The Design of a Layered Security System Using Imperfect Sensors and Response Units

Abstract

This paper addresses the optimal design of a multi-layer security system for protecting borders or sensitive areas against intruders who may deploy decoys. The system comprises successive layers of imperfect sensors and a limited number of mobile response units. Intruders that evade detection or neutralization in one layer proceed to the next. Our objective is to minimize the overall probability of a threat escaping the entire system. We formulate a nonlinear integer programming model within a queuing-theoretic framework to jointly determine the optimal number of security layers and the allocation of sensors and response units across them. A simulated annealing heuristic is proposed to solve this complex optimization problem. Furthermore, we extend the model to analyze the impact of decoys—objects that trigger intentional false alarms—which strategically drain system resources and increase the evasion risk for genuine threats. Numerical experiments demonstrate that the optimized multi-layer configuration significantly reduces the final escape probability compared to a single-layer baseline, validating the efficacy of the proposed framework for enhancing security in resource-constrained environments.

1. Introduction

The effective dispatch of response units is a critical operational challenge in public-sector security and emergency management. Unlike ambulances responding to medical emergencies, security forces must respond to sensor alarms in a timely and efficient manner. A significant body of research in this area treats the processing of these requests as a static problem. However, in practical security scenarios, particularly in border protection, the effectiveness of a response is highly dynamic. It depends on the time of initiation of the service and the spatial distribution of incidents, often in vast geographical areas. The core objectives are to minimize the average response time to validated alarms while maximizing the number of threats that are successfully neutralized, especially given that threats can degrade or escape if not addressed promptly.

Queueing theory provides a natural framework for modeling such dispatch systems. The hypercube queueing model, in particular, is well established for calculating steady-state performance metrics by accounting for the spatial distribution of servers and demands. Although extensive research has extended this model to incorporate complex policies and priority disciplines, a notable gap remains in the integrated design of the detection and response layers themselves.

The existing literature often takes the configuration of the sensor network as a given, focusing solely on optimizing the response strategy. This overlooks a critical interdependence: imperfect sensors generate false alarms and miss real threats, while a limited number of response units can become busy, leaving detected threats unneutralized. This interplay is exacerbated by adversarial tactics such as the use of decoys, objects designed to trigger intentional true alarms, which consume the scarce time and attention of both sensors and response units. Consequently, the probability that a real threat evades capture increases. Current models lack a holistic framework that captures this resource-draining effect within a multilayered queue-based security architecture.

To bridge these gaps, this paper makes several key contributions: First, we propose an integrated nonlinear integer programming model within a queuing-theoretic framework to jointly optimize the number of security layers and the allocation of imperfect sensors and mobile response units, minimizing the overall probability of escape of the threat. Second, we derive the structural properties of the optimal solution, showing that a maximum number of layers with balanced resource allocation is optimal. Third, we extend the model to incorporate decoys, which intentionally drain resources by causing false alarms and introducing service heterogeneity, and we develop a state-dependent queuing model to analyze their impact. Fourth, we design a simulated annealing heuristic to solve the problem efficiently and demonstrate through numerical experiments that the optimized multilayer system significantly outperforms a single-layer baseline.

The remainder of this paper is organized as follows. Section 2 reviews the relevant literature on security system design and resource allocation. Section 3 details the mathematical modeling framework, including the spatial framework, resource allocation mechanism, and extension to incorporate decoys with heterogeneous service requirements. Section 4 presents the structural properties of the layered security system, including monotonicity analysis and optimal architecture theorems. Section 5 describes the simulated annealing solution algorithm and its implementation details. Section 6 provides comprehensive numerical experiments, including model validation, algorithm comparison, and sensitivity analysis. Finally, Section 7 discusses limitations and future research directions.

