# Interdependent Defense Games with Applications to Internet Security at the Level of Autonomous Systems

^{1}

^{2}

^{3}

^{4}

^{*}

## Abstract

**:**

## 1. Introduction

#### 1.1. Related Work

#### 1.2. Brief Overview of the Article and the Significance of Our Contributions

## 2. Interdependent Security Games, and a Generalization

**Definition**

**1.**

**(Standard IDS Games)**An IDS game is defined by a tuple $(n,\mathbf{C},\mathbf{L},\mathbf{p},\mathbf{Q})$, where $\mathbf{C}\equiv {\left({C}_{i}\right)}_{i\in \left[n\right]}$, $\mathbf{L}\equiv {\left({L}_{i}\right)}_{i\in \left[n\right]}$, $\mathbf{p}\equiv {\left({p}_{i}\right)}_{i\in \left[n\right]}$, $\mathbf{Q}$ is a matrix representation of the ${q}_{ij}$’s, where $(i,j)\in {\left[n\right]}^{2}$. Implicit in Definition 1 is that ${q}_{ii}=0$ for all i.

**Definition**

**2.**

**(Graphical IDS Games)**The parameters ${q}_{ij}$’s induce a directed graph $G=\left(\right[n],E)$ such that $E\equiv \left\{(i,j)\right|{q}_{ij}>0\}$. Indeed, we assume that $\mathbf{Q}$ has a sparse-matrix representation as a list of non-zero ${q}_{ij}$ values for each edge $(i,j)\in E$. Thus, the representation size of $\mathbf{Q}$ is $O\left(\right|E\left|\right)$. Agraphical IDS game is defined by the tuple $(n,G,\mathbf{C},\mathbf{L},\mathbf{p},\mathbf{Q})$.

**Definition**

**3.**

#### 2.1. Generalized IDS Games

**α**-IDS games, where $\mathit{\alpha}\equiv ({\alpha}_{1},{\alpha}_{2},\dots ,{\alpha}_{n})$ corresponds to the vector composed of the parameter values of each player. This discussion leads to the following definition.

**Definition**

**4.**

**α**-IDS game, or simply

**α**-IDS game, is given by a tuple $(n,G,\mathbf{C},\mathbf{L},\mathbf{p},\mathbf{Q},\mathit{\alpha})$, where each tuple-entry is as defined in the discussion above, and the semantics of the cost functions ${M}_{i}$’s of the players is as defined in Equation (7).

**α**parameters is that they determine the characteristics of the best-response behavior of each player. That is, it allows us to model players that may behave in a way that is consistent with behavior that ranges from strategic complementarity (e.g., airline setting, where ${\alpha}_{i}=1$), all the way to strategic substitutability (e.g., vaccination setting, where ${\alpha}_{i}=0$), based on the relationship between ${\alpha}_{i}$ and $1-{p}_{i}$.

**α**-IDS games is analogous to that given in Definition 3. Hence, we do not formally re-state it here.

## 3. Interdependent Defense Games

**Definition**

**5.**

**Definition**

**6.**

#### 3.1. Conditions on Model Parameters

**Assumption**

**1.**

**Assumption**

**2.**

#### 3.2. There Is No PSNE in Any IDD Game with at Most One (Simultaneous) Attack

**Assumption**

**3.**

**Definition**

**7.**

**Lemma**

**1.**

**Proposition**

**1.**

**Proposition**

**2.**

#### 3.3. Mixed Strategies in IDD Games

**Definition**

**8.**

#### 3.3.1. A Characterization of the MSNE: Compact Representation of Attacker’s Mixed Strategies

**Proposition**

**3.**

- 1.
- the joint PMF $\tilde{P}$ decomposes as 10$$\tilde{P}\left(\mathbf{b}\right)\propto \prod _{i=1}^{n}{\Phi}_{\mathrm{PF}\left(i\right)}\left({\mathbf{b}}_{\mathrm{PF}\left(i\right)}\right)$$
- 2.
- for all $i\in \left[n\right]$, the parent-family marginal PMFs ${\tilde{P}}_{\mathrm{PF}\left(i\right)}={P}_{\mathrm{PF}\left(i\right)}^{*}$ agree, and
- 3.
- the sites and the aggressor achieve the same expected cost and utility, respectively, in $({\mathbf{x}}^{*},\tilde{P})$ as in $({\mathbf{x}}^{*},{P}^{*})$: for all $i\in \left[n\right]$,$${M}_{i}({\mathbf{x}}_{\mathrm{PF}\left(i\right)}^{*},{\tilde{P}}_{\mathrm{PF}\left(i\right)})={M}_{i}({\mathbf{x}}_{\mathrm{PF}\left(i\right)}^{*},{P}_{\mathrm{PF}\left(i\right)}^{*}),$$$$U({\mathbf{x}}^{*},\tilde{P})=U({\mathbf{x}}^{*},{P}^{*}).$$

**Proof.**

**Corollary**

**1.**

#### 3.4. MSNE of IDD Games with at Most One Simultaneous Attack and Full Transfer Vulnerability

**Assumption**

**4.**

**Definition**

**9.**

**Lemma**

**2.**

**Proposition**

**4.**

#### 3.4.1. Characterizing the MSNE of Fully Transfer-Vulnerable Single-Attack IDD Games

**Proposition**

**5.**

- 1.
- ${\sum}_{i=1}^{n}{\widehat{\Delta}}_{i}<1$ if and only if
- (a)
- $1>{y}_{0}^{*}=1-{\sum}_{i=1}^{n}{\widehat{\Delta}}_{i}>0$, and
- (b)
- for all i, ${y}_{i}^{*}={\widehat{\Delta}}_{i}>0$ and $0<{x}_{i}^{*}=1-{\eta}_{i}^{0}<1$.

- 2.
- ${\sum}_{i=1}^{n}{\widehat{\Delta}}_{i}=1$ if and only if
- (a)
- ${y}_{0}^{*}=0$, and
- (b)
- for all i, ${y}_{i}^{*}={\widehat{\Delta}}_{i}>0$ and ${x}_{i}^{*}=1-\frac{v+{C}_{i}^{0}}{{\overline{L}}_{i}^{0}}$ with $0\le v\le {min}_{i\in \left[n\right]}{\overline{M}}_{i}^{0}$.

- 3.
- ${\sum}_{i=1}^{n}{\widehat{\Delta}}_{i}>1$ if and only if
- (a)
- ${y}_{0}^{*}=0$, and
- (b)
- there exists a non-singleton, non-empty subset $I\subset \left[n\right]$, such that ${min}_{i\in I}{\overline{M}}_{i}^{0}\ge {max}_{k\notin I}{\overline{M}}_{k}^{0}$ if $I\ne \left[n\right]$, and the following holds:
- i.
- for all $k\notin I$, ${x}_{k}^{*}=0$ and ${y}_{k}^{*}=0$,
- ii.
- for all $i\in J\equiv \underset{i\in I}{arg\phantom{\rule{0.166667em}{0ex}}min}{\overline{M}}_{i}^{0}$, ${x}_{i}^{*}=0$ and $0\le {y}_{i}^{*}\le {\widehat{\Delta}}_{i}$, and in addition, ${\sum}_{i\in J}{y}_{i}^{*}=1-{\sum}_{t\in I-J}{\widehat{\Delta}}_{i}$; and
- iii.
- for all $i\in I-J$, ${y}_{i}^{*}={\widehat{\Delta}}_{i}$ and $0<{x}_{i}^{*}=1-\frac{{min}_{t\in I}{\overline{M}}_{t}^{0}+{C}_{i}^{0}}{{\overline{L}}_{i}^{0}}<1.$

**Claim**

**1.**

#### 3.4.2. Some Remarks on the MSNE of Fully Transfer-Vulnerable Single-Attack IDD Games

#### Security Investment Characteristics

#### Relation to Network Structure

#### On the Attacker’s Equilibrium Strategy

- players for which the attacker’s cost-to-expected-loss is higher are “selected” first in the algorithm;
- if the size of that set is t, and there is a lower bound on ${\widehat{\Delta}}_{i}>\widehat{\Delta}$, and ${\sum}_{i=1}^{n}{\widehat{\Delta}}_{i}>1$, then $t<1/\widehat{\Delta}$ is an upper-bound on the number of players that could potentially be attacked;
- if we have a game with homogeneous parameters, then the probability of an attack will be uniform over that set ${I}^{*}$; and
- all but one of the players in that set ${I}^{*}$ invest in security with some non-zero probability, for almost every parameter setting for IDD games satisfying the conditions of Proposition 5.

