Trade-offs between target hardening and overarching protection
N. Haphuriwat, V.M. Bier
Advisor: Yeong-Sung Lin
Presented by I-Ju Shih
1
2011/5/30
Agenda
 Introduction
 The model
 Sensitivity analysis
 Sensitivity results and discussion
 Protecting critical assets in Wisconsin
 Conclusions
 Future research directions
2
2011/5/30
Agenda
 Introduction
 The model
 Sensitivity analysis
 Sensitivity results and discussion
 Protecting critical assets in Wisconsin
 Conclusions
 Future research directions
3
2011/5/30
Introduction
 In principle, defenders concerned about protecting multiple
targets could choose to protect them individually (through
target hardening), or collectively (through overarching
protections).
 Game theory has been widely used in the study of resource
allocation.
 Major (2002) allows the attacker to choose the level of attack
effort to spend on each target, while the defender chooses
how much to spend on protecting each target.
 Woo (2002) provides a methodology for estimating the
likelihood that each target will be attacked.
4
2011/5/30
Introduction
 Azaiez and Bier (2006) apply game theory to model optimal
investments in both series and parallel reliability systems.
 Heal and Kunreuther (2007) study a model in which there
are multiple targets, with each defender simultaneously
allocating resources to protect her own target. They also
explore tipping effects, and cascading effects.
 Zhuang et al. (2007) consider the case when players have
different discount rates.
5
2011/5/30
Introduction
 Zhuang and Bier (2007) consider the case when the defender must
allocate her resources to protect against both natural disasters and
terrorism.
 Bier et al. (2007) model a scenario where the defender’s target
valuations are common knowledge, but the defender does not
know the attacker’s target valuations.
 Wang and Bier (2009) consider a dynamic game in which the
defender is uncertain about the attacker’s target valuations.
 Zhuang et al. (2010) use a signaling game to model resource
allocations over multiple time periods, allowing the attacker to
update his knowledge based on the defender’s signals.
defender signals—truthful disclosure, secrecy, and deception.
6
2011/5/30
Introduction
 One form of overarching protection is border security, due to
concerns about illegal immigration and smuggling.
 Bier and Haphuriwat, (2009) apply a game-theoretic model
to analytically determine conditions under which partial
inspection is sufficient to deter smuggling attempts.
 Haphuriwat et al. (2011) revise the model in Bier and
Haphuriwat(2009), to address the case of a single attacker
attempting to smuggle in multiple nuclear bombs.
7
2011/5/30
Introduction(game theory)
 1. 賽局的要素: 參與者(Player)、採取的行動(Strategies)、
報酬(payoff)以及資訊(information)
 2. 賽局的分類:
 依各參與者的行動是同時或依序可分為
同時賽局(simultaneous game，又稱靜態賽局)
順序賽局(sequential game，又稱動態賽局)
 依各參與者的利益是相衝突或互利可分為
定和賽局(constant-sum game)-payoff加起來為一個定數
零和賽局 (zero-sum game)-策略組合payoff的和為0
非零和賽局(nonzero-sum game)-策略組合payoff的和不為0
8
2011/5/30
Introduction(game theory)
 2. 賽局的分類:
 依賽局是否重複可分為
一次性賽局(one-shot game)
重複賽局(repeat game)
 依參與者是否瞭解賽局要素所包括的所有知識可分為
完全訊息賽局-賽局規則成為共有知識的賽局
不完全訊息賽局-賽局規則並未成為共有知識的賽局
 不完全訊息的賽局又可分為
a. 傳訊(signals)-參與者未共享資訊時，策略性的將自己所知的資
訊傳達給其他參與者
b. 篩選(screening)-刻意採取一些作為，好揭露對方所隱藏的真正
意圖
9
2011/5/30
Introduction(game theory)
 2. 賽局的分類:
 按照參與者之間是否合作可分為
合作賽局
非合作賽局
 3. 賽局的解:當賽局中的參與者都覺得不需要改變策略時，
此時就是均衡，且一場賽局中可能有不只一個均衡。
 4. 賽局的表現方式:
標準型
10
 展開型
2011/5/30
Introduction(game theory)
 賽局依參與者的互動關係可分為靜態與動態賽局，根據
訊息的掌握又可分為完全訊息賽局與不完全訊息賽局，
而形成下列4種不同的賽局，其分別對應不同的均衡
11
2011/5/30
作者及年份
賽局類型
Model特點
Azaiez and
Bier (2006)
一回合完全訊息的
動態賽局
在series、parallel的系統及混和型的系
統下，最佳的資源分配情形。
Zhuang et al.