2. Literature Review

The design of effective security systems must take into account the dual challenges of imperfect detection and resource constraints. Our work is at the intersection of two streams of research: (1) the strategic use of decoys to trigger false alarms and drain system resources and (2) the modeling and dispatch of mobile response units. This section reviews the relevant literature in these areas and identifies the gap that our study aims to fill.

2.1. Strategic Use of Decoys and False Alarms

The tactical deployment of decoys is a recognized method for degrading the performance of a security system by exploiting its inherent limitations. Peng et al. [1] pioneered a model that focuses on protecting a single target by deploying decoys characterized by their cost and detection probability. Their objective was to determine the optimal number and type of decoys to distract response units, thereby minimizing the probability that the real target would be detected. Using reliability theory, they found that flexibility in decoy type is most beneficial when the defender and attacker have comparable resources, especially under uncertain attack intensity. Furthermore, they showed that the optimal number of decoys decreases as their unit cost or individual detection probability increases.

Extending this concept to system architectures, Levitin and Hausken [2] investigated resource allocation between genuine targets and false targets (decoys) in series and parallel systems. In their model, an attacker cannot distinguish between real and false targets and attacks a random subset. The system fails under different conditions: A series system fails if any genuine element is destroyed, while a parallel system fails only if all genuine elements are destroyed. This work highlights the strategic trade-offs in distributing limited defensive resources between protection and deception.

Beyond static resource allocation, Baykal-Guersoy et al. [3] introduced a game-theoretic perspective on infrastructure security. They modeled the interaction between an adversary and a first responder within a transportation network (e.g., stations, bridges). The adversary aims to maximize damage by attacking nodes, while the responder allocation resources (e.g., personnel hours) to patrol and locate the threat. Their model incorporates both static and dynamic mobile games, utilizing Partially Observable Markov Decision Processes (POMDPs) to handle time-varying payoffs based on passenger flow. This emphasizes the dynamic and strategic nature of the allocation of security resources in the face of intelligent adversaries.

A common thread in these studies is the treatment of the security system’s response capacity as a simple probability or a static resource pool. They do not explicitly model the queuing dynamics and congestion effects that occur when multiple decoys and genuine threats compete for a limited number of mobile response units, which is a core focus of our present work.

2.2. Modeling and Dispatching of Mobile Response Units

The problem of dispatching mobile servers to spatially distributed demands is classically addressed using queuing theory. The seminal hypercube queuing model of Larson [4] provides a framework for analyzing systems where servers travel to serve Poisson-generated demands with exponential service times. A significant limitation of the basic model is its assumption of service times independent of server-customer pairs and its binary server state (free/busy).

Subsequent research has relaxed these assumptions. Jarvis [5] developed a heuristic that allows service times to depend on both the server and the customer. To model more complex server states, Larson and Mcknew [6] proposed models with $3^n$ states. Atkinson et al. [7] and Iannoni et al. [8] incorporating scenarios in which customers require service from two servers at different rates. Similarly, Geroliminis et al. [9], Boyacı and Geroliminis [10] used a $3^n$ state model to distinguish between servers busy with intra-district and inter-district calls, capturing the impact of travel distance on resource availability.

Another relevant approach is the probabilistic location model. Daskin [11] introduced the Maximum Expected Covering Location Problem (MEXCLP), assuming a common busy probability for all servers and ambulances operating independently. Goldberg et al. [12] extended this by using stochastic travel and service times to compute ambulance-specific busy probabilities, incorporating dispatch priority policies through a preference list, and considering prioritized calls for service.

A key insight from the dispatching literature is that not all requests need to be served immediately by the closest unit. Cutoff or reservation policies can improve overall system performance [13,14,15,16,17]. For instance, a server may be reserved for high-priority calls, allowing lower-priority calls (which could be decoy-induced) to queue even if other servers are free. Recent work continues to refine real-time dispatch policies. Majzoubi et al. [18] developed integer programs for EMS vehicle dispatch, while McLay and Mayorga [19,20] incorporated equity constraints and priority classification errors. Nasrollahzadeh et al. [13] and Jenkins et al. [14] employed approximate dynamic programming to generate high-quality policies for ambulance relocation and medical evacuation, respectively.