## 4. On the Complexity of Computing an MSNE in Single-Attack IDD Games

#### 4.1. Computing All MSNE of Fully Transfer-Vulnerable Single-Attack IDD Games in Polynomial Time

**Theorem**

**1.**

#### 4.2. Hardness Results on Computing MSNE in General Single-Attack IDD Games

**Theorem**

**2.**

#### 4.3. FPTAS to Compute Approximate MSNE of Tree-Like Single-Attack IDD Games

**Definition**

**10.**

- 1.
- for all $i\in \left[n\right]$, ${M}_{i}({x}_{i}^{*},{\mathbf{x}}_{\mathrm{Pa}\left(i\right)}^{*},{\mathbf{y}}_{\mathrm{PF}\left(i\right)}^{*})\le {min}_{{x}_{i}}{M}_{i}({x}_{i},{\mathbf{x}}_{\mathrm{Pa}\left(i\right)}^{*},{\mathbf{y}}_{\mathrm{PF}\left(i\right)}^{*})+\u03f5$, and
- 2.
- $U({\mathbf{x}}^{*},{\mathbf{y}}^{*})\ge {max}_{\mathbf{y}}U({\mathbf{x}}^{*},\mathbf{y})-\u03f5=max\left({max}_{i\in \left[n\right]}{U}_{i}\left(\mathbf{x}\right),0\right)-\u03f5$,

**α**with a directed tree network structure over the sites.

**Theorem**

**3.**

## 5. Experiments

**α**values. We then considered approximate MSNE in the same class of games and provided an FPTAS for cases in which the game subgraph over the sites is a directed tree-like graph. In this section, partly motivated by security problems in cyberspace, we concentrate instead on empirically evaluating the other extreme of transfer vulnerability: games with low ${\alpha}_{i}$ values (i.e., near 0), so that investing in security considerably reduces the transfer risk. We also consider a complex graph structure found in the real-world Internet corresponding to the AS-level network, as measured in March 2010 by DIMES.

- to demonstrate that a simple heuristic, best-response-gradient dynamics (BRGD), is practically effective in computing an ϵ-MSNE, up to $\u03f5=\Omega \left({10}^{-3}\right)$, in a very large class of IDD games with realistic Internet-scale network graphs in a reasonable amount of time for cases in which the transfer vulnerabilities ${\alpha}_{i}$’s are low;
- to explore the general structural and computational characteristics of (approximate) MSNE in such IDD games, including their dependence on the underlying network structure of the game (and approximation quality); and
- to evaluate and illustrate the effectiveness of an improved version of the simple heuristics, which uses the concept of smooth best-response dynamics (SBRD) for the attacker, for computing ϵ-MSNE for ϵ values that are an order of magnitude lower (i.e., $\u03f5=\Omega \left({10}^{-4}\right)$).

#### 5.1. Computing an ϵ-MSNE Using BRGD

#### 5.1.1. A Single Internet Game

#### Players’ Equilibrium Behavior

#### Relation to Network Structure

#### 5.1.2. Randomly-Generated Internet Games

#### Behavior of the Players

#### Relation to Network Structure

#### 5.1.3. Case Study: A Randomly-Generated Instance of an IG at $0.005$-MSNE

#### Topological Structure of an Attack to the Internet

#### 5.2. A Heuristic to Compute ϵ-MSNE Based on Smooth Best-Response for the Attacker

**a**) of Figure 12. Similarly, given the last two statements, that the attacker is actually placing positive probability of attack only among those sites for which it would obtain highest maximum expected payoff, as the right-hand-side plot (

**b**) of Figure 12 shows, is reassuring.

Algorithm 1: Heuristic Based on Hybrid of BRGD and Smooth Best-Response Dynamics (SBRD) to Compute an ϵ-MSNE in Single-Attack IDD Games |

#### 5.3. Evaluation of the Hybrid BRGD-SBRD Heuristic on Internet Games

#### 5.3.1. Comparing Running Time of BRGD and the Proposed Hybrid BRGD-SBRD Heuristic

#### 5.3.2. Attacker and Sites’ Equilibrium Behavior

#### 5.3.3. Network Structure of an Attack

## 6. Future Work, Open Problems, and a Summary of Our Contributions

#### 6.1. Future Work

#### 6.1.1. Attackers Can Affect Transfer Probabilities

#### 6.1.2. Multiple Attackers with Multiple Attacks

#### 6.1.3. Learning IDD Games

#### 6.1.4. Other Open Problems

- What is the computational complexity of the problem of computing equilibria of single-attack IDD games with arbitrary transfer vulnerability? (e.g., a single, multiple or all MSNE? MSNE with particular properties?)
- How is the complexity affected by network structure or restrictions on the aggressors’ available strategies? While we provide FPTAS for approximate MSNE in single-attack IDD games with arbitrary transfer vulnerability values and directed tree graphs over the sites, it is fair to say that there is more work to do in that direction. A particularly interesting question is whether we can establish PPAD-completeness results for arbitrary single-attack IDD games. That would strengthen the hardness (NP-complete) result we present in Section 4.2. The relationship between single-attack IDD games and graphical polymatrix games seems particularly close. Perhaps one may be able to apply existing results on the PPAD-completeness of certain classes of graphical polymatrix games to establish PPAD-completeness in our context. A promising direction is to pursue potential reductions using results such as those of (Cai and Daskalakis [50], Theorem 1.2) and (Daskalakis et al. [29], Lemma 6.3) on (graphical) polymatrix games with “strictly competitive games on the edges” and on 3-additive graphical Nash, respectively.

#### 6.2. Summary of Contributions

## Acknowledgments

## Author Contributions

## Conflicts of Interest

## Abbreviations

AS | autonomous systems |

BRGD | best-response gradient dynamics |

CC | connected components |

DP | dynamic programming (or program) |

FPTAS | fully polynomial-time approximation scheme |

IDD | interdependent security games |

IDS | interdependent security |

IG | Internet game |

MSE | mean-squared-error |

MSNE | mixed-strategy Nash equilibrium (or equilibria) |

PSNE | pure-strategy Nash equilibrium (or equilibria) |

SBRD | smooth best-response dynamics |

## Appendix A

Symbol | Semantics |
---|---|

n | number of sites |

$\left[n\right]$ | $\{1,2,\dots ,n\}$ |

${a}_{i}$ | action (pure strategy) of site i: ${a}_{i}=1$ (“invest”) or ${a}_{i}=0$ ("not invest") |

$\mathbf{a}$ | joint action (pure strategy) for all sites: ${\left({a}_{i}\right)}_{i\in \left[n\right]}$ |

$\mathbf{b}$ | pure strategy of attacker |

${b}_{i}$ | component of attacker’s pure strategy corresponding to site i (i.e., $\mathbf{b}\equiv {\left({b}_{i}\right)}_{i\in \left[n\right]}$): |

${b}_{i}=1$ if attacker directly targets site i; ${b}_{i}=0$ otherwise | |

$\mathcal{B}$ | $\left\{\mathbf{b}\in {\{0,1\}}^{n}\phantom{\rule{0.277778em}{0ex}}\left|\phantom{\rule{0.277778em}{0ex}}{\sum}_{i=1}^{n}{b}_{i}\le 1\right.\right\}$ (Assumption 3) |

