The science and art of collaborative decision making (2002 ed.). Cambridge, MA: Harvard University Press.
    
19. Rios, J. and Insua, D. R. (2012). Adversarial risk analysis for counterterrorism modeling. Risk Analysis, 32(5):894– 915.
    
20. Raiffa,H.(1982).Theartandscienceofnegotiation(2003ed.).Cambridge,MA:HarvardUniversityPress.
    
21. Rios Insua, D., Couce-Vieira, A., Rubio, J. A., Pieters, W., Labunets, K., and G. Rasines, D. (2019). An adversarial risk analysis framework for cybersecurity. Risk Analysis, 41(1):16–36.
    
22. Ríos Insua, D., Naveiro, R., Gallego, V., and Poulos, J. (2020). Adversarial Machine Learning: Perspectives from adversarial risk analysis. arXiv e-prints, page arXiv:1908.06901.
    
23. Rios Insua, D., Ríos, J., and Banks, D. (2009). Adversarial risk analysis. Journal of the American Statistical Associa tion, 104(486):841–854.
    
24. Roponen, J. and Salo, A. (2015). Adversarial risk analysis for enhancing combat simulation models. Journal of Military Studies, 6(2):82–103.
    
25. Sevillano, J. C., Insua, D. R., and Rios, J. (2012). Adver sarial Risk Analysis: The Somali Pirates Case. Decision Analysis, 9(2):86–95.
    
26. Shachter, R. D. (1986). Evaluating influence diagrams. Operations research, 34(6):871–882.
    
27. Stahl, D. O. and Wilson, P. W. (1995). On players’ models of other players: Theory and experimental evidence. Games and Economic Behavior, 10(1):218–254.
    
28. Wang, S. and Banks, D. (2011). Network routing for insur gency: An adversarial risk analysis framework. Naval Research Logistics (NRL), 58(6):595–607.
    
29. Zhuang, J. and Bier, V. M. (2007). Balancing terrorism and