Individual Security and Network Design with Malicious Nodes

Networks are beneficial to those being connected but can also be used as carriers of contagious hostile attacks. These attacks are often facilitated by exploiting corrupt network users. To protect against the attacks, users can resort to costly defense. The decentralized nature of such protection is known to be inefficient but the inefficiencies can be mitigated by a careful network design. Is network design still effective when not all users can be trusted? We propose a model of network design and defense with byzantine nodes to address this question. We study the optimal defended networks in the case of centralized defense and, for the case of decentralized defense, we show that the inefficiencies due to decentralization can be fully mitigated, despite the presence of the byzantine nodes.


Introduction
Game theoretic models of interdependent security have been used to study security of complex information and physical systems for more than a decade [LFB15]. One of the key findings is that the externalities resulting from security decisions made by selfish agents lead to, potentially significant, inefficiencies. This motivates research on methods for improving information security, such as insurance [BS10] and network design [CDG14,CDG17]. We study the problem of network design for interdependent security in the setup where a strategic adversary collaborates with some nodes in order to disrupt the network.
The motivation. Our main motivation is computer network security in face of contagious attack by a strategic adversary. Examples of contagious attacks are stealth worms and viruses, that gradually spread over the network, infecting subsequent unprotected nodes. Such attacks are considered among the main threats to cyber security [SPW02]. Moreover, the study of the data from actual attacks demonstrates that the attackers spend time and resources to study the networks and choose the best place to attack [SPW02]. Direct and indirect infection can be prevented by taking security measures that are costly and effective (i.e., provide sufficiently high safety to be considered perfect). Examples include using the right equipment (such as dedicated high quality routers), software (antivirus software, firewall), and following safety practices. All of these measures are costly. In particular, having antivirus software is cheap but using it can be considered to be costly, safety practises may require staff training, staying up to date with possible threats, creating backups, updating software, hiring specialized, well-paid staff. The security decisions are made individually by selfish nodes. Each node derives benefits from the nodes it is connected to (directly or indirectly) in the network. An example is the Metcalfe's law (attributed to Robert Metcalfe [SV00], a co-inventor of Ethernet) stating that each node's benefits from the network are equal to the number of nodes it can reach in the network, and the value of a connected network is equal to the square of the number of its nodes. An additional threat faced by the nodes in the network is the existence of malicious nodes whose objectives are aligned with those of the adversary: they aim to disrupt the network [MSW09b,MSW09a].
Contribution. We study the effectiveness of network design for improving system security with malicious (or byzantine) players and strategic adversary. To this end we propose and study a three stage game played by three classes of players: the designer, the adversary, and the nodes. Some of the nodes are malicious and cooperate with the adversary. The identity of the nodes is their private information, known to them and to the adversary only. The designer moves first, choosing the network of links between nodes. Then, costly protection is assigned to the nodes. We consider two methods of protection assignments: the centralized one, where the designer chooses the nodes to receive protection, and the decentralized one, where each node decides individually and independently whether to protect or not. Lastly, the adversary observes the protected network and chooses a single node to infect. The protection is perfect and each nonbyzantine node can be infected only if she is unprotected. The byzantine nodes only pretend to use the protection and can be infected regardless of whether they are protected or not. After the initial node is infected, the infection spreads to all the nodes reachable from the origin of infection via a path containing unprotected or byzantine nodes. We show that if the protection decisions are centralized, so that the designer chooses both the network and the protection assignment, then either choosing a disconnected network with unprotected components of equal size or a generalized star with protected core is optimal. When protection decisions are decentralized, then, for sufficiently large number of nodes, the designer can resort to choosing the generalized star as well. In the case of sufficiently well-behaved returns from the network (including for example Metcalfe's law), the protection chosen by the nodes in equilibrium guarantees outcomes that are asymptotically close to the optimum. Hence, in such cases, the inefficiencies due to defense decentralization can be fully mitigated even in the presence of byzantine nodes.
Related work. There are two, overlapping, strands of literature that our work is related to: the interdependent security games [LFB15] and multidefender security games [SVL14,LV15,LSV17]. Early research on interdependent security games assumed that the players only care about their own survival and that there are no benefits from being connected [KH03,Var04,ACY06,LB08b,LB08a,CCO12,AMO16]. In particular, the authors of [ACY06] study a setting in which the network is fixed beforehand, nodes only care about their own survival, attack is random, protection is perfect, and contagion is perfect: infection spreads between unprotected nodes with probability 1. The focus is on computing Nash equilibria of the game and estimating the inefficiencies caused by defense decentralization. They show that finding one Nash equilibrium is doable in polynomial time, but finding the least or most expensive one is NP-hard. They also point out the high inefficiency of decentralized protection, by showing unboundedness of the price of anarchy. In [LB08b,LB08a] techniques based on local mean field analysis are used to study the problem of incentives and externalities in network security on random networks. In a more recent publication [AMO16], individual investments in protection are considered. The focus is on the strategic structure of the security decisions across individuals and how the network shapes the choices under random versus targeted attacks. The authors show that both underand overinvestment may be present when protection decisions are decentralized. A slightly different, but related, models are considered in [GWA10,GWA11,GMW12,LSB12a,LSB12b]. In these models the defender chooses a spanning tree of a network, while the attacker chooses a link to remove. The defender and the adversary move simultaneously. The attack is successful if the chosen link belongs to the chosen spanning tree. Polynomial time algorithms for computing optimal attack and defense strategies are provided for several variants of this game. For a comprehensive review of interdependent security games see an excellent survey [LFB15].