Lei et al. [21] formulated UAV border patrol as a Stackelberg game, where the patrol agency optimizes UAV paths against adversaries, minimizing the probability of detection. They developed compact models and strategy space reduction methods to tackle computational complexity, demonstrating superior performance and robustness over conventional strategies. Addressing the challenge of ensuring detection coverage against worst-case attacks in large networks, Dahan et al. [22] modeled network inspection as a bilevel optimization problem. Their solution leverages game equilibrium analysis and iterative refinement based on set cover/packing, demonstrating scalability and high performance in practical infrastructure networks. Wang et al. [23] investigated resource allocation to protect a series system against attacks with uncertain timing, formulating a two-stage Min-Max game model. The study integrates overarching protection, false targets (decoys), and individual protection strategies. A key finding is that the resource stockpiling rate critically influences the vulnerability of the system, challenging the conventional wisdom of centralized defense superiority. The main contributions include a novel modeling framework that combines truncated normal distributions to handle time uncertainty and a dynamic resource budget model that extends beyond static budget assumptions.

Although these studies offer sophisticated tools for managing a given set of response units, they largely take the underlying sensor system and its alarm generation process as exogenous. The interplay between spatial distribution and imperfection of the detection sensors and the congestion of the response units remains underexplored.

2.3. Synthesis and Research Gap

In summary, the literature on decoys effectively models strategic deception but lacks a detailed operational model of the congested response system that decoys aim to overwhelm. Conversely, the literature on response unit dispatching offers rich models for managing mobile servers but does not integrate the strategic generation of alarms (both false and true) into the system’s fundamental design.

Our research bridges this gap. We develop an integrated queuing-theoretic model that co-optimizes the design of the multilayer detection and response system itself. Unlike previous work, we explicitly model how the arrival stream of threats (including those generated by decoys) propagates through successive layers, with the performance of each layer being determined by its allocated sensors and response units. This allows us to quantify the resource-draining effect of decoys and determine the optimal architecture to mitigate them, a problem that is not addressed in the existing literature.

3. Mathematical Modeling of a Layered Security System

3.1. Modeling Context and Spatial Framework

3.1.1. Modeling Context

The mathematical model presented in this article is designed to address the critical challenge of securing remote and extensive border regions. A quintessential example is the United States–Mexico border, particularly in arid and mountainous sectors such as the Altar Desert within the Tucson Sector or the Big Bend National Park in Texas. In these areas, the primary operational objective is to deter and intercept illicit cross-border activity, including unauthorized migration and drug trafficking.

A key characteristic of these remote areas is that illicit incidents, while high-stakes, occur with relatively low frequency and are spatially dispersed compared to urban corridors. While arrivals are modeled as Poisson for tractability, intelligence-led patrols often treat threats as sporadic and independent, justifying this assumption in low-frequency scenarios. Furthermore, the vastness of the terrain makes it logistically prohibitive and economically inefficient to maintain a continuous, high-density presence of personnel or fixed checkpoints (e.g., static patrols or permanent barriers) across the entire landscape. The expected cost of staffing and maintaining such fixed assets in these areas often outweighs the security benefit, given the low probability of intercepting a threat at any specific, predetermined location.

Therefore, a more efficient strategy is to deploy a network of mobile and low-cost sensors to achieve area coverage, coupled with a limited number of mobile response units that can be dispatched to alarms. A foundational premise of our spatial model is that while the terrain is vast, threat movements are not uniformly distributed. Based on historical interdiction data and intelligence, border security agencies can identify likely origin-destination (OD) paths that threats follow, often determined by geography, such as valleys between mountain ranges or routes leading to known pickup points. Consequently, for the purpose of strategic resource allocation, we model the path of a target through any layer i as a known straight-line or estimated shortest path between a fixed origin point $O_i$ and destination point $D_i$. This allows for the focused deployment of sensors on these high-probability corridors, maximizing the efficiency of limited assets.