${C}_{i}$ | cost to site i of investing in security |

$\mathbf{C}$ | ${\left({C}_{i}\right)}_{i\in \left[n\right]}$ (Definition 1) |

${C}_{i}^{0}$ | cost to attacker for directly targeting site i |

${L}_{i}$ | loss to site i should it experience the “bad event” |

$\mathbf{L}$ | ${\left({L}_{i}\right)}_{i\in \left[n\right]}$ (Definition 1) |

${\alpha}_{i}$ | probability that the transfer of the “bad event” will not caught |

given site i invest in security (i.e., ${a}_{i}=1$) | |

α | ${\left({\alpha}_{i}\right)}_{i\in \left[n\right]}$ |

${\widehat{p}}_{i}$ | conditional probability that site i experience the “bad event” |

given that site i was a direct target (Equation (8)) | |

$\widehat{\mathbf{p}}$ | ${\left({\widehat{p}}_{i}\right)}_{i\in \left[n\right]}$ (Definition5) |

${\widehat{q}}_{ij}$ | conditional probability that site j experience the “bad event” (Equation (9)) |

as result of a transfer from site i | |

$\widehat{\mathbf{Q}}$ | matrix composed of the ${\widehat{q}}_{ij}$’s (Definition 5) |

${\widehat{\Delta}}_{i}$ | ratio of cost to conditional expected loss (Equation (13)): $\frac{{C}_{i}}{{\widehat{p}}_{i}{L}_{i}}$ |

G | directed network graph of sites: $\left(\right[n],E)$ |

$\mathrm{Pa}\left(i\right)$ | set of sites that are parent of site i in G |

$\mathrm{PF}\left(i\right)$ | site i’s parent family: $\mathrm{Pa}\left(i\right)\cup \left\{i\right\}$ |

${k}_{i}$ | $\left|\mathrm{PF}\right(i\left)\right|$ |

${k}_{max}$ | ${max}_{i\in \left[n\right]}{k}_{i}$ |

$\mathrm{Ch}\left(i\right)$ | set of sites that are children of site i in G |

$\mathrm{CF}\left(i\right)$ | site i’s children family: $\mathrm{Ch}\left(i\right)\cup \left\{i\right\}$ |

${e}_{ij}({a}_{j},{b}_{j})$ | probability that site i is safe from j (Equation (10)): ${a}_{j}+(1-{a}_{j})(1-{b}_{j}{\widehat{q}}_{ji})$ |

${s}_{i}({\mathbf{a}}_{\mathrm{Pa}\left(i\right)},{\mathbf{b}}_{\mathrm{Pa}\left(i\right)})$ | external overall safety of site i (Equation (11)): ${\prod}_{j\in \mathrm{Pa}\left(i\right)}{e}_{ij}({a}_{j},{b}_{j})$ |

${r}_{i}({\mathbf{a}}_{\mathrm{Pa}\left(i\right)},{\mathbf{b}}_{\mathrm{Pa}\left(i\right)})$ | external overall risk of site i (Equation (11)): $1-{s}_{i}({\mathbf{a}}_{\mathrm{Pa}\left(i\right)},{\mathbf{b}}_{\mathrm{Pa}\left(i\right)})$ |

${M}_{i}(\mathbf{a},\mathbf{b})$ | cost function of site i (Equation (12)): ${M}_{i}({\mathbf{a}}_{\mathrm{PF}\left(i\right)},{\mathbf{b}}_{\mathrm{PF}\left(i\right)})$ |

$U(\mathbf{a},\mathbf{b})$ | payoff function of attacker (Equation (16)) |

${x}_{i}$ | site i’s individual mixed strategy: probability of investing |

(i.e., probability assigned to ${a}_{i}=1$) | |

$\mathbf{x}$ | joint mixed strategy of all sites: ${\left({x}_{i}\right)}_{i\in \left[n\right]}$ |

P | mixed strategy of attacker |

${y}_{i}$ | probability that attacker directly targets site i: $P({b}_{i}=1)$ |

${y}_{0}$ | probability of no attack: $P(\mathbf{b}=\mathbf{0})$; under Assumption 3, ${y}_{0}=1-{\sum}_{i=1}^{n}{y}_{i}$ |

$\mathbf{y}$ | compact representation of attacker’s mixed strategy under Assumption 3: ${\left({y}_{i}\right)}_{i\in \left[n\right]}$, |

where ${y}_{i}=P({b}_{i}=1)=P({b}_{i}=1,{\mathbf{b}}_{-i}=\mathbf{0})$ and ${\sum}_{\mathbf{b}}P\left(\mathbf{b}\right)={\sum}_{i=0}^{n}{y}_{i}=1$ | |

${L}_{i}^{0}\left({x}_{i}\right)$ | $(1-{x}_{i})({\widehat{p}}_{i}{L}_{i}+{\sum}_{j\in \mathrm{Ch}\left(i\right)}{\widehat{q}}_{ij}{L}_{j})$ |

${\overline{L}}_{i}^{0}$ | ${L}_{i}^{0}\left(0\right)={\widehat{p}}_{i}{L}_{i}+{\sum}_{j\in \mathrm{Ch}\left(i\right)}{\widehat{q}}_{ij}{L}_{j}$ (Equation (41)) |

${M}_{i}^{0}\left({x}_{i}\right)$ | ${L}_{i}^{0}\left({x}_{i}\right)-{C}_{i}^{0}$ |

${\overline{M}}_{i}^{0}$ | ${M}_{i}^{0}\left(0\right)={\overline{L}}_{i}^{0}-{C}_{i}^{0}$ (Equation (42)) |

${\eta}_{i}^{0}$ | ${C}_{i}^{0}/{\overline{L}}_{i}^{0}$ (Equation (43)) |

$U(\mathbf{x},\mathbf{y})$ | expected payoff of attacker under Assumption 3 (Equation (44)): ${\sum}_{i=1}^{n}{y}_{i}{M}_{i}^{0}\left({x}_{i}\right)$ |

${r}_{i}({\mathbf{a}}_{\mathrm{Pa}\left(i\right)},{\mathbf{y}}_{\mathrm{Pa}\left(i\right)})$ | external overall risk of site i |

when the sites in $\mathrm{Pa}\left(i\right)$ use joint action ${\mathbf{a}}_{\mathrm{Pa}\left(i\right)}$ (Equation (34)): ${\sum}_{j\in \mathrm{Pa}\left(i\right)}{y}_{j}(1-{a}_{j}){\widehat{q}}_{ji}$ |

## Appendix B. Proofs Missing from the Main Body of the Article

#### Appendix B.1. Proof of Lemma 1

#### Appendix B.2. Proof of Proposition 1

#### Appendix B.3. Proof of Proposition 2

- If there is some attack, then ${b}_{l}^{*}=1$ for some site $l\in \left[n\right]$, and for all $i\ne l$, ${b}_{i}^{*}=0$. In addition, because ${\mathbf{b}}^{*}$ is consistent with the aggressor’s best response to ${\mathbf{a}}^{*}$, we have, using the condition given in Equation (46) above,$$\begin{array}{c}\hfill (1-{a}_{l}^{*})\left({\widehat{p}}_{l}{L}_{l}+\sum _{j\in \mathrm{Ch}\left(l\right)}{\widehat{q}}_{lj}({a}_{j}^{*}{\alpha}_{j}+(1-{a}_{j}^{*})){L}_{j}\right)\ge {C}_{l}^{0}>0\phantom{\rule{0.277778em}{0ex}},\end{array}$$$${C}_{l}+{\alpha}_{l}{r}_{l}({\mathbf{a}}_{\mathrm{Pa}\left(l\right)}^{*},{\mathbf{b}}_{\mathrm{Pa}\left(l\right)}^{*}){L}_{l}\ge {\widehat{p}}_{l}{L}_{l}+(1-{\widehat{p}}_{l}){r}_{l}({\mathbf{a}}_{\mathrm{Pa}\left(l\right)}^{*},{\mathbf{b}}_{\mathrm{Pa}\left(l\right)}^{*}){L}_{l}\phantom{\rule{0.277778em}{0ex}}.$$$${C}_{l}\ge {\widehat{p}}_{l}{L}_{l}\phantom{\rule{0.277778em}{0ex}},$$
- If there is no attack, then ${\mathbf{b}}^{*}=\mathbf{0}$. In this case, the site’s best-response conditions imply ${\mathbf{a}}^{*}=\mathbf{0}$. From the attacker’s best-response condition we obtain$${\widehat{p}}_{l}{L}_{l}+\sum _{j\in \mathrm{Ch}\left(l\right)}{\widehat{q}}_{lj}{L}_{j}\le {C}_{l}^{0}\phantom{\rule{0.277778em}{0ex}},$$

