IDEAS home Printed from https://ideas.repec.org/a/inm/ordeca/v20y2023i3p202-219.html
   My bibliography  Save this article

Interdicting Attack Plans with Boundedly Rational Players and Multiple Attackers: An Adversarial Risk Analysis Approach

Author

Listed:
  • Eric DuBois

    (The Center for Naval Analyses, Arlington, Virginia 22201)

  • Ashley Peper

    (Department of Industrial and Systems Engineering, University of Wisconsin–Madison, Madison, Wisconsin 53706)

  • Laura A. Albert

    (Department of Industrial and Systems Engineering, University of Wisconsin–Madison, Madison, Wisconsin 53706)

Abstract

Cybersecurity planning supports the selection of and implementation of security controls in resource-constrained settings to manage risk. Doing so requires considering adaptive adversaries with different levels of strategic sophistication in modeling efforts to support risk management. However, most models in the literature only consider rational or nonstrategic adversaries. Therefore, we study how to inform defensive decision making to mitigate the risk from boundedly rational players, with a particular focus on making integrated, interdependent planning decisions. To achieve this goal, we introduce a modeling framework for selecting a portfolio of security mitigations that interdict adversarial attack plans that uses a structured approach for risk analysis. Our approach adapts adversarial risk analysis and cognitive hierarchy theory to consider a maximum-reliability path interdiction problem with a single defender and multiple attackers who have different goals and levels of strategic sophistication. Instead of enumerating all possible attacks and defenses, we introduce a solution technique based on integer programming and approximation algorithms to iteratively solve the defender’s and attackers’ problems. A case study illustrates the proposed models and provides insights into defensive planning.

Suggested Citation

  • Eric DuBois & Ashley Peper & Laura A. Albert, 2023. "Interdicting Attack Plans with Boundedly Rational Players and Multiple Attackers: An Adversarial Risk Analysis Approach," Decision Analysis, INFORMS, vol. 20(3), pages 202-219, September.
    • Handle: RePEc:inm:ordeca:v:20:y:2023:i:3:p:202-219
    DOI: 10.1287/deca.2023.0471
    as