(2007)
一回合完全訊息的
靜態賽局
考慮不同的參與者在投資安全上有不
同的折扣率，且只有防禦者的賽局。
Zhuang and
Bier (2007)
一回合完全訊息的
靜態以及動態賽局
防禦者分配資源在防禦自然災害和恐
怖份子上，並考慮同時行動與兩階段
行動的情形。
Bier et al.
(2007)
一回合完全訊息的
動態賽局
防禦者對於目標價值評估為大家都知
道的資訊。
Bier et al.
(2008)
一回合完全訊息的
動態賽局
防禦者對於攻擊者價值評估的不確定
性為two-parameter Rayleigh distribution。
Wang and Bier 多回合不完全訊息
的動態賽局
(2009)
12
防禦者可以在做資源分配的決策前，
基於實際的觀察前一回合的攻擊，更
新關於攻擊者對於target價值評估的資
訊。
Zhuang et al.
(2010)
多回合不完全訊息
的動態賽局
攻擊者可以利用防禦者的信號去更新
他的資訊，並假設防禦者公開的資訊
可能是真實披露、保密或欺騙3種情形。
Hausken and
Bier (2011)
一回合完全訊息的
靜態及動態賽局
考慮多個攻擊者以及同時行動、防方
2011/5/30
先動和攻方先動的情形。
Introduction
 For simplicity, this paper applies game theory to the problem of
discrete attacker target choice, and neglects the defender’s
uncertainty about the attacker’s objectives.
 This paper considers only a single defender and a single attacker,
assumes that the defender’s defensive resource allocation is fully
disclosed, and consider a single-period game rather than a
dynamic game.
 In the model, the attacker is assumed to attack the target that
would result in the highest expected damage, after observing any
defensive investments.
 The defender chooses how much to spend both on target
hardening and on overarching protection in order to minimize
expected damage against both an intentional attack and a natural
disaster, subject to a budget constraint.
13
2011/5/30
Introduction
 This paper hypothesizes that target hardening will tend to be
more desirable when the number of targets to be protected is
relatively small, when the cost effectiveness of defensive
investment is high, and when there are relatively few highvalue targets.
 By contrast, border security and other forms of overarching
protection are hypothesized to be more desirable when there
are large numbers of comparably-valued targets to be
protected.
14
2011/5/30
Agenda
 Introduction
 The model
 Sensitivity analysis
 Sensitivity results and discussion
 Protecting critical assets in Wisconsin
 Conclusions
 Future research directions
15
2011/5/30
The model
 This paper considers investments in all-hazards protection as
well as investments in protection from intentional threats,
patterning our model roughly on that in Zhuang and Bier
(2007).
 This paper allows the targets to be heterogeneous in value.
 The attacker is assumed to attack the most attractive target,
taking into account any defensive investments that have
been made.
 This paper assumes that all intentional threats originate
externally to the system, and must penetrate any overarching
defenses in order to be effective.
16
2011/5/30
The model
17
2011/5/30
The model
 This paper assumes that the attacker and the defender have
the same valuations Vj for all targets, that the attacker can
observe the defensive allocations cj, and that the attacker
will choose to attack the target j* with the highest expected
damage; i.e.,
.
 This paper also assumes that the natural disaster will affect
only a single target (and omit the possibility of multiple
attacks, or natural disasters affecting multiple targets).
 This model is designed to apply to situations in which both
natural disaster and intentional attack are relatively
unlikely.