#### Appendix B.4. Proof of Proposition 3

#### Appendix B.5. Proof of Lemma 2

#### Appendix B.6. Proof of Proposition 4

#### Appendix B.7. Proof of Proposition 5

**Claim**

**2.**

**Proof.**

**Proposition**

**6.**

**Proof.**

**Lemma**

**3.**

**Proof.**

**Claim**

**3.**

**Proof.**

**Lemma**

**4.**

**Proof.**

**Proposition**

**7.**

- 1.
- There may not be an attack with probability of no attack equal to one minus the cost-to-conditional expected-loss of all defenders: for all defenders i $1>{y}_{0}=1-{\sum}_{i=1}^{n}{\widehat{\Delta}}_{i}>0$.
- 2.
- Every defender has non-zero chance of being attacked directly, and this probability equals the respective defender’s cost-to-conditional expected-loss of defender: for all defenders $i\in \left[n\right]$, ${y}_{i}={\widehat{\Delta}}_{i}>0$.
- 3.
- Every defender invests some but none does fully, and in particular, the probability a defender does not invest equals the respective cost-to-loss ratio to the attacker: for all defenders $i\in \left[n\right]$, $0<{x}_{i}=1-{\eta}_{i}^{0}<1$.

**Proof.**

**Proposition**

**8.**

- 1.
- There is always an attack: ${y}_{0}=0$.
- 2.
- Every defender has non-zero chance of being attacked directly, and this probability equals the respective defender’s cost-to-conditional expected-loss of defender i: for all defenders $i\in \left[n\right]$, ${y}_{i}={\widehat{\Delta}}_{i}>0$.
- 3.
- No defender invests fully, and the possible investment probabilities are connected by a 1-d line segment in ${\mathbb{R}}^{n}$:$$\begin{array}{c}\hfill {x}_{i}=1-\frac{v+{C}_{i}^{0}}{{\overline{L}}_{i}^{0}}\phantom{\rule{4.pt}{0ex}}for\phantom{\rule{4.pt}{0ex}}all\phantom{\rule{4.pt}{0ex}}i\in \left[n\right]\end{array}$$

**Proof.**

**Lemma**

**5.**

**Proof.**

**Lemma**

**6.**

**Proof.**

**Proposition**

**9.**

**Proof.**

**Proposition**

**10.**

**Proof.**

**Proposition**

**11.**

- 1.
- There is always an attack: ${y}_{0}=0$.
- 2.
- There exists a non-singleton, non-empty subset $I\subset \left[n\right]$, such that ${min}_{i\in I}{\overline{M}}_{i}^{0}\ge {max}_{k\notin I}{\overline{M}}_{k}^{0}$, if $I\ne \left[n\right]$, and the following holds.
- (a)
- No defender outside I invests or is attacked directly: ${x}_{k}=0$ and ${y}_{k}=0$ for all $k\notin I$.
- (b)
- Let $J\equiv \underset{i\in I}{arg\phantom{\rule{0.166667em}{0ex}}min}{\overline{M}}_{i}^{0}$. No defender in J invests and the probability of that defender being attacked directly is at most the defender’s cost-to-expected-loss ratio: for all $i\in J$, ${x}_{i}=0$ and $0\le {y}_{i}\le {\widehat{\Delta}}_{i}$; in addition, ${\sum}_{i\in J}{y}_{i}=1-{\sum}_{t\in I-J}{\widehat{\Delta}}_{i}$.
- (c)
- Every defender in $I-J$ partially invests and has positive probability of being attacked directly equal to the defender’s cost-to-expected-loss ratio: for all $i\in I-J$, ${y}_{i}={\widehat{\Delta}}_{i}$ and$$0<{x}_{i}=1-\frac{{min}_{t\in I}{\overline{M}}_{t}^{0}+{C}_{i}^{0}}{{\overline{L}}_{i}^{0}}<1.$$

**Proof.**

**Claim**

**4.**

**Proof.**

#### Appendix B.8. Proof of Claim 1

#### Appendix B.9. Proof of Theorem 2

- There are $n=2c+m$ players: two players for each clause and a player for each variable. The clause players and the variable players are indexed from 1 to $2c$ and $2c+1$ to $2c+m$, respectively.
- First, we find $1>{L}^{\u2033}>{C}^{\u2033}>0$ and $1>{\widehat{p}}^{\u2033}>\frac{{C}^{\u2033}}{{L}^{\u2033}}$ such that $0<\frac{{C}^{\u2033}}{{L}^{\u2033}{\widehat{p}}^{\u2033}}<1$. Next, we find $\widehat{q}\in [0,1]$ such that $0<\widehat{q}<min\{\frac{{L}^{\u2033}{\widehat{p}}^{\u2033}}{3{C}^{\u2033}},1\}$. For completeness, we find $1>{\alpha}^{\u2033}>0$. For each variable player $i\in \{2c+1,...,2c+m\}$, let ${C}_{i}={C}^{\u2033}$, ${\alpha}_{i}={\alpha}^{\u2033}$, ${L}_{i}={L}^{\prime}$, ${\widehat{p}}_{i}={\widehat{p}}^{\u2033}$, and ${y}_{i}=\frac{{C}_{i}}{{L}_{i}{\widehat{p}}_{i}}$.The variable players are indifferent from playing the action “invest” or “not invest.”
- Next, using the values of the parameters defined above, we find $0<C<L<1$, $1>\widehat{p}>\frac{C}{L}>0$, $0<y<\frac{C}{L\widehat{p}}$, and $1>\alpha >0$ such that $\frac{3{C}^{\u2033}\widehat{q}}{{L}^{\u2033}{\widehat{p}}^{\u2033}}>\frac{1}{1-\alpha}\left(\frac{C}{L}-y\widehat{p}\right)>\frac{2{C}^{\u2033}\widehat{q}}{{L}^{\u2033}{\widehat{p}}^{\u2033}}$. Indeed, such value is always possible as we can make α and y to be arbitrarily small so that $\frac{1}{1-\alpha}\left(\frac{C}{L}-y\widehat{p}\right)\approx \frac{C}{L}$.For each clause player $i\in \left[c\right]$ such that ${\mathrm{F}}_{i}=\left({\vee}_{j=1}^{3}{\mathrm{v}}_{{i}_{j}}\right)$, ${q}_{({i}_{j}+2c)i}=\widehat{q}$ for all j. To set the remaining parameters, for each clause player $i\in \left[c\right]$, set ${C}_{i}=C$, ${L}_{i}=L$, ${\alpha}_{i}=\alpha $, ${p}_{i}=p$, and ${y}_{i}=y$.
- Then, using the same values of the parameters defined for the variable players, we find $0<{C}^{\prime}<{L}^{\prime}<1$, $1>{\widehat{p}}^{\prime}>\frac{{C}^{\prime}}{{L}^{\prime}}>0$, $0<{y}^{\prime}<\frac{{C}^{\prime}}{{L}^{\prime}{\widehat{p}}^{\prime}}$, and $1>{\alpha}^{\prime}>0$ such that $\frac{2{C}^{\u2033}\widehat{q}}{{L}^{\u2033}{\widehat{p}}^{\u2033}}>\frac{1}{1-{\alpha}^{\prime}}\left(\frac{{C}^{\prime}}{{L}^{\prime}}-{y}^{\prime}{\widehat{p}}^{\prime}\right)>\frac{{C}^{\u2033}\widehat{q}}{{L}^{\u2033}{\widehat{p}}^{\u2033}}$.For each clause player $i\in \{c+1,...,2c\}$ such that ${\mathrm{F}}_{i-c}=\left({\vee}_{j=1}^{3}{\mathrm{v}}_{{(i-c)}_{j}}\right)$, ${q}_{({\left(c-i\right)}_{j}+2c)i}=q$ for all j. To set the remaining parameters, for each clause player $i\in \{c+1,...,2c\}$, set ${C}_{i}={C}^{\prime}$, ${L}_{i}={L}^{\prime}$, ${\alpha}_{i}={\alpha}^{\prime}$, ${p}_{i}={p}^{\prime}$, and ${y}_{i}={y}^{\prime}$.
- Here, we construct a partial action profile for some of the players. In particular, for each clause player $i\in \left[c\right]$, ${a}_{i}=0$ and ${a}_{i+c}=1$. Thus, we are giving a partial action profile of all clause players. For completeness, let ${y}_{0}=1-{\sum}_{i=1}^{n}{y}_{i}$.