    Download full text from publisher

    File URL: http://dx.doi.org/10.1287/deca.2023.0471
    Download Restriction: no
    File URL: https://libkey.io/10.1287/deca.2023.0471?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Benjamin Scheibehenne & Rainer Greifeneder & Peter M. Todd, 2010. "Can There Ever Be Too Many Options? A Meta-Analytic Review of Choice Overload," Journal of Consumer Research, Journal of Consumer Research Inc., vol. 37(3), pages 409-425, October.
    2. Fisher, M.L. & Nemhauser, G.L. & Wolsey, L.A., 1978. "An analysis of approximations for maximizing submodular set functions - 1," LIDAM Reprints CORE 334, Université catholique de Louvain, Center for Operations Research and Econometrics (CORE).
    3. Smith, J. Cole & Song, Yongjia, 2020. "A survey of network interdiction models and algorithms," European Journal of Operational Research, Elsevier, vol. 283(3), pages 797-811.
    4. Stahl Dale O. & Wilson Paul W., 1995. "On Players' Models of Other Players: Theory and Experimental Evidence," Games and Economic Behavior, Elsevier, vol. 10(1), pages 218-254, July.
    5. Jorge González-Ortega & Refik Soyer & David Ríos Insua & Fabrizio Ruggeri, 2021. "An Adversarial Risk Analysis Framework for Batch Acceptance Problems," Decision Analysis, INFORMS, vol. 18(1), pages 25-40, March.
    6. Wei Wang & Francesco Di Maio & Enrico Zio, 2019. "Adversarial Risk Analysis to Allocate Optimal Defense Resources for Protecting Cyber–Physical Systems from Cyber Attacks," Risk Analysis, John Wiley & Sons, vol. 39(12), pages 2766-2785, December.
    7. David Rios Insua & Aitor Couce‐Vieira & Jose A. Rubio & Wolter Pieters & Katsiaryna Labunets & Daniel G. Rasines, 2021. "An Adversarial Risk Analysis Framework for Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 41(1), pages 16-36, January.
    8. Shouqiang Wang & David Banks, 2011. "Network routing for insurgency: An adversarial risk analysis framework," Naval Research Logistics (NRL), John Wiley & Sons, vol. 58(6), pages 595-607, September.
    9. Jun Zhuang & Vicki M. Bier, 2007. "Balancing Terrorism and Natural Disasters---Defensive Strategy with Endogenous Attacker Effort," Operations Research, INFORMS, vol. 55(5), pages 976-991, October.
    10. Javier Cano & Alessandro Pollini & Lorenzo Falciani & Uğur Turhan, 2016. "Modeling current and emerging threats in the airport domain through adversarial risk analysis," Journal of Risk Research, Taylor & Francis Journals, vol. 19(7), pages 894-912, August.
    11. Laura A. Albert & Alexander Nikolaev & Sheldon H. Jacobson, 2023. "Homeland security research opportunities," IISE Transactions, Taylor & Francis Journals, vol. 55(1), pages 22-31, January.
    12. Colin F. Camerer & Teck-Hua Ho & Juin-Kuan Chong, 2004. "A Cognitive Hierarchy Model of Games," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 119(3), pages 861-898.
    13. Kaiyue Zheng & Laura A. Albert & James R. Luedtke & Eli Towle, 2019. "A budgeted maximum multiple coverage model for cybersecurity planning and management," IISE Transactions, Taylor & Francis Journals, vol. 51(12), pages 1303-1317, December.
    14. Knowles, William & Prince, Daniel & Hutchison, David & Disso, Jules Ferdinand Pagna & Jones, Kevin, 2015. "A survey of cyber security management in industrial control systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 9(C), pages 52-80.
    15. Fisher, M.L. & Nemhauser, G.L. & Wolsey, L.A., 1978. "An analysis of approximations for maximizing submodular set functions," LIDAM Reprints CORE 341, Université catholique de Louvain, Center for Operations Research and Econometrics (CORE).
    16. Zhang, Jing & Zhuang, Jun & Behlendorf, Brandon, 2018. "Stochastic shortest path network interdiction with a case study of Arizona–Mexico border," Reliability Engineering and System Safety, Elsevier, vol. 179(C), pages 62-73.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. William N. Caballero & Ethan Gharst & David Banks & Jeffery D. Weir, 2023. "Multipolar Security Cooperation Planning: A Multiobjective, Adversarial-Risk-Analysis Approach," Decision Analysis, INFORMS, vol. 20(1), pages 16-39, March.
    2. Beck, Yasmine & Ljubić, Ivana & Schmidt, Martin, 2023. "A survey on bilevel optimization under uncertainty," European Journal of Operational Research, Elsevier, vol. 311(2), pages 401-426.
    3. Kübra Tanınmış & Markus Sinnl, 2022. "A Branch-and-Cut Algorithm for Submodular Interdiction Games," INFORMS Journal on Computing, INFORMS, vol. 34(5), pages 2634-2657, September.
    4. Ekin, Tahir & Naveiro, Roi & Ríos Insua, David & Torres-Barrán, Alberto, 2023. "Augmented probability simulation methods for sequential games," European Journal of Operational Research, Elsevier, vol. 306(1), pages 418-430.
    5. Muhammad Ejaz & Stephen Joe & Chaitanya Joshi, 2021. "Adversarial Risk Analysis for Auctions Using Mirror Equilibrium and Bayes Nash Equilibrium," Decision Analysis, INFORMS, vol. 18(3), pages 185-202, September.
    6. González-Ortega, Jorge & Ríos Insua, David & Cano, Javier, 2019. "Adversarial risk analysis for bi-agent influence diagrams: An algorithmic approach," European Journal of Operational Research, Elsevier, vol. 273(3), pages 1085-1096.
    7. Sergeyev, Dmitriy & Iovino, Luigi, 2018. "Central Bank Balance Sheet Policies Without Rational Expectations," CEPR Discussion Papers 13100, C.E.P.R. Discussion Papers.
    8. Vincent P. Crawford & Nagore Iriberri, 2004. "Fatal Attraction: Focality, Naivete, and Sophistication in Experimental Hide-and-Seek Games," Levine's Bibliography 122247000000000345, UCLA Department of Economics.
    9. Strzalecki, Tomasz, 2014. "Depth of reasoning and higher order beliefs," Journal of Economic Behavior & Organization, Elsevier, vol. 108(C), pages 108-122.
    10. Dam, Tien Thanh & Ta, Thuy Anh & Mai, Tien, 2022. "Submodularity and local search approaches for maximum capture problems under generalized extreme value models," European Journal of Operational Research, Elsevier, vol. 300(3), pages 953-965.
    11. Dengler, Sebastian & Prüfer, Jens, 2021. "Consumers' privacy choices in the era of big data," Games and Economic Behavior, Elsevier, vol. 130(C), pages 499-520.
    12. Baethge, Caroline, 2016. "Performance in the beauty contest: How strategic discussion enhances team reasoning," Passauer Diskussionspapiere, Betriebswirtschaftliche Reihe B-17-16, University of Passau, Faculty of Business and Economics.
    13. Alaoui, Larbi & Janezic, Katharina A. & Penta, Antonio, 2020. "Reasoning about others' reasoning," Journal of Economic Theory, Elsevier, vol. 189(C).
    14. Choo, Lawrence C.Y & Kaplan, Todd R., 2014. "Explaining Behavior in the "11-20" Game," MPRA Paper 52808, University Library of Munich, Germany.
    15. Kyle Hyndman & Antoine Terracol & Jonathan Vaksmann, 2022. "Beliefs and (in)stability in normal-form games," Experimental Economics, Springer;Economic Science Association, vol. 25(4), pages 1146-1172, September.
    16. Breitmoser, Yves, 2019. "Knowing me, imagining you: Projection and overbidding in auctions," Games and Economic Behavior, Elsevier, vol. 113(C), pages 423-447.
    17. Benjamin Patrick Evans & Mikhail Prokopenko, 2021. "Bounded rationality for relaxing best response and mutual consistency: The Quantal Hierarchy model of decision-making," Papers 2106.15844, arXiv.org, revised Mar 2023.
    18. Shapiro, Dmitry & Shi, Xianwen & Zillante, Artie, 2014. "Level-k reasoning in a generalized beauty contest," Games and Economic Behavior, Elsevier, vol. 86(C), pages 308-329.
    19. Rad Niazadeh & Negin Golrezaei & Joshua Wang & Fransisca Susan & Ashwinkumar Badanidiyuru, 2023. "Online Learning via Offline Greedy Algorithms: Applications in Market Design and Optimization," Management Science, INFORMS, vol. 69(7), pages 3797-3817, July.
    20. Vincent P. Crawford & Nagore Iriberri, 2007. "Level-k Auctions: Can a Nonequilibrium Model of Strategic Thinking Explain the Winner's Curse and Overbidding in Private-Value Auctions?," Econometrica, Econometric Society, vol. 75(6), pages 1721-1770, November.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:ordeca:v:20:y:2023:i:3:p:202-219. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.