This layered approach stands in contrast to a single-layer linear barrier system. A single layer, while potentially effective at a specific point, constitutes a single point of failure; any breach leads to immediate system failure. Our multilayer system is designed to create depth-in-defense, significantly increasing the likelihood that a threat is intercepted, even if it penetrates the initial perimeter.

3.1.2. Spatial Framework

We consider a multilayer security system designed to protect a linear border. The border is divided into l consecutive segments, each constituting a security layer, i ($i=1,2,\dots ,l$). Suspicious targets (including both genuine threats and decoys) arrive at the system according to a Poisson process with rate $\lambda$ and must pass through each layer sequentially.

Each layer, i, is modeled using a discrete grid-based framework. The geographic area of the layer is discretized into a set of cells. The origin point, $O_i$, and destination point, $D_i$, for the cross-layer of the targets, i, are fixed and reside on this grid. The path a target follows from $O_i$ to $D_i$ is predefined. The allocation of sensors and the positioning of response units are also decisions made within this grid structure.

Within this framework, in each layer, i, several sensors, $s_i$, are deployed. Each sensor, j, has a fixed instantaneous detection rate, $\eta$ (e.g., probability of detection per unit time). However, the effective detection probability, $p_j$, for a specific sensor, j, is not constant. It is derived from a timely detection model that accounts for the time a moving target spends within the sensor’s effective detection range.

The detection probability, $p_j$, for a sensor, j, allocated to a specific cell of the grid is given as follows:

$$p_j=1-e^{-\eta d_j}$$

(1)

where $d_j$ is the expected travel distance that a target spends within the detection range of sensor j, which is based on the length of its path segment within the sensor’s coverage area. Crucially, $d_j$ depends on the location of the sensor in the grid relative to the path of the target. Therefore, even with homogeneous instantaneous detection rates, $\eta$, different spatial allocations of sensors will result in heterogeneous effective detection probabilities, $p_1, p_2, \dots , p_{s_i}$, for sensors in a layer.

The assumption of conditional independence between sensor detections is justified not by a lack of technological correlation but by the spatial and temporal separation of the underlying detection events. Each sensor is triggered by the physical presence of a target at its specific location. While sensors may have overlapping coverage zones, the event of a detection by one sensor (as the target enters its range) is distinct from a detection by another sensor (as the target later enters a different zone). Therefore, the independence assumption is a standard and reasonable simplification for modeling sequential detection along a path, where the joint probability $f\left(s_i\right)$ represents the cumulative effect of this screening process. The joint detection probability of all $s_i$ sensors in layer i is the probability that at least one sensor detects the target. Assuming conditional independence, it is given as follows:

$$f\left(s_i\right)=1-\prod _{j=1}^{s_i}(1-p_j)$$

(2)

Each layer, i, is assigned $n_i$ mobile response units. A response unit has a service rate, $\mu$, (targets/unit time), where the service time ${\mu }^{-1}$ includes the travel time to the location of a detected target and the time required to neutralize it.

3.2. Resource Re-Allocation Mechanism

The optimization of the layered structure involves re-allocating resources (sensors and response units) across layers. A key aspect of our model is the mechanism that governs how resources are reassigned when a layer is split, which directly impacts the detection probabilities in the modified layers.

Consider splitting a layer with configuration $(n_i,s_i)$ into a modified layer, $(n_i-1,s_i-1)$, and a new layer $(1,1)$. This process is governed by two principles.

1. 