**Lemma**

**7.**

**Proof.**

**Lemma**

**8.**

**Proof.**

## Appendix C. Pseudocode for Exact Algorithm to Compute All MSNE in Single-Attack Fully-Transfer-Vulnerable IDD Games

Algorithm A1: Compute All MSNE of a Fully Transfer-Vulnerable Single-Attack IDD Game. |

Algorithm A2: Subroutine to Compute the Unique MSNE of a Fully Transfer-Vulnerable Single-Attack IDD Game with ${\sum}_{i=1}^{n}{\widehat{\Delta}}_{i}<1$. |

Algorithm A3: Subroutine to Compute (a Simple Linear Representation of) All MSNE of a Fully Transfer-Vulnerable Single-Attack IDD Game with ${\sum}_{i=1}^{n}{\widehat{\Delta}}_{i}=1$. |

Input: n, $\widehat{\Delta}$, ${\overline{\mathbf{L}}}^{0}$, ${\mathbf{C}}^{0}$ |

Output: The set $\mathcal{NE}$ of All MSNE for this Case |

foreach $i=1$ to n do |

|${y}_{i}\leftarrow {\widehat{\Delta}}_{i}$ |

end |

${y}_{0}\leftarrow 0$ |

${\mathcal{X}}_{0}\leftarrow \{\mathbf{x}\ge 0\mid (1-{x}_{1}){\overline{L}}_{1}^{0}-{C}_{1}^{0}=\cdots =(1-{x}_{n}){\overline{L}}_{n}^{0}-{C}_{n}^{0}\ge 0\}$ |

$\mathcal{NE}\leftarrow {\mathcal{X}}_{0}\times \left\{\mathbf{y}\right\}$ |

return $\mathcal{NE}$ |

Algorithm A4: Subroutine to Compute (a Simple Simplex Representation of) All MSNE of a Fully Transfer-Vulnerable Single-Attack IDD Game with ${\sum}_{i=1}^{n}{\widehat{\Delta}}_{i}>1$. |

## Appendix D. FPTAS for Computing an ϵ-MSNE in IDD Games with Directed-Tree Graphs

#### Appendix D.1. Directed Stars

#### Appendix D.1.1. Upstream Pass: Collection of Conditional ϵ-MSNE Computation

#### Appendix D.1.2. Downstream Pass: Assignment Phase

**Theorem**

**4.**

**Lemma**

**9.**

**Proof.**

**Corollary**

**2.**

#### Appendix D.2. Directed Trees

**Lemma**

**10.**

## Appendix E. Multiple Attackers

#### Appendix E.1. Pure Strategies

#### Appendix E.2. Mixed Strategies

**Proposition**

**12.**

- 1.
- For all sites $i\in \left[n\right]$, the parent-family marginals ${\tilde{P}}_{\mathrm{PF}\left(i\right)}^{l}={P}_{\mathrm{PF}\left(i\right)}^{l}$ agree, and
- 2.
- the PMF ${\tilde{P}}^{l}$ decomposes as$${\tilde{P}}^{l}\left({\mathbf{b}}_{{\mathcal{S}}_{l}}^{l}\right)\propto \prod _{i\in {\mathcal{S}}_{l}}{\Phi}_{\mathrm{PF}\left(i\right)}^{l}\left({\mathbf{b}}_{\mathrm{PF}\left(i\right)}^{l}\right)$$

**Corollary**

**3.**

#### Appendix E.3. Attackers with Limited Mixed Strategies

**α**-IDS game in which each ${p}_{i}={y}_{i}{\widehat{p}}_{i}$ and ${q}_{ji}={y}_{j}{\widehat{q}}_{ji}$ (see Definition 4 and Equation (7)). It is also important to note that, in general, Nash’s Existence Theorem does imply that that subgame over the sites only, given the attackers’ mixed-strategies, regardless of their structure or restrictions, always has an MSNE. This is because, given the attackers’ mixed strategies, the subgame over the sites only is a 2-action finite game in parametric-form.