Multidefender security games are models of security where two or more defenders make security decisions with regard to nodes, connected in a network, and prior to an attack by a strategic adversary. Each of the defenders is responsible for his own subset of nodes and the responsibilities of different defenders are non-overlapping. The underlying network creates interdependencies between the defenders' objectives, which result in externalities, like in the interdependent security games. The distinctive feature of multidefender security models is the adopted solution concept: the average case Stackelberg equilibrium. The model is two stage.
In the first stage the defenders commit to mixed strategies assigning different types of security configurations across the nodes. In the second stage the adversary observes the network and chooses an attack. The research focuses on equilibrium computation and quantification of inefficiencies due to distributed protection decisions.
Papers most related to our work are [MSW09a, CDG14, CDG17, GJK + 16]. The authors of [MSW09b] introduce malicious nodes to the model of [ACY06]. The key finding in that paper is that the presence of malicious nodes creates a "fear factor" that reduces the problem of underprotection due to defense decentralization. Inspired by [MSW09b,MSW09a], we also consider malicious nodes in the context of network defense. We provide a formal model of the game with such nodes as a game with incomplete information. Our contribution, in comparison to [MSW09a], lies in placing the players in a richer setup, where nodes care about their connectivity as well as their survival, and where both underprotection (i.e., insufficiently many nodes protect as compared to an optimum) and overprotection (excessively many nodes protect as compared to an optimum) problems are present. This leads to a much more complicated incentives structure. In particular, the presence of malicious nodes may lead to underprotection, as nodes may be unable to secure sufficient returns from choosing protection on their own.
Works [CDG14,CDG17] consider the problem of network design and defense prior to the attack by a strategic adversary. In a setting where the nodes care about both their connectivity and their survival, the authors study the inefficiencies caused by defense decentralization and how they can be mitigated by network design. The authors show that both underprotection as well as overprotection may appear, depending on the costs of protection and network topology. Both inefficiencies can be mitigated by network design. In particular, the underprotection problem can be fully mitigated by designing a network that creates a cascade of incentives to protect. Our work builds on [CDG14,CDG17] by introducing malicious nodes to the model. We show how the designer can address the problem of uncertainty about the types of nodes and, at the same time, mitigate the inefficiencies due to defense decentralization. Lastly, in [GJK + 16], a model of decentralized network formation and defense prior to the attack by adversaries of different profiles is considered. The authors show, in particular, that despite the decentralized protocol of network formation, the inefficiencies caused by defense decentralization are relatively low.
The rest of the paper is structured as follows. In Section 2 we define the model of the game, which we then analyze in Section 3. In Section 4 we discuss possible modifications of our model. We provide concluding remarks in Section 5. Appendix A contains the proofs of the most technical results.

The model
There are (n+2) players: the designer (D), the nodes (V ), and the adversary (A). In addition, each of the nodes is of one of two types: a genuine node (type 1) or a byzantine node (type 0). We assume that there are at least n = 3 nodes and that there is a fixed amount n B ≥ 1 of byzantine nodes. The byzantine nodes cooperate with the adversary and their identity is known to A. All the nodes know their own type only. On the other hand, the adversary has complete information about the game. We suppose that he infects a subset of n A ≥ 1 nodes. A network over a set of nodes V is a pair G = (V, E), where E ⊆ {ij : i, j ∈ V } is the set of undirected links of G. Given a set of nodes V , G(V ) denotes the set of all networks over V and G = U ⊆V G(U ) is the set of all networks that can be formed over V or any of its subsets. The game proceeds in four rounds (the numbers n ≥ 3, n B ≥ 1, n A ≥ 1 are fixed before the game): (1) The types of the nodes are realized.
(2) D chooses a network G ∈ G(V ), where G(V ) is the set of all undirected networks over V .
(3) Nodes from V observe G and choose, simultaneously and independently, whether to protect (what we denote by 1) or not (denoted by 0). This determines the set of protected nodes ∆. The protection of the byzantine nodes is fake and, when attacked, such node gets infected and transmits the infection to all her neighbors.
(4) A observes the protected network (G, ∆) and chooses a subset I ⊆ V consisting of |I| = n A ≥ 1 nodes to infect. The infection spreads and eliminates all unprotected or byzantine nodes reachable from I in G via a path that does not contain a genuine protected node from ∆. This leads to the residual network obtained from G by removing all the infected nodes.
Payoffs to the players are based on the residual network and costs of defense. The returns from a network are measured by a network value function Φ : U ⊆V G(U ) → R that assigns a numerical value to each network that can be formed over a subset U of nodes from V .