Removal of sensor from the original layer: When reducing the number of sensors in a layer from $s_i$ to $s_i-1$, we remove the sensor with the lowest individual detection probability, $p_j$. This strategy reflects the practical operational policy of prioritizing the retention of the most effective sensors when downsizing a layer. Formally, the new set of detection probabilities for the modified layer is as follows:

$$\{p_1, p_2, \dots , p_{s_i-1}\}\mathrm{where}{p}_1\ge p_2\ge \dots \ge p_{s_i-1}$$

(3)

The joint detection probability is recalculated accordingly: $f(s_i-1)=1-{\prod }_{j=1}^{s_i-1}(1-p_j)$.

2. 

Sensor Deployment in the New Layer: The new layer receives one sensor. The detection probability $p_{\mathrm{new}}$ for this sensor is determined by the most favorable grid cell available in the geographic area of the new layer, corresponding to the highest achievable detection probability given the expected path of the target. However, since the new layer may have a different OD pair, the maximum achievable probability, $p_{\mathrm{new}}$, may differ from those in the original layer. In our numerical experiments (Section 4.3), we examine scenarios where $p_{\mathrm{new}}$ is drawn from distributions that are either comparable to or less favorable than the original layer’s distribution.

This resource reallocation mechanism is crucial for numerically validating the layer splitting inequality in Observation 1, to ensure that the analysis reflects practical operational constraints and decisions.

3.3. Target Flow and Layer Performance

The dynamic interaction within a layer for a single threat unfolds as follows.

1.

Approach and detection: A threat enters the layer i and follows its predefined path. The suite of $s_i$ sensors screens the threat, resulting in either of the following:

• Detection: with probability $f\left(s_i\right)$, the threat is detected, triggering an alarm.
• Non-detection: with probability $1-f\left(s_i\right)$, the threat evades detection and immediately proceeds to the next layer.

2.

Alarm response: if an alarm is triggered, the system attempts to dispatch a mobile response unit available to intercept and neutralize the threat.

• Neutralization: if at least one of the $n_i$ response units is available (with probability $1-B(n_i,{\rho }_i)$), it is dispatched, and the threat is neutralized, exiting the system.
• Blocking/escape: if all response units are busy (with probability $B(n_i,{\rho }_i)$), the threat cannot be engaged immediately. It escapes the layer and proceeds to the layer $i+1$.

The state of a target after processing in layer i is determined as follows (see Figure 1):

1.

Neutralized: The target is detected and a response unit is available to neutralize it. The target exits the system.

2.

Escaped: The target moves to layer $i+1$ for two possible reasons:

• Undetected: probability $1-f\left(s_i\right)$.
• Detected but unneutralized: the target is detected, but no response unit is available. This occurs with probability $f\left(s_i\right)·B(n_i,{\rho }_i)$.

Here, $B(n_i,{\rho }_i)$ is the Erlang-B formula (the blocking probability for an $M/M/n_i/n_i$ loss system), and ${\rho }_i={\lambda }_{i-1}/\mu$ is the load offered to the response units in layer i, where ${\lambda }_{i-1}$ is the arrival rate of targets in layer i.

Thus, the escape probability for a single layer i is as follows:

$$P_{\mathsf{e}\mathsf{s}\mathsf{c}}^i=[1-f\left(s_i\right)]+f\left(s_i\right)·B(n_i,{\rho }_i)=1-[1-B(n_i,{\rho }_i)]f\left(s_i\right)$$

(4)

The escape rate from layer i, which becomes the arrival rate for layer $i+1$, is as follows:

$${\lambda }_i={\lambda }_{i-1}·P_{\mathsf{e}\mathsf{s}\mathsf{c}}^i$$

(5)

The final escape rate from the entire system is ${\lambda }_l$, and the final escape probability is $P_{\mathsf{e}\mathsf{s}\mathsf{c}}^i$.