#### Appendix E.4. Brief Remarks on Computing Equilibria in Multi-Attacker Settings

## References

- Bier, V.M.; Azaiez, M.N. Game Theoretic Risk Analysis of Security Threats; Springer: New York, NY, USA, 2009. [Google Scholar]
- Cárceles-Poveda, E.; Tauman, Y. A Strategic Analysis of the War against Transnational Terrorism. Games Eco. Behav.
**2011**, 7, 49–65. [Google Scholar] [CrossRef] - Kunreuther, H.; Heal, G. Interdependent Security. J. Risk Uncertain.
**2003**, 26, 231–249. [Google Scholar] [CrossRef] - Heal, G.; Kunreuther, H. IDS Models of Airline Security. J. Confl. Resolut.
**2005**, 49, 201–217. [Google Scholar] [CrossRef] - O’Connor, A.; Schmitt, E. Terror Attempt Seen as Man Tries to Ignite Device on Jet. The New York Times, 2009. Available online: http://www.nytimes.com/2009/12/26/us/26plane.html (accessed on 31 August 2010).
- Gkonis, K.; Psaraftis, H. Container transportation as an interdependent security problem. J. Transp. Secur.
**2010**, 3, 197–211. [Google Scholar] [CrossRef] - Johnson, B.; Grossklags, J.; Christin, N.; Chuang, J. Uncertainty in Interdependent Security Games. In Proceedings of the First International Conference on Decision and Game Theory for Security, GameSec’10, Berlin, Germany, 22–23 November 2010; Springer: Berlin/Heidelberg, Germany, 2010; pp. 234–244. [Google Scholar]
- Fultz, N.; Grossklags, J. Blue versus Red: Towards a Model of Distributed Security Attacks. In Financial Cryptography and Data Security; Dingledine, R., Golle, P., Eds.; Springer: Berlin/Heidelberg, Germany, 2009; pp. 167–183. [Google Scholar]
- Roy, S.; Ellis, C.; Shiva, S.; Dasgupta, D.; Shandilya, V.; Wu, Q. A Survey of Game Theory as Applied to Network Security. In Proceedings of the 2010 43rd Hawaii International Conference on System Sciences, HICSS ’10, Honolulu, HI, USA, 5–8 January 2010; IEEE Computer Society: Washington, DC, USA, 2010; pp. 1–10. [Google Scholar]
- Syverson, P.F.; Systems, A.C. A Different Look at Secure Distributed Computation. In Proceedings of the CSFW-10, Rockport, MA, USA, 10–12 June 1997; IEEE Computer Society Press: Washington, DC, USA, 1997; pp. 109–115. [Google Scholar]
- Lye, K.W.; Wing, J. Game Strategies in Network Security. In Proceedings of the Workshop on Foundations of Computer Security, Cape Breton, NS, Canada, 24–26 June 2002; pp. 1–2.
- Jain, M.; Korzhyky, D.; Vanek, O.; Conitzery, V.; Pechoucek, M.; Tambe, M. A Double Oracle Algorithm for Zero-Sum Security Games on Graphs. In Proceedings of the AAMAS, Taipei, Taiwan, 2–6 May 2011.
- Kiekintveld, C.; Jain, M.; Tsai, J.; Pita, J.; Ordóñez, F.; Tambe, M. Computing Optimal Randomized Resource Allocations for Massive Security Games. In Proceedings of the AAMAS, Budapest, Hungary, 10–15 May 2009; pp. 689–696.
- Korzhyk, D.; Conitzer, V.; Parr, R. Complexity of Computing Optimal Stackelberg Strategies in Security Resource Allocation Games. In Proceedings of the AAAI, Atlanta, GA, USA, 11–15 July 2010.
- Korzhyk, D.; Conitzer, V.; Parr, R. Security Games with Multiple Attacker Resources. In Proceedings of the IJCAI, Catalonia, Spain, 16–22 July 2011; pp. 273–279.
- Korzhyk, D.; Conitzer, V.; Parr, R. Solving Stackelberg Games with Uncertain Observability. In Proceedings of the AAMAS, Taipei, Taiwan, 2–6 May 2011; pp. 1013–1020.
- Smith, A.; Vorobeychik, Y.; Letchford, J. MultiDefender Security Games on Networks. SIGMETRICS Perform. Eval. Rev.
**2014**, 41, 4–7. [Google Scholar] [CrossRef] - Lou, J.; Vorobeychik, Y. Equilibrium Analysis of Multi-Defender Security Games. In Proceedings of the International Joint Conference on Artificial Intelligence, Buenos Aires, Argentina, 25–31 July 2015.
- Laszka, A.; Lou, J.; Vorobeychik, Y. Multi-Defender Strategic Filtering Against Spear-Phishing Attacks. In Proceedings of the AAAI, Phoenix, AZ, USA, 12–17 February 2016.
- Liu, P. Incentive-Based Modeling and Inference of Attacker Intent, Objectives, and Strategies. In Proceedings of the 10th ACM Computer and Communications Security Conference (CCS’03), Washington, DC, USA, 27–30 October 2003; pp. 179–189.
- Cremonini, M.; Nizovtsev, D. Understanding and Influencing Attackers’ Decisions: Implications for Security Investment Strategies. In Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS 2006), Cambridge, UK, 26–28 June 2006.
- Merlevede, J.S.A.; Holvoet, T. Game Theory and Security: Recent History and Future Directions. In Decision and Game Theory for Security, Proceedings of the 6th International Conference, GameSec 2015, London, UK, 4–5 November 2015; Khouzani, M., Panaousis, E., Theodorakopoulos, G., Eds.; Springer International Publishing: Cham, Switzerland, 2015; pp. 334–345. [Google Scholar]
- Agiwal, S.; Mohtadi, H. Risk Mitigating Strategies in the Food Supply Chain. In Proceedings of the American Agricultural Economics Assocation (Annual Meeting), Orlando, FL, USA, 27–29 July 2008.
- Dvijotham, K.; Chertkov, M.; Van Hentenryck, P.; Vuffray, M.; Misra, S. Graphical models for optimal power flow. Constraints
**2016**, 1–26. [Google Scholar] [CrossRef] - Kearns, M.; Ortiz, L.E. Algorithms for Interdependent Security Games. In Proceedings of the Neural Information Processing Systems (NIPS), Whistler, BC, Canada, 11–13 December 2003.
- Gottlob, G.; Greco, G.; Scarcello, F. Pure Nash equilibria: Hard and easy games. J. Artif. Intell. Res.
**2005**, 24, 357–406. [Google Scholar] - Gilboa, I.; Zemel, E. Nash and correlated equilibria: Some complexity considerations. Games Econ. Behav.
**1989**, 1, 80–93. [Google Scholar] [CrossRef] - Chen, X.; Deng, X.; Teng, S.H. Settling the complexity of computing two-player Nash equilibria. J. ACM
**2009**, 56, 1–57. [Google Scholar] [CrossRef] - Daskalakis, C.; Goldberg, P.W.; Papadimitriou, C.H. The Complexity of Computing a Nash Equilibrium. SIAM J. Comput.
**2009**, 39, 195–259. [Google Scholar] [CrossRef] - Papadimitriou, C.H. On the Complexity of the Parity Argument and Other Inefficient Proofs of Existence. J. Comput. Syst. Sci.
**1994**, 48, 498–532. [Google Scholar] [CrossRef] - Daskalakis, C.; Goldberg, P.W.; Papadimitriou, C.H. The complexity of computing a Nash equilibrium. Commun. ACM
**2009**, 52, 89–97. [Google Scholar] [CrossRef][Green Version] - Conitzer, V.; Sandholm, T. New complexity results about Nash equilibria. Games Econ. Behav.
**2008**, 63, 621–641. [Google Scholar] [CrossRef] - Shavitt, Y.; Shir, E. DIMES—Letting the Internet Measure Itself. Available online: http://www.arxiv.org/abs/cs.NI/0506099 (accessed on 25 January 2017).
- Shavitt, Y.; Shir, E. DIMES: Let the Internet Measure Itself. ACM SIGCOMM Comput. Commun. Rev.
**2005**, 35, 71–74. [Google Scholar] [CrossRef] - Fudenberg, D.; Levine, D. The Theory of Learning in Games; MIT Press: Cambridge, MA, USA, 1999. [Google Scholar]
- Kearns, M. Graphical Games. In Algorithmic Game Theory; Nisan, N., Roughgarden, T., Éva, T., Vaziran, V.V., Eds.; Cambridge University Press: Cambridge, UK, 2007; pp. 159–180. [Google Scholar]
- Kearns, M.; Littman, M.; Singh, S. Graphical Models for Game Theory. In Proceedings of the Conference on Uncertainty in Artificial Intelligence, Seattle, WA, USA, 2–5 August 2001; pp. 253–260.
- Heal, G.; Kunreuther, H. You Only Die Once: Managing Discrete Interdependent Risks. Technical Report W9885. NBER, 2003. Working Paper. Available online: http://ssrn.com/abstract=430599 (accessed on 25 January 2017).
- Heal, G.; Kunreuther, H. Modeling Interdependent Risks. Risk Anal.
**2007**, 27, 621–634. [Google Scholar] [CrossRef] [PubMed] - Ortiz, L.E. On Sparse Discretization for Graphical Games. CoRR
**2014**. abs/1411.3320. [Google Scholar] - Irfan, M.T.; Ortiz, L.E. On influence, stable behavior, and the most influential individuals in networks: A game-theoretic approach. Artif. Intell.
**2014**, 215, 79–119. [Google Scholar] [CrossRef] - Koller, D.; Friedman, N. Probabilistic Graphical Models: Principles and Techniques; MIT Press: Cambridge, MA, USA, 2009. [Google Scholar]
- Kakade, S.; Kearns, M.; Langford, J.; Ortiz, L. Correlated Equilibria in Graphical Games. In Proceedings of the 4th ACM conference on Electronic commerce, EC ’03, San Diego, CA, USA, 9–12 June 2003; ACM: New York, NY, USA, 2003; pp. 42–47. [Google Scholar]
- Aumann, R. Subjectivity and Correlation in Randomized Strategies. J. Math. Econ.
**1974**, 1, 67–96. [Google Scholar] [CrossRef] - Aumann, R. Correlated Equilibrium as an Expression of Bayesian Rationality. Econometrica
**1987**, 55, 1–18. [Google Scholar] [CrossRef] - Jaynes, E.T. Information Theory and Statistical Mechanics. Phys. Rev.
**1957**, 106, 620–630. [Google Scholar] [CrossRef] - Kearns, M.; Ortiz, L.E. Algorithms for Interdependent Security Games. In Advances in Neural Information Processing Systems 16; Thrun, S., Saul, L.K., Schölkopf, B., Eds.; MIT Press: Cambridge, MA, USA, 2004; pp. 561–568. [Google Scholar]
- Dyer, M.; Frieze, A.; Kannan, R. A random polynomial time algorithm for approximating the volume of a convex body. JACM
**1991**, 38, 1–17. [Google Scholar] [CrossRef] - Elkind, E.; Goldberg, L.A.; Goldberg, P.W. Nash Equilibria in Graphical Games on Trees Revisited. In Proceedings of the 7th ACM Conference on Electronic Commerce, EC ’06, Ann Arbor, MI, USA, 11–15 June 2006; pp. 100–109.
- Cai, Y.; Daskalakis, C. On Minmax Theorems for Multiplayer Games. In Proceedings of the Twenty-second Annual ACM-SIAM Symposium on Discrete Algorithms, SODA ’11, San Francisco, CA, USA, 23–25 January 2011; Society for Industrial and Applied Mathematics: Philadelphia, PA, USA, 2011; pp. 217–234. [Google Scholar]
- Singh, S.P.; Kearns, M.J.; Mansour, Y. Nash Convergence of Gradient Dynamics in General-Sum Games. In Proceedings of the UAI, Stanford, CA, USA, 30 June–3 July 2000; pp. 541–548.
- Kearns, M. Economics, Computer Science, and Policy. Issues Sci. Technol. Available online: http://issues.org/21-2/kearns/ (accessed on 25 January 2017).
- McKelvey, R.D.; Palfrey, T.R. Quantal Response Equilibria for Normal Form Games. Games Econ. Behav.
**1995**, 10, 6–38. [Google Scholar] [CrossRef] - Kleinberg, J. Cascading Behavior in Networks: Algorithmic and Economic Issues. In Algorithmic Game Theory; Nisan, N., Roughgarden, T., Éva, Tardos., Vazirani, V.V., Eds.; Cambridge University Press: Cambridge, UK, 2007; pp. 613–632. [Google Scholar]
- Cover, T.M.; Thomas, J.A. Elements of Information Theory, 2nd ed.; Wiley & Sons: New York, NY, USA, 2006. [Google Scholar]
- Boyd, S.; Vandenberghe, L. Convex Optimization; Cambridge University Press: Cambridge, UK, 2006. [Google Scholar]
- Garey, M.R.; Johnson, D.S. Computers and Intractability: A Guide to the Theory of NP-Completeness; W. H. Freeman & Co.: New York, NY, USA, 1979. [Google Scholar]
- Vazirani, V.V. Approximation Algorithms; Springer: New York, NY, USA, 2001. [Google Scholar]
- Bellman, R.E. Dynamic Programming; Dover Publications: Mineola, NY, USA, 2003. [Google Scholar]
- Nash, J. Non-cooperative games. Ann. Math.
**1951**, 54, 286–295. [Google Scholar] [CrossRef]