A path in G between nodes i, j ∈ V is a sequence of nodes i 0 , . . . , i m ∈ V such that i = i 0 , j = i m , m ≥ 1, and i k−1 i k ∈ E for all k = 1, . . . , m. Node j is reachable from node i in G if i = j or there is a path between them in G. A component of a network G is a maximal set of nodes C ⊆ V such that for all i, j ∈ C, i = j, i and j are reachable in G. The set of components of G is denoted by C(G). Given a network G and a node i ∈ V , C i (G) denotes the component We consider the following family of network value functions: where the function f : R ≥0 → R is increasing, strictly convex, satisfies f (0) = 0, and, for all x ≥ 1, verifies the inequalities In other words, the value of a connected network is an increasing and strictly convex function of its size. The value of a disconnected network is equal to the sum of values of its components. These assumptions reflect the idea that each node derives additional utility from every node she can reach in the network. In the last property we assume that these returns are sufficiently large: the returns from increasing the size of a component by 50% are higher than the returns from adding an additional, separate, component of the same size to the network. Such form of network value function is in line with Metcalfe's law, where the value of a connected network over x nodes is given by f (x) = x 2 , as well as with Reed's law, where the value of a connected network is of exponential order with respect to the number of nodes (e.g., f (x) = 2 x − 1). Before defining payoff to a node from a given network, defense, and attack, we formally define the residual network. Given a network G = (V, E) and a set of nodes Z ⊆ V , let G − Z denote the network obtained from G by removing the nodes from Z and their connections from G. Thus Given defense ∆ and the set of byzantine nodes B, the graph A(G | ∆, B) = G−∆\B is called the attack graph. By infecting a node i ∈ V , the adversary eliminates the component of i in the attack graph, C i (A(G | ∆, B)). 1 Hence, if the adversary infects a subset I ⊆ V of nodes, then the residual network (i.e., the network that remains) after such an attack is Nodes' information about whether they are genuine or byzantine is private. Similarly, the adversary's information about the identity of the byzantine nodes is private. As usual in games with incomplete information, private information of the players is represented by their types. The type of a node i ∈ V is represented by θ i ∈ {0, 1} (θ i = 1 means that i is genuine and θ i = 0 means that i is byzantine) and the type of the adversary is represented by θ A ∈ V n B . (If X is a finite set, then we denote by X t the set of subsets of X of cardinality t.) A vector θ = (θ 1 , . . . , θ n , θ A ) of players' types is called a type profile. The type profiles must be consistent so that the byzantine nodes are really known to the adversary. The set of consistent type profiles is Θ = {(θ 1 , . . . , θ n , θ A ) : Remark 1. We point out that B ⊆ V is the set of byzantine nodes (i.e., the true state of the world) while θ A denotes the beliefs of the adversary. The consistency assumption implies that the beliefs of the adversary are correct and θ A = B.
The adversary aims to minimize the gross welfare (i.e., the sum of nodes' gross payoffs), which is equal to the value of the residual network. Given a network G, the set of protected nodes ∆, and the type profile θ ∈ Θ, the payoff to the adversary from infecting the set of nodes I is The designer aims to maximize the value of the residual network minus the cost of defense. Notice that this cost includes the cost of defense of the byzantine nodes. Formally, the designer's payoff from network G under defense ∆, the set of infected nodes I, and the type profile θ is equal to The gross payoff to a genuine (i.e., not a byzantine) node j ∈ V in a network G is equal to f (|C j (G)|)/|C j (G)|. In other words, each genuine node gets the equal share of the value of her component. The net payoff of a node is equal to the gross payoff minus the cost of protection. A genuine node gets payoff 0 when removed. Defense has cost c ∈ R >0 . The byzantine nodes have the same objectives as the adversary and their payoff is the same as that of A. Formally, a payoff to the node j ∈ V given a network G with defended nodes ∆, the set of infected nodes I, and the type profile θ ∈ Θ is equal to The adversary and the byzantine nodes make choices that maximize their utility. The designer and the nodes have incomplete information about the game and we assume that they are pessimistic, making choices that maximize the worst possible type realization (cf. [AB06]). Formally, the pessimistic utility of a genuine (i.e., of type θ j = 1) node j from network G, the set of protected nodes ∆, and the set of infected nodes I, iŝ Similarly, the pessimistic utility of the designer from network G, the set of protected nodes ∆, and the set of infected nodes I, iŝ To summarize, the set of players is P = V ∪ {D, A}. The set of strategies of player D is S D = G(V ). A strategy of each node j is a function δ j : G(V ) × {0, 1} → {0, 1} that, given a network G ∈ G(V ) and a node's type θ j ∈ {0, 1}, provides the defense decision δ j (G, θ j ) of the node. The individual strategies of the nodes determine a function ∆ : network G ∈ G(V ), the set of protected nodes ∆ ⊆ V , and adversary's type θ A ∈ V n B , provides the set of nodes to infect Abusing the notation slightly, we use the same notation for utilities of the players from the strategy profiles in the game. Thus, given a strategy profile (G, ∆, x) and a type profile θ, the payoff to player and the pessimistic payoff to the designer is given by By convention, we say that the pessimistic payoff of the byzantine node is the same as her payoff. We are interested in subgame perfect mixed strategy equilibria of the game with the preferences of the players defined by the pessimistic payoffs. We call them the equilibria, for short. We make the usual assumption that when evaluating a mixed strategy profile, the players consider an expected value of their payoffs from the pure strategies. In the case of the designer and the genuine nodes, these are expected pessimistic payoffs.
Throughout the paper we will also refer to the subgames ensuing after a network G is chosen. We will denote such subgames by Γ (G) and call the network subgames. We will abuse the notation by using the same letters to denote the strategies in Γ (G) and in Γ . The set of All the key notations are summarized in Table 1. 2.1. Remarks on the model. We make a number of assumptions that, although common for interdependent security games, are worth commenting on. Firstly, we assume that protection is perfect. This assumption is reasonable when available means of protection are considered sufficiently reliable and, in particular, deter the adversary towards the unprotected nodes. Arguably, this is the case for the protection means used in cybersecurity. Secondly, we assume that the designer and genuine nodes are pessimistic and maximize their worst-case payoff. Such an approach is common in computer science and is in line with trying to provide the worst-case guarantees on system performance. One can also take the probabilistic approach (by supposing that the distribution of the byzantine nodes is given by a random variable). In Section 4 we discuss how our results carry over to such model.