18
2011/5/30
The model
 the defender’s optimization problem
19
2011/5/30
The model
 This paper represents the success probability of an attack
and the failure probability of all-hazards protection by
power-law functions; i.e.,
where
are positive-valued parameters
that determine the cost effectiveness of defensive
investment.
20
2011/5/30
The model
 Unfortunately, the Hessian of the Lagrangian of this
optimization problem is not positive semidefinite,
implying that the problem is not convex.
 Hence, this paper solves this problem by numerical
approximation using the branch-and-reduce optimization
navigator (Sahinidis and Tawarmalani, 2002) in the
General Algebraic Modeling System (GAMS).
21
2011/5/30
Agenda
 Introduction
 The model
 Sensitivity analysis
 Sensitivity results and discussion
 Protecting critical assets in Wisconsin
 Conclusions
 Future research directions
22
2011/5/30
Sensitivity analysis
 This paper used simulation to generate randomly sampled data sets
from distributions of target values Vj with specified parameters.
 The distribution characteristic that had the strongest relationship to
the desirability of target hardening was the ratio of the 95th
percentile to the 50th percentile, sometimes called the ‘‘range
factor’’.
 Bier et al. (2008), considering the top ten urban areas in the US,
yielded range factors of 1.92 for air departures and 2.03 for average
daily bridge traffic, respectively.
 Willis et al. (2005), considering the 46 urban areas in the US that
received 2004 funding from the Urban Areas Security Initiative,
yielded range factors of 24.14 for property damage, 55 for fatalities,
and 59 for injuries, respectively.
2011/5/30
23
Sensitivity analysis
24
2011/5/30
Sensitivity analysis
 Therefore, this paper considers range factors of 1.2, 3, 30,
and 60 in their sensitivity analysis.
 This paper chose to generate data sets from distributions
that generate exclusively positive target valuations; in
particular, the Pearson, beta, gamma, and lognormal
distributions.
 In the sensitivity analysis, this paper considers only
intentional attacks, in order to focus on the trade-offs
between target hardening and overarching protection.
ω = 0, dN+1 = 0, and QN+1 = 1, ρ = 1
25
2011/5/30
Sensitivity analysis
 With regard to the success probability of attacks, this
paper holds the parameter κj in the success-probability
function constant for all targets j, and also for overarching
protection.
 αj in this success-probability function is the same for all
targets. i.e., αj = α for j = 1,. . . ,N
 They selected values of the parameters κj, α, and αN+1
based on the range of cost effectiveness used in Bier et al.
(2008); in particular, they let κj = 7, and let the parameters
α and αN+1 take on values of 50, 200, and 600.
26
2011/5/30
Sensitivity analysis
 The primary output of interest in the sensitivity analysis
is the optimal percentage investment in target hardening.
 To keep the number of sensitivity runs manageable, they
began by simulating 200 sets of target valuations for each
sensitivity run from a given distribution.
27
2011/5/30
Agenda
 Introduction
 The model
 Sensitivity analysis
 Sensitivity results and discussion
 Protecting critical assets in Wisconsin
 Conclusions
 Future research directions
28
2011/5/30
Sensitivity results and discussion
29
2011/5/30
Sensitivity results and discussion
30
2011/5/30
Sensitivity results and discussion
31
2011/5/30
Agenda
 Introduction
 The model
 Sensitivity analysis
 Sensitivity results and discussion
 Protecting critical assets in Wisconsin
 Conclusions
 Future research directions
32
2011/5/30
Protecting critical assets in Wisconsin
 The Office of Justice Assistance is responsible for
distributing federal funds to protect critical infrastructure
within the state of Wisconsin against both natural disasters
and intentional threats .
 In FY 2007, the Office of Justice Assistance requested
funding for thirteen different types of defensive investments
from the Department of Homeland Security.
33
2011/5/30
Protecting critical assets in Wisconsin
 They assume that investment in Catastrophic Planning and
Preparedness is a form of overarching protection that can
protect against all hazards.
 They treat investment in Infrastructure Protection as a form
of target hardening that can protect only against terrorism.
 They assume that investment in the Wisconsin Statewide
Intelligence Center provides overarching protection against
terrorism, but not against natural disasters.
