2. Caveats
• Game theory does not “scale” or “decompose” well
• Even small models can be computationally difficult
to solve:
– “It is difficult, and perhaps impossible, to scale-up
minimax solutions to applications with thousands of
possible actions, each with different costs and
uncertain benefits” (Banks, 2009)
• Solving a small and highly aggregated problem
does not necessarily provide accurate guidance
regarding the solution of a more detailed problem
• For example, even if some cities get zero resources
in a city-level analysis:
– They may still have targets worth defending in a
target-level analysis
3. Caveats
• Competing interests result in nested
optimization problems:
– Defender wants to minimize the maximum damage
• Numerous decision makers:
– Solving a single centralized transportation problem
to minimize travel time does not give the same
results as would be achieved by individual
travelers, each trying to minimize travel time
4. Extensions
• Complicated system structures:
– Electricity systems
– Computer networks
– Transportation systems
• Neither series nor parallel
• Some systems are relatively simple:
– Water flow is usually in one direction!
• In other systems, flow may readjust
and change directions every time an
arc is interdicted
5. Extensions
• More complicated system structures:
– Numerous origin-destination pairs
– Cascading failure
– Congestion
– Reservation travel times (may be variable)
– Attack deterrence (with sensors or guards)
• Many network models are difficult to
solve even without optimizing defense!
6. Computer security (Zhuang et al., 2007)
• “Tipping” has been suggested as a cost-
effective way to encourage security:
– An incentive to encourage some agents to invest
can induce other agents to also invest in security
• One way of incentivizing investment is for
security to be “bundled” with other services:
– E.g., provided by one’s Internet service provider
• Another way would be if such investment
were a requirement for lucrative contracts:
– E.g., UK Cyber Essentials certification
• Offering incentives to a limited number of
firms can make security investment common
enough that it becomes the industry norm
7. Computer security
• Attacker can often launch multiple attacks,
with impunity
• So, defender may need to consider defense
against multiple attacks (Ertem & Bier):
– With multiple-period look-ahead
– E.g., if attackers are non-myopic, and try to learn
about the system in their early attacks
• Defending against determined adversaries is
harder than against opportunistic attacks:
– E.g., the Pentagon vs. Barnes and Noble
8. Research questions
8
•Is it realistic to assume a non-
myopic attacker, or is it OK to
protect only against a myopic
attacker?
•What is the tradeoff between
optimality of results (looking
ahead multiple steps) and
computational feasibility?
9. • There are numerous interesting and
challenging network-interdiction
problems in homeland security
– Lots of room for computational expertise!
• Also lots of room for good heuristics!
Conclusion
10. • There are numerous interesting and
challenging network-interdiction
problems in homeland security
– Lots of room for computational expertise!
• Also lots of room for good heuristics!
Conclusion