The analysis
We start the analysis by characterizing the centralized defense model, where the designer chooses both the network and the defense assignment to the nodes. After that the adversary observes the protected network and nodes' types and chooses the nodes to infect. We focus on the first nontrivial case n B = n A = 1. In this case, we are able to characterize networks that are optimal to the designer. The topology of these networks is based on the generalized k-stars. We then turn to the decentralized defense and study the cost of decentralization. It turns out that the topology of k-star gives asymptotically low cost of decentralization not only for the simple case studied earlier but for all possible values of parameters n B and n A . This is enough to prove our main result, Theorem 9, providing bounds on the price of anarchy.
3.1. Centralized defense. Fix the parameters n B , n A and suppose that the designer chooses both the network and the protection assignment. This leads to a two stage game where, in the first round, the designer chooses a protected network (G, ∆) and in the second round the adversary observes the protected network and nodes' types (recognizing the byzantine nodes) and chooses the nodes to attack. Payoffs to the designer and to the adversary are as described in Section 2 and we are interested in subgame perfect mixed strategy equilibria of the game with pessimistic preferences of the designer. We call them equilibria, for short. Notice that, since the decisions are made sequentially, there is always a pure strategy equilibrium of this game. In this section, we focus only on such equilibria. Furthermore, the equilibrium payoff to the designer is the same for all equilibria. We denote this payoff byÛ D (n, c).
In the rest of this subsection we focus on the case n B = n A = 1. In this case, when the protection is chosen by the designer, two types of protected networks can be chosen in an equilibrium (depending on the value function and the cost of defense): a disconnected network with no defense or a generalized star with protected core and, possibly, one or two unprotected components. Before stating the result characterizing equilibrium defended networks and equilibrium payoffs to the designer, we need to define the key concept of a generalized star and some auxiliary quantities. We start with the definition of a generalized star. If G = (V, E) is a network and V ⊆ V is a subset of nodes, then we denote by G[V ] the subnetwork of G induced by V , i.e., the network G[V ] = (V , {ij ∈ E : i, j ∈ V }).
Definition 2 (Generalized k-star). Given a set of nodes V and k ≥ 1, a generalized k-star over V is a network G = (V, E) such that the set of nodes V can be partitioned into two sets, C (the core) of size |C| = k and P (the periphery), in such a way that G[C] is a clique, every node in P is connected to exactly one node in C, and every node in C is connected to n/k − 1 or n/k − 1 nodes in P .
Roughly speaking, a generalized k-star is a core-periphery network with the core consisting of k nodes and the periphery consisting of the remaining n − k nodes. The core is a clique, each periphery node is connected to exactly one core node and they are distributed evenly across the core nodes. An example of a generalized star is depicted in Fig. 1. Now we turn to defining some auxiliary quantities. For any n ≥ 3 such that n mod 6 = 3 we define w 0 (n) = w 1 (n) = f n 2 + f (1)1 {n mod 2=1} , and for every n such that n mod 6 = 3 we define (4) w 0 (n) = w 1 (n) = max 2f n 3 , f n − 1 2 + f (1) . Given n nodes, w 0 (n) is the maximal network value the designer can secure against a strategic adversary by choosing an unprotected network composed of three components of equal size or two components of equal size and possibly one disconnected node. This is also the maximal network value the designer can secure by choosing such a network with one protected node, because, in the worst case scenario, the protected node is byzantine and may be infected. For every k ∈ {3, . . . , n}, let otherwise .
Given n nodes and k ≥ 3, w k (n) is the network value that the designer can secure by choosing a generalized k-star, with one node disconnected in the case of k dividing n − 1, having all core nodes protected and all periphery nodes unprotected. We also define the following quantities: Given n nodes, w 2 (n) is the network value that the designer can secure by choosing a network composed of a generalized 2-star with a protected core and unprotected periphery, an unprotected component (of size q ∈ {0, . . . , n − 2}), and possibly one node disconnected from both of these components.
We point out that K * (n, c) never contains 1 (because c > 0). We are now ready to state the result characterizing equilibrium defended network and pessimistic equilibrium payoffs to the designer.
Proposition 3. Let n B = n A = 1, n ≥ 3, c > 0, and k ∈ K * (n, c). Then, the pessimistic equilibrium payoff to the designer is equal toÛ D (n, c) = w k − kc. Moreover, there exists an equilibrium network (G, ∆) that has |∆| = k protected nodes and the following structure: i) G has at most three connected components. ii) If k ≥ 3 and n mod k = 1, then G is a generalized k-star with protected core and unprotected periphery. iii) If k ≥ 3 and n mod k = 1, then G is composed of a generalized k-star of size (n − 1) with protected core and unprotected periphery and a single unprotected node. iv) If k = 0 and n mod 6 = 3, then G has two connected components of size n/2 and, if n mod 2 = 1, a single unprotected node. v) If k = 0 and n mod 6 = 3, then G either has the structure described in Item iv or G is composed of three components of size n/3, depending on the term achieving maximum in (4). vi) If k = 2, then G is composed of a generalized 2-star with protected core and unprotected periphery, an unprotected component of size q ∈ {0, . . . , n − 2} and, possibly, a single unprotected node. The size q is the number achieving maximum in (6). The existence of a single unprotected node depends on the term achieving maximum in (5).