^{1.}Note that even if full screening were performed, the Christmas Day 2009 episode in Detroit [5] serves as a reminder that transfer risk still exists.^{2.}Throughout this article, we often used “attacker(s)” and “aggressor(s)” interchangeably as a way to remind the reader that our model handles a variety of interdependent security settings beyond airline or Internet infrastructure security.^{3.}We note that the original IDS games were also fully transfer-vulnerable and assumed one-hop transfers.^{4.}Or as Heal and Kunreuther [38] put it, “You Only Die Once.”^{5.}By ${2}^{\{0,1\}}$ we mean the power set of $\{0,1\}$ which equals $\{\varnothing ,\{0\},\{1\},\{0,1\left\}\right\}$.^{6.}A similar extension was also proposed independently by Heal and Kunreuther [39].^{7.}By “strategic” here we mean that the action of an individual entity may depend on those of others in the population.^{8.}We should note that the terms “$-{a}_{i}{C}_{i}$” are actually strategically irrelevant, and could have been removed. That doing so is sound will become clear when we define the best-response correspondence of the attacker (Equation (17)). We decided to keep those terms to explicitly express the notion that the attacker does not care about the cost for investments that any player may incur.^{9.}Note that ${\mathcal{BR}}_{0}\left(\mathbf{a}\right)={arg\; max}_{\mathbf{b}\in {\{0,1\}}^{n}}{\sum}_{i=1}^{n}{M}_{i}({\mathbf{a}}_{\mathrm{PF}\left(i\right)},{\mathbf{b}}_{\mathrm{PF}\left(i\right)})-{b}_{i}{C}_{i}^{0}$, because the term $-{\sum}_{i=1}^{n}{a}_{i}{C}_{i}$ is not a function of $\mathbf{b}$.^{10.}In other words, $\tilde{P}$ is a Gibbs distribution with respect to the undirected “moralized” graph that results from adding an (undirected) edge among every pair of parents of every node to the original directed graph of the game and ignoring the directions of the edges in the original game graph. We refer the reader to Koller and Friedman [42] for a textbook introduction to concepts from probabilistic graphical models.^{11.}Note that this does not mean that the expected loss caused by a player that does not invest but is attacked, $L\left(\widehat{p}+\delta \left|\mathrm{Ch}\left(i\right)\right|\right)$, is the same for all players.^{12.}Distinct ${\overline{M}}_{i}^{0}$’s for the set of defenders at which the sum goes over one is sufficient to guarantee unique MSNE.^{13.}We note that proving that computing an MSNE in IDD games is PPAD-complete would be more appropriate, since there always exists an MSNE in IDD games, but we will leave that question for future work.^{14.}Recall the probability of no attack ${y}_{0}=1-{\sum}_{i=1}^{n}{y}_{i}$.^{15.}While some results presented here are for a single instance of the Internet game for each ϵ, the results are typical of multiple instances. Our observations are robust to the experimental randomness in both the Internet game parameters and the initialization of BRGD. For the sake of simplicity of presentation, we discuss results based on a single instance of the Internet game, and in some cases based on a single BRGD run. Note that, for each ϵ value we considered, the Internet game parameters remain constant within different BRGD runs. BRGD always converged within 2000 iterations (except 6 runs for $\u03f5=0.001$).^{16}Throughout the proof, to simplify notation, we drop the ‘*’ superscript used in the main text to denote MSNE.^{17}Note that ${\mathbf{b}}_{l}={\mathbf{b}}_{{S}_{l}}^{l}$, thus consistent with the notation. Note also that, when clear from context, singleton sets are denoted without the set bracket.^{18}By defining the cost functions of each player i this way, i.e., based on the definition of the attack function ${t}_{i}$ given, we are implicitly subscribing to the “you only die once” principle [38], because even if multiple attacks on any site i are successful, the loss ${L}_{i}$ induced by the attack is the same as if a single attack were successful. Variations of this model that would make ${L}_{i}$ depend on the number of successful attacks that are possible, but not pursued here. Also, in the case of multiple attackers, one may consider ${\widehat{p}}_{i}$ a function of ${\mathbf{b}}_{i}$, and more specifically, the number of attacks on site i.

**Figure 1.**Histograms of Indegree and Outdegree of the Nodes of the Internet Graph from DIMES at the Level of Autonomous Systems (AS). The bar graphs show (the logarithm, base 10, of) the number nodes with a particular outdegree (

**a**) and indegree (

**b**) value. (The graphs only show the in/out degrees with a non-zero number of nodes.)

**Figure 2.**Indegree and Outdegree of the Nodes of the AS-level Intenet Graph from DIMES. The scatter plot shows the indegree and outdegree pairs of the AS nodes in logarithmic (base 10) scale.

**Figure 3.**Convergence Rate of Best-Response Gradient Dynamics (BRGD) Heuristic for Computing an Approximate Mixed Strategy Nash Equilibrium (MSNE). The plots in this figure present the number of iterations of BRGD as a function of ϵ under the two experimental conditions: Internet games with fixed (

**a**) and randomly-generated parameters (

**b**). Applying mean-squared-error (MSE) regression to the left-hand and right-hand graphs, we obtain a functional expression for the number of iterations ${N}^{F}\left(\u03f5\right)$ = 0.00003 ${\u03f5}^{-2.547}$ (${R}^{2}=0.90415$) and ${N}^{R}\left(\u03f5\right)$ = 0.0291 ${\u03f5}^{-1.589}$ (${R}^{2}=0.9395$), respectively (i.e., low-degree polynomials of $1/\u03f5$).

**Figure 4.**Attacker’s Equilibrium Strategy on an Internet Game Instance (Fixed). The graph shows the values of ${y}_{i}^{*}>0$ for each node i, sorted in decreasing order (in log-log scale), for attacker’s Strategy A (blue/denser-dots line) and Strategy B (red/sparser-dots line) at an MSNE of the single instance of the Internet game.