34
2011/5/30
Protecting critical assets in Wisconsin
35
2005年
2007年
2011/5/30
Protecting critical assets in Wisconsin
 They used sensitivity analysis to explore the effects of
different possible parameter values.
 For the probabilities of intentional attack and natural
disaster, this paper considers the entire range between zero
and one, with 0.1 increments.
 In order to get similar behavior as in Bier et al. (2008), they
allowed the values of αj, αN+1, and ηN+1 to range over 0.18,
0.6, and 2.4, to represent high, moderate, and low levels of
cost effectiveness, respectively.
36
2011/5/30
Protecting critical assets in Wisconsin
 Thay use the same cost effectiveness level for all targets
(i.e., αj = α for j = 1,. . . ,N), and set κj and γN+1 equal to 7.
For convenience, they fix the total budget at 1.0.
 They compare the defender’s expected loss from the actual
historical budget-allocation decision with that from the
optimal decision obtained by solving the model.
 They consider the case when the allocations to different
investment types are as specified (i.e., cN+1 = 0.25 and dN+1
= 0.35), but the allocation of the remaining budget to
individual targets is chosen optimally while keeping ∑cj
=0.4.
37
2011/5/30
Protecting critical assets in Wisconsin
 Letting T be the total resources allocated to target hardening,
they also consider cases when the defender optimally
allocates resources among the three types of investments (T,
cN+1, and dN+1), but either sets cj = δjT for j = 1,. . . ,N,
where δj represents the actual fraction of the total resources
for target hardening received by target j in 2007, or sets cj =
T/N for j = 1,. . . ,N (i.e., equal allocation of resources for
target hardening).
38
2011/5/30
Protecting critical assets in Wisconsin
 optimizing Infrastructure Protection only
39
2011/5/30
Protecting critical assets in Wisconsin
 Letting all targets receive either their actual historical
percentage allocations, or equal allocations.
 The expected losses of both suboptimal strategies were
quite similar to those obtained from the fully optimal
strategy.
 As in the fully optimal solutions, however, Infrastructure
Protection again receives less than 10% of the available
funding, with Catastrophic Planning and Preparedness
receiving most of the budget.
40
2011/5/30
Protecting critical assets in Wisconsin
 This paper conducted an analysis where target
attractiveness is represented by the exponent of those risk
scores yielding a range factor of 5.4 (compared to only
1.16 for the untransformed risk scores).
41
2011/5/30
Agenda
 Introduction
 The model
 Sensitivity analysis
 Sensitivity results and discussion
 Protecting critical assets in Wisconsin
 Conclusions
 Future research directions
42
2011/5/30
Conclusions
 This paper has applied game theory to model resource-
allocation problems with two levels of protection, in
which the inner level represents hardening of individual
targets, and the outer level is overarching protection.
 This paper studied how the tradeoff between target
hardening and overarching protection depends on various
parameters.
 The results showed that as the number of targets increases,
target hardening becomes less desirable. Moreover,
investment in target hardening increases as target
hardening itself becomes more cost effective.
43
2011/5/30
Conclusions
 The results for how investment in target hardening
depends on the distribution of target valuations turned out
to be more complicated than we had expected.
 Since the valuations of the critical assets in Wisconsin
were quite similar, the optimal budget allocation devoted
most of the budget to overarching protection.
44
2011/5/30
Agenda
 Introduction
 The model
 Sensitivity analysis
 Sensitivity results and discussion
 Protecting critical assets in Wisconsin
 Conclusions
 Future research directions
45
2011/5/30
Future research directions
 It may be worthwhile to extend the model to consider
forms of overarching protection that provide less than
100% protection.
 Moreover, this model could be made more realistic by
adding more detail within the broad categories of
intentional attacks and natural disasters.
 However, perhaps the major need for this paper’s method
to be applicable in practice is better techniques for
quantifying key parameters of the model, such as target
valuations and the cost effectiveness of defensive
investments.
46
2011/5/30
Thanks for your listening.
47
2011/5/30