The intuitions behind this result are as follows. When the cost of defense is high, then the designer is better off by not using any defense and partitioning the network into several components. Since the strategic adversary will always eliminate a maximal such component, the designer has to make sure that all the components are equally large. Due to the divisibility problems, one component may be of lower size. Thanks to our assumptions on the component value function f , the number of such components is at most three. Moreover, if there are exactly three components, then they are of equal size or the smallest one has size 1.
When the cost of defense is sufficiently low, then it is profitable for the designer to protect some nodes. If the number of protected nodes is not smaller than 3, then, by choosing a generalized k-star with fully protected core (of optimal size k ≥ 3 depending on the cost) and unprotected periphery, the designer knows that the strategic adversary is going to attack either the byzantine node (if she is among the core nodes) or any unprotected node (otherwise). An attack on the byzantine core node destroys that node and all periphery nodes attached to her. Thus, in the worst case, a core node with the largest number of periphery nodes connected to her is byzantine. By distributing the core nodes evenly, the designer minimizes the impact of this worst case scenario. Due to the divisibility problems, it may happen that some of the core nodes are connected to a higher number of periphery nodes. If this is the case for one core node only, then it is better for the designer to disconnect this one node from the generalized star. By doing so, the designer spares this node from destruction.
The case when there are exactly 2 protected nodes is special. Indeed, in this case, choosing a generalized 2-star with protected core is not better than using no protection at all. This is because, in the worst case, the byzantine node is among the two protected ones. Therefore, it would be better for the designer to split the network into two unprotected components -this would result in the same network value after the attack without the need to pay the cost of protection. On the other hand, if the network consists of a generalized 2-star with protected core and an unprotected component, then the argument above ceases to be valid: even if the byzantine node is among the protected ones, splitting them may give the adversary an incentive to destroy the unprotected component. Therefore, a protection of 2 nodes may be used as a resource that ensures that one component survives the attack.
It is interesting to compare this result to an analogous result obtained in [CDG14, CDG17] for a model without byzantine nodes. There, depending on the cost of protection, three equilibrium protected networks are possible: an unprotected disconnected network (like in the case with a byzantine node), a centrally protected star, and a fully protected connected network. The existence of a byzantine node leads to a range of core-protected networks between the centrally protected star and the fully protected clique (which is a generalized n-star). Notice that pessimistic attitude towards incomplete information results in the star network never being optimal: if only one node is protected, then, in the worst case, the designer expects this node to be byzantine, which leads to loosing all nodes after the attack by the adversary. Therefore, at least two nodes must be protected if protection is used in an equilibrium. The proof of Proposition 3 is given in Appendix A.
Example 4. Table 2 presents how the optimal network changes for different cost values when f (x) = x 2 and n ∈ {12, 30, 50}. For these values of n, it is never optimal to have one node that is disconnected from the rest of the network. Moreover, as we can see, for a given number n of nodes, not all possible generalized k-stars arise as optima. It is interesting to note that 3-stars have never appeared in our experiments as optimal networks for the value function f (x) = x 2 . Similarly, we have not found an example where it is optimal to defend exactly 2 nodes. The case where there is no defense but the network is split into 3 equal parts arises when n = 9 and the cost is high enough (i.e., c > 6.2), as already established in [CDG14].
Remark 5. In this section, we have characterized the optimal networks for the case n B = n A = 1. Nevertheless, we have not found a network that has a substantially different structure than the ones described here and performs better for general values of n B and n A . We therefore suspect that the characterization for the general case is similar to the case n B = n A = 1.
3.2. Decentralized defense. Now we turn attention to the variant of the model where defense decisions are decentralized. Our goal is to characterize the inefficiencies caused by decentralized protection decisions for general values of n B and n A . To this end, we need to compare equilibrium payoffs to the designer under centralized and decentralized defense. We start by establishing two results about the existence of equilibria in the decentralized defense game.
Firstly, since the game is finite, we get equilibrium existence by Nash theorem. Notice that our use of the pessimistic aggregation of the incomplete information about types of nodes determines a game where the utilities of the nodes and the designer are defined by the corresponding pessimistic utilities. This game is finite and, by Nash theorem, it has a Nash equilibrium in mixed strategies. This leads to the following existence result. Proposition 6. There exists an equilibrium of Γ.
Proof. It can be shown that a stronger statement holds. More precisely, one can prove that for any n, c there exists an equilibrium e such that the strategies of the nodes do not depend on their types. Let us sketch the proof. We consider a modified model in which the nodes do not know their types (i.e., every node thinks that she is genuine, but some of them are byzantine). In this model, the (mixed) strategies of nodes are functionsδ j : G(V ) → Σ({0, 1}), 2 and every node receives a pessimistic utility of a genuine node, as defined in (2). The strategies and payoffs to the adversary and the designer are as in the original model. Let x : denote any optimal strategy of the adversary (i.e., a function that, given a defended network and the position of the byzantine nodes B, returns a subset of nodes that is optimal to infect in this situation). If we fix x, then the game turns into a two stage game (the designer makes his action first and then the nodes make their actions) with complete information. Therefore, this game has a subgame perfect equilibrium in mixed strategies. This equilibrium, together with x, forms an equilibrium e in the original model, because, in the original model, a byzantine node cannot improve her payoff by a unilateral deviation.