**Figure 5.**Attacker’s Equilibrium Strategy and the Degrees of the Nodes. The top graph (

**a**), which depicts Strategy A (all 27106 nodes), shows the probability of attack (y-axis) of a node and its corresponding outdegree (x-axis) in logarithmic (base 10) scale. The bottom graphs, (

**b**) and (

**c**), show the indegree (y-axis) of a node and its corresponding outdegree (x-axis) in logarithmic (base 10) scale of Strategy B: the graphs on the left and right consist of the (1780) nodes with nonzero probability of attack and the (25326) nodes with zero probability of attack, respectively.

**Figure 6.**Attacker’s and Site’s ϵ-mixed-strategy Nash equilibria (MSNE) Strategies for a Randomly-Generated Internet Game. The graphs show the empirical distributions of the probability of attack (

**a**) and histograms of the probability of investment (

**b**), for different ϵ-value conditions encoded in the right-hand side of the plots (i.e., from $0.001$ to $0.009$). In both graphs, the distributions and histograms found for each ϵ value considered are drawn in the same corresponding graph superimposed. The left-hand graph plots the distribution of ${y}_{i}$ where the nodes are ordered decreasingly based on the ${y}_{i}$ value. The right-hand bar graph shows histograms of the probability of investing in defense/security measures based on the following sequence of 10 ranges partitioning the unit interval: $\left(\right[0,0.1],(0.1,0.2],...,(0.9,1\left]\right)$.

**Figure 7.**Attacker’s Strategy at ϵ-MSNE. The x-axis of the graphs (

**a**), (

**b**), and (

**c**) represents the ϵ value and their y-axis represents the number of iterations until convergence (or 2000 iterations max) to some ϵ-MSNE, the number of nodes that are being attacked, and the highest probability of attack, respectively. The scatter plot in graph (

**d**) shows the relation between the number of nodes that are being attacked and the highest probability of attack in x-axis and y-axis, respectively.

**Figure 8.**Attacker’s ϵ-MSNE Strategy vs. Node Degrees. Average indegree (

**a**) and outdegree (

**b**) of nodes potentially attacked in terms of the ϵ-MSNE.

**Figure 9.**The Structure of an Attack to the Internet. The 3-d graph (

**a**) corresponds to the top 402 Internet autonomous systems (AS)-level nodes most likely to be attacked according to our model at $0.005$-MSNE, and their neighbors (i.e., both parent and children family). Graph (

**b**) is a 2-d projection of the 3-d graph (

**a**). The self-loops mark the nodes that are actually attacked. For the most part, the graph structures exhibit very dense clustering. Bar graph (

**c**) corresponds to the number of connected components (CCs) of the top 402 Internet AS-level nodes that are most likely to be attacked. Bar graph (

**d**) shows the number of nodes with the probability of investing in defense/security measures within the range of $\left(\right[0,0.1],(0.1,0.2],...,(0.9,1\left]\right)$. Some properties of the graph corresponding to the network structure are shown on the upper corner of graph (

**c**). The graph consists of 1606 nodes, 2044 edges, and 75 CCs. Out of the 75 CCs, the largest CC contains 1427 nodes and the smallest CC consists of just 1 node (there are only 4 of them). There are 46 of 2-CC (CC with only 2 nodes), 20 of 3-CC, 1 of 4-CC, 1 of 5-CC, and 2 of 7-CC. The diameters and density of the graphs are 13 and $0.002$, respectively.

**Figure 10.**Attacker’s Equilibrium Strategy vs Degree of the Nodes at $0.05$-MSNE. These are plots on the 402 nodes with the highest ${y}_{i}$. The two graphs on top, (

**a**) and (

**b**), show the corresponding ${y}_{i}$ (y-axis) and its indegree and outdegree in logarithmic (base 10) scale. Similarly, the two graphs at the bottom, (

**c**) and (

**d**), show the corresponding ${x}_{i}$ (y-axis) and its indegree and outdegree in logarithmic (base 10) scale.

**Figure 11.**The Degrees and Strategies of Sites Not Directly Targeted. These are plots on the remaining $26,704$ nodes with zero ${y}_{i}$. The two graphs on top, (

**a**) and (

**b**), show the corresponding ${y}_{i}$ (y-axis) and its indegree and outdegree in logarithmic (base 10) scale. Similarly, the two graphs at the bottom, (

**c**) and (

**d**), show the corresponding ${x}_{i}$ (y-axis) and its indegree and outdegree in logarithmic (base 10) scale.

**Figure 12.**Attack Distribution of $0.001$-MSNE $({\mathbf{x}}^{*},{\mathbf{y}}^{*})$ Using best-response-gradient dynamics (BRGD) on Internet Game. Scatter plots of (y-axis) the component ${y}_{i}{U}_{i}\left({\mathbf{x}}^{*}\right)$ of the (normalized) expected utility that the attacker obtained from attacking site i (

**a**) and each expected utility ${U}_{i}\left({\mathbf{x}}^{*}\right)$ that the attacker would obtain from fully targeting each site i (

**b**) as a function of the probability ${y}_{i}^{*}$ of attacking the corresponding site i (x-axis).

**Figure 13.**Properties of the Hybrid BRGD-Smooth Best-Response Dynamics (SBRD) Heuristic. BRGD vs. hybrid heuristic running time (

**a**); Attacker’s attack (

**b**) and sites’ (

**c**) investment distribution on ϵ-MSNE.

**Figure 14.**Combing BRGD and the Hybrid BRGD-SBRD Heuristic. Internet Games: BRGD Improvement (y-axis represents the ϵ values).Combing BRGD and our heuristic

**Figure 15.**Degrees of the Targeted Site Nodes at ϵ-MSNE. Internet Games: average indegree (

**a**) and average outdegree (

**b**) of the targeted sites over ϵ-MSNE

Model Parameters | Fixed: $\mathit{U}=0.5$ Random: $\mathit{U}\sim \mathbf{Uniform}\left(\right[0,1\left]\right)$ |
---|---|

${\alpha}_{i}$ | $\mathrm{U}/20$ |

${L}_{i}$ | ${10}^{8}+\left({10}^{9}\right)\times \mathrm{U}$ |

${C}_{i}$ | ${10}^{5}+\left({10}^{6}\right)\times \mathrm{U}$ |

${\widehat{p}}_{i}$ | $0.9\times \frac{{\tilde{p}}_{i}}{{\tilde{p}}_{i}+{\sum}_{k\in \mathrm{Ch}\left(i\right)}{\tilde{q}}_{ik}}$ |

${\widehat{q}}_{ij}$ | $0.9\times \frac{{\tilde{q}}_{ij}}{{\tilde{p}}_{i}+{\sum}_{k\in \mathrm{Ch}\left(i\right)}{\tilde{q}}_{ik}}$ |

${z}_{i}$ | $0.2+\mathrm{U}/5$ |

${\tilde{p}}_{i}$ | $0.8+\mathrm{U}/10$ |

${\tilde{q}}_{ij}$ | ${z}_{i}$$\frac{\left|\mathrm{Ch}\right(j\left)\right|+\left|\mathrm{Pa}\right(j\left)\right|}{{\sum}_{k\in \mathrm{Ch}\left(i\right)}\left|\mathrm{Ch}\left(k\right)\right|+\left|\mathrm{Pa}\left(k\right)\right|}$ |

${C}_{i}^{0}$ | ${10}^{6}$ |

λ | Smallest ϵ |
---|---|

0.05 | 0.06 |

0.01 | 0.008 |

0.005 | 0.004 |

0.001 | 0.0009 |

0.0005 | 0.0006 |

0.0001 | 0.0004 |

© 2017 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Chan, H.; Ceyko, M.; Ortiz, L. Interdependent Defense Games with Applications to Internet Security at the Level of Autonomous Systems. *Games* **2017**, *8*, 13.
https://doi.org/10.3390/g8010013

**AMA Style**

Chan H, Ceyko M, Ortiz L. Interdependent Defense Games with Applications to Internet Security at the Level of Autonomous Systems. *Games*. 2017; 8(1):13.
https://doi.org/10.3390/g8010013

**Chicago/Turabian Style**

Chan, Hau, Michael Ceyko, and Luis Ortiz. 2017. "Interdependent Defense Games with Applications to Internet Security at the Level of Autonomous Systems" *Games* 8, no. 1: 13.
https://doi.org/10.3390/g8010013