Fix the parameters n B , n A and let E(n, c) denote the set of all equilibria of Γ with n nodes and the cost of protection c > 0. LetÛ D (n, c) denote the best payoff the designer can obtain in the centralized defense game (as discussed in Section 3.1). The price of anarchy is the fraction of this payoff over the minimal payoff to the designer that can be attained in equilibrium of Γ (for the given cost of protection c), Although pure strategy equilibria may not exist for some networks, they always exist on generalized stars. Moreover, when these stars are large enough, by choosing such a star, the designer can ensure that all genuine core nodes are protected. This is enough to characterize the price of anarchy as n goes to infinity (with a fixed cost c). The next proposition characterizes equilibria on generalized stars.
Proposition 7. Let e ∈ E be any equilibrium of Γ . Let G = (V, E) be a generalized k-star. Denote |V | = n, x = n k −n A +1, and y = n−n B n k . Furthermore, suppose that n ≥ k ≥ n B +1 and x ≥ 2. If the cost value c belongs to one of the intervals (0, f (1)), (f (1), f (x) x ), ( f (y) y , +∞), then the following statements about e restricted to Γ (G) hold: • all genuine nodes use pure strategies • if c < f (1), then all genuine nodes are protected x , then all genuine core nodes are protected and all genuine periphery nodes are not protected • if f (y) y < c, then all genuine nodes are not protected. The proof of Proposition 7 requires an auxiliary lemma.
Lemma 8. Let e ∈ E be any equilibrium of Γ and x : denote the (possibly mixed) strategy of the adversary in this equilibrium. Let (G, ∆) be a network such that G is a generalized k-star. Furthermore, suppose that n k ≥ 2, n ≥ 3, and that the set of byzantine nodes B contains a core node. Then, x(G, ∆, θ A ) infects this node with probability one.
Proof. Since e is an equilibrium and the adversary has complete information about the network before making his decision, his strategy x(G, ∆, θ A ) is a probability distribution over the set of subsets of nodes that are optimal to attack. Let b ∈ B denote any byzantine node that is also a core node. We will show that any optimal attack infects b.
To do so, fix any set of attacked nodes I ∈ V n A and suppose that attacking I does not infect b. Given the structure of generalized k-star, we see that I consists of genuine protected nodes and periphery nodes that are connected to genuine protected core nodes. To finish the proof, fix any node j ∈ I and observe it is strictly better for the adversary to attack the set I ∪ {b} \ {j}. Indeed, if j is a genuine protected node, then attacking it does nothing, while attacking b destroys at least one more node. Moreover, if j is a periphery node connected to a genuine core protected node, then attacking b not only destroys one node but also disconnects the network (b is connected to at least one periphery node because n k − 1 ≥ 1). We are now ready to present the proof of Proposition 7.
Proof of Proposition 7. Let x : G(V )×2 V × V n B → Σ( V n A ) denote the strategy of the adversary in e and let ∆ be any choice of protected nodes on G, ∆ ⊆ V . Let j ∈ V be a genuine node.
First, suppose that j / ∈ ∆. We will show that the pessimistic payoff of j is equal to 0. On the one hand, this payoff is nonnegative for every possible choice of the infected node. On the other hand, we can bound it from above by supposing that there exists a byzantine node b ∈ B that is a core node and a neighbor of j. Then, Lemma 8 shows that x infects b, and the pessimistic payoff of j is not greater than 0.
Second, suppose that j ∈ ∆. Then, we have two possibilities. If j is a periphery node, then the same argument as above shows that the pessimistic payoff of j is equal to f (1) − c. If j is a core node, then her payoff is bounded from below by f (x) x − c (where x = n k − n A + 1) for every possible choice of the set of infected nodes. Moreover, by supposing that every byzantine node is a core node, we see that the pessimistic payoff of j is bounded from above by f (y) y − c (where y = n − n B n k ). Since the estimates presented above are valid for any choice of ∆, we get the desired characterization of equilibria.
Our main result estimates the price of anarchy using Proposition 7. Proof. Since f is strictly convex, for any 0 < x < y < z we have (cf. [HUL93, Sect. I.1.1]) As a result, the function g t (x) = (f (x + t) − f (t))/x is strictly increasing for all t > 0 (to see that, let 0 < x < y and use the left inequality from (7) on the tuple (t, x + t, y + t)). Since f is convex and increasing, it is also continuous on [0, +∞) (cf. [HUL93, Sect. I.3.1]). By fixing x and taking t → 0 we get that the function x → f (x) x is nondecreasing. Suppose that lim x→+∞ f (x) x = η < +∞. Then, by the assumption that f (3x) ≥ 2f (2x) for all x ≥ 1, we have Hence η ≤ 0 and f (x) = 0 for all x ≥ 0, which contradicts the assumption that f is strictly convex.
We also need the fact that f is superadditive.
Proof. From the strict convexity of f we have f (x) = f ( x x+y (x + y) + y x+y · 0) < x x+y f (x + y). Analogously, f (y) < y x+y f (x + y). Hence f (x + y) > f (x) + f (y). We now give the proof of Theorem 9.
Proof of Theorem 9. The function f is superadditive by Lemma 11. As a result, the pessimistic payoff to the designer can be trivially bounded byÛ D (n, c) ≤ f (n). We now want to give a lower bound for the quantity min e∈E(n,c) EÛ D (e). By Lemma 10 we have lim x→+∞ x > c for all x ≥ N − n A + 1. For any n ≥ (n B + 1)(N + 1) we define k = n N +1 ≥ n B + 1. Observe that if we denote x = n k − n A + 1, then we have x ≥ n k − n A ≥ N − n A + 1. Hence, if the designer chooses a generalized k-star, then Proposition 7 shows that all genuine core nodes are protected in any equilibrium. In particular, we have min e∈E(n,c) EÛ D (e) ≥ f (n − n B n k − n A + 1) − nc. Moreover, we can estimate Hence, using Lemma 10, we get Remark 12. Notice that the condition of Theorem 9 is verified for f (x) = x a with a ≥ 2. Hence, in the case of such functions f , the price of anarchy is 1, so the inefficiencies due to decentralization are fully mitigated by the network design. This is true, in particular, for Metcalfe's law.

Extensions of the model
In the previous section, we have shown that the topology of generalized k-star mitigates the costs of decentralization in our model. Nevertheless, our approach can be used to show similar results in a number of modified models. For instance, one could consider a probabilistic model, in which n B byzantine nodes are randomly picked from the set of nodes V (and the distribution of this random variable is known to all players). Then, the designer and nodes optimize their expected utilities, not the pessimistic ones (where the expectation is taken over the possible positions of the byzantine nodes). In this case, we still can give a partial characterization of Nash equilibria on generalized k-stars. More precisely, one can show that if the assumptions of Proposition 7 are fulfilled and f (1) < c < f (x) x , then all genuine core nodes are protected. This is exactly what we need in the proof of Theorem 9. Therefore, the price of anarchy in the probabilistic model also converges to 1 as the size of the network increases.

Conclusions
We studied a model of network defense and design in the presence of an intelligent adversary and byzantines nodes that cooperate with the adversary. We characterized optimal defended networks in the case where defense decisions are centralized, assuming that the number of byzantine nodes and the number of attacked nodes are equal to one. We have also shown that, in the case of sufficiently well-behaved functions f (including f in line with Metcalfe's law), careful network design allows to fully mitigate the inefficiencies due to decentralized protection decisions, despite the presence of the byzantine nodes. In terms of network design, we showed that a generalized star is a topology that can be used to achieve this goal. This topology creates incentives for protection by two means. Firstly, it is sufficiently redundant, so that the protected nodes are connected to several other protected nodes. This secures adequate network value even if some of these nodes are malicious. Secondly, it gives sufficient exposure to the nodes, encouraging the nodes that would benefit from protection to choose to protect through fear of being infected (either directly or indirectly). These results could be valuable, in particular, to policy-makers and regulators, showing that such regulations can have strong effect and providing hints for which network structures are better and why.
An interesting avenue for future research is to consider a setup where not only the identities but also the number of byzantine nodes are unknown. How would the optimal networks look like if the protection decisions are centralized? Can we still mitigate the inefficiencies caused by decentralization? Another interesting problem are the optimal networks under centralized protection when the number of byzantine nodes or the budget of the adversary are greater than 1. Based on our experiments, we suspect that the topology of these networks is very similar to the case considered here. Nevertheless, a formal result remains elusive. In this section we prove the characterization of equilibira given in Proposition 3. We start with some auxiliary lemmas.
Lemma 13. For every t > 0, the functionĝ t : Proof. Let 0 < x < y. First use the left inequality from (7) on the tuple (x, x + t, y + t) and then use the right inequality on the tuple (x, y, y + t).
Proof. Both claims follow from Lemma 13 applied toĝ y and (1).
Lemma 15. Suppose that (G, ∆) is an equilibrium network and that |∆| = k ≥ 2. Then, there is a network (G , ∆ ) such that (G , ∆ ) is also an equilibrium network, |∆ | = k, all nodes from ∆ belong to the same connected component, this component is a generalized k-star, and ∆ is the core of this star. Furthermore, the component of G that contains ∆ is strictly larger than other components of G.
Proof. We will show how to transform (G, ∆) into (G , ∆ ) without diminishing the pessimistic payoff to the designer. First, if two nodes i, j ∈ ∆ are protected, then we add an edge between them. This does not decrease the designer's payoff, because there is only one byzantine node; hence, any attack infects at most one of the nodes i, j and the residual network after the attack is not smaller that before the addition of the edge. Therefore, we can suppose that the subnetwork G[∆] is a clique. We focus on the connected component C of G that contains this clique. We will show that the remaining nodes of C can be distributed in such a way that they form a periphery of a generalized k-star.
Let G = (V, E). For any i ∈ V , let V i ⊆ V denote the set of nodes that get infected if i is byzantine and gets infected. In other words, V i contains i and all unprotected nodes j ∈ V \ ∆ such that there is a path from i to j that passes only through unprotected nodes. We refer to Fig. 2 for an example. Observe that any optimal attack of the adversary that infects a node from G infects in fact a set of nodes V j . Indeed, if this attack infects the byzantine node θ A , then the set of infected nodes is equal to V θ A . If, instead, this attack infects an unprotected genuine node i, then the set of infected nodes is equal to V i . We do the following operation. We fix i ∈ ∆, we take all unprotected nodes that belong to V i , we delete all of their outgoing edges and, for every such node j, add the edge ij. An example of this operation is depicted in Fig. 2. We will show that this operation does not decrease the pessimistic payoff to the designer. Denote the new network byG = (V,Ẽ), and the corresponding sets byṼ for ∈ V . By the discussion in the preceding paragraph, it is enough to prove that for every ∈ V , the connected components of the network G − V do not get smaller after our operation. Suppose that j 0 j 1 ∈ E is an edge in G − V for some ∈ V . We will prove that the node j 1 is still reachable from j 0 in the networkG −Ṽ . First, we need to prove that j 0 , j 1 do not belongṼ . Indeed, if = i, then the claim is obvious becauseṼ i = V i . Otherwise, a path from to j p (for p ∈ {0, 1}) that goes through unprotected nodes inG cannot contain a node fromṼ i , because unprotected nodes inṼ i have degree 1 and are connected to a protected node i. Thus, any such path does not contain a node from V i , and hence it is also a path in G. Therefore j 0 , j 1 / ∈Ṽ . We can now prove that j 1 is reachable from j 0 inG −Ṽ . If j 0 , j 1 / ∈ V i , then j 0 j 1 is an edge inẼ and the claim is true. Otherwise, we have two possibilities. If both nodes j 0 , j 1 belong to V i , then j 0 ij 1 is a path inG. If only one of them belongs to V i , then the second one must belong to ∆, and hence j 0 ij 1 is still a path inG (because protected nodes form a clique inG). Moreover, the node i does not belong to V because = i. Therefore, the path j 0 ij 1 belongs toG −Ṽ . We can repeat this reasoning for every edge in G − V . As a consequence, if two nodes j, j ∈ V are connected by a path in G − V , then they are still connected by a path inG−Ṽ . Therefore, our operation does not decrease the pessimistic payoff of the designer.
We can repeat the operation presented above for every protected node i ∈ ∆. As a result, we get a network (G, ∆) such G[∆] is a clique and every unprotected node that belongs to the component C containing this clique has degree 1. It remains to prove that these nodes can be distributed evenly among the core protected nodes. Suppose that there are two protected nodes i, j ∈ ∆ such that |V i | ≥ |V j | + 2 (where the sets V are defined as previously). We take an unprotected node ∈ V i , delete the edge i and add the edge j . This operation does not decrease the pessimistic payoff to the designer. Indeed, if the adversary infects a node in a component different than C, then the payoff to the designer does not change. Otherwise, the pessimistic utility to the designer is achieved when the adversary infects a byzantine node i * ∈ ∆ such that the set V i * has maximal cardinality. Hence, this payoff does not decrease after our operation.
Finally, if the component of G that contains ∆ is smaller than or equal to a component that does not contain any protected node, then it is more profitable to the adversary to infect this unprotected component. Hence, the designer can strictly improve his payoff by not using any protection at all, ∆ = ∅, which gives a contradiction with our assumptions. C 3 , which gives a contradiction. Hence, we have s 2 = 0 or s 2 = 1 and m = 2. It is easy to see that the first case is more profitable to the designer if n mod k = 1 while the second case is more profitable if n mod k = 1.
The proofs for the cases k = 0 and k = 2 are less involved than the one above, so we just sketch them. For k = 0, the pessimistic payoff to the designer is equal to P = f (s 2 )+. . .+f (s m ). We do the following transformations on the network: if s i = 2l for some i ≥ 3 and l ≥ 1, then we spread half of C i into C 1 and the other half into C 2 . By Corollary 14 we have f (s 2 + l) ≥ f (s 2 ) + f (s i ), and hence this change is profitable to the designer. If s i is odd for all i ≥ 3 and we have m ≥ 4, then we take all the nodes belonging to the union of C 3 and C 4 and spread half of them into C 1 and the other half into C 2 . This improves the designer's payoff by the inequality f ((s 2 + 1 2 s 3 )+ 1 2 s 4 ) ≥ f (s 2 + 1 2 s 3 )+f (s 4 ) ≥ f (s 2 )+f (s 3 )+f (s 4 ). Finally, if m = 3 and s 3 = 2l+1 is odd, greater than 1, and strictly smaller than s 2 , then we spread l nodes from C 3 to C 1 and l+1 nodes to C 2 . By Corollary 14 we have min{f (s 1 +l), f (s 2 +l+1)} ≥ f (s 2 +l) ≥ f (s 2 )+f (s 3 ) and this change is profitable to the designer.
We do the following transformation on the network: if s 3 = 2l, then we spread half of its nodes to C 2 and the other half to C 1 (so that C 1 becomes a generalized 2-star with s 1 + l nodes). By Corollary 14 we have f (s 1 + l) ≥ f (s 1 ) + f (s 3 ) and f (s 2 + l) ≥ f (s 2 ) + f (s 3 ). Moreover, we have (11) Therefore, this change is profitable to the designer. If s 3 = 2l + 1 is odd and greater that 1, then we do the following transformation: we spread l nodes to C 1 (so that C 1 becomes a generalized 2-star with s 1 + l nodes) and l + 1 nodes to C 2 . Equation (11) still holds. Moreover, since s 1 > s 2 ≥ s 3 , Corollary 14 shows that f (s 2 + l + 1) ≥ f (s 2 + 1) + f (s 3 ) ≥ f (s 2 ) + f (s 3 ) and f (s 1 + l) ≥ f (s 1 ) + f (s 3 ). As before, this change is profitable to the designer. Finally, if s 3 = 1 and m ≥ 4, then we have two cases. If s 1 ≥ 3 then, by the same reasoning as in the case k = 3, merging C 3 and C 4 is profitable to the designer. Otherwise, we have s 1 = 2, s 2 = 1 and s i = 1 for all i ≥ 3. In this case, we have f (s 1 ) = f (2) > 2f (1) = f (s 1 − 1) + f (1). Therefore, the optimal attack of the adversary attacks the protected node. It is thus profitable to the designer to split the nodes forming C 1 and do not use the protection.
To finish the proof, we observe that the quantities w k (n) correspond to the pessimistic payoffs of the designer achieved from choosing an equilibrium network with k protected nodes and the topology described in the claim.