3.4. Optimization Model

The optimization problem is to minimize the final escape probability by allocating a limited total number of sensors (s) and response units (n) across the layers. The number of layers l can also be a decision variable, constrained by the need to have at least one sensor and one unit per layer.

$$\begin{array}{cc}\hfill \mathbf{Min}& \prod _{i=1}^l\{1-[1-B(n_i,{\rho }_i)]f\left(s_i\right)\} \hfill \end{array}$$

(6)

$$\begin{array}{cc}\hfill \mathbf{s}.\mathbf{t}.& \sum _{i=1}^l{n}_i\le n\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em} \hfill \end{array}$$

(7)

$$\begin{array}{cc}\hfill & \sum _{i=1}^l{s}_i\le s\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em} \hfill \end{array}$$

(8)

$$\begin{array}{cc}\hfill & n_i\ge 1,s_i\ge 1,\forall i=1,2,\dots ,l\hfill \end{array}$$

(9)

$$\begin{array}{cc}\hfill & n_i,s_i\in {\mathbb{Z}}^{+}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hfill \end{array}$$

(10)

This model integrates the dynamic allocation of sensors and response units across layers and within each layer’s spatial grid. A detailed study of the optimal placement of the sensor within a layer, given a fixed $s_i$, is a critical sub-problem that directly influences the values of $p_j$ and, therefore, $f\left(s_i\right)$.

3.5. Extension: Modeling Decoys with Heterogeneous Service

The prior model assumed a homogeneous service rate for all targets. We now refine this to capture a critical adversarial tactic: the deployment of decoys. We distinguish between two types of arrival:

• Real threats arrive at a fixed rate, ${\lambda }_t$, representing the core threat level.
• Decoys are injected by an adversary at a rate of ${\lambda }_d$.

The total arrival rate is, therefore, $\lambda ={\lambda }_t+{\lambda }_d$. Decoys are investigated and dismissed faster than genuine threats. We denote their service rates as ${\mu }_d$ and ${\mu }_t$, respectively, where ${\mu }_d>{\mu }_t$.

This scenario presents a key modeling challenge: to analyze a multi-server loss system where the service rate depends on the customer type. We model a single security layer as an $M/M/n/n$ loss system with the previous arrival process. The state of the system is $(i,j)$, where the following applies:

• i: the number of servers busy with decoys.
• j: the number of servers busy with real threats.
• $i+j\le n$.

Let $p_{i,j}$ denote the steady-state probability. The balance equations for the interior states $(i+j<n)$ are as follows:

$$\begin{array}{cc}\hfill \left[({\lambda }_t+{\lambda }_d)+i{\mu }_d+j{\mu }_t\right]p_{i,j}=& {\lambda }_d·p_{i-1,j}+{\lambda }_t·p_{i,j-1}+(i+1){\mu }_d·p_{i+1,j}+(j+1){\mu }_t·p_{i,j+1}.\hfill \end{array}$$

(11)

For boundary states $(i+j=n)$:

$$\begin{array}{c}\hfill \left[i{\mu }_d+j{\mu }_t\right]p_{i,j}={\lambda }_d·p_{i-1,j}+{\lambda }_t·p_{i,j-1},\mathrm{for}i+j=n.\end{array}$$

(12)

The system is solved with the normalization condition $\sum p_{i,j}=1$. The overall blocking probability, $p_b$, is the following:

$$p_b=\sum _{i+j=n}{p}_{i,j}.$$

(13)

The key performance metric for the defender is the probability of escape from real threats, which is this blocking probability $p_b$, as a real threat lost signifies a security failure.

State-Based Model and Steady-State Analysis for $n=2$

The state space encompasses all possible combinations: $(0,0)$, $(1,0)$, $(0,1)$, $(2,0)$, $(1,1)$, and $(0,2)$.

The state transition diagram is shown in Figure 2. The corresponding set of balance equations for the steady-state probabilities $p_{i,j}$ is as follows:

$$\begin{array}{cc}\hfill ({\lambda }_t+{\lambda }_d)p_{0,0}& ={\mu }_d{p}_{1,0}+{\mu }_t{p}_{0,1}\hspace{1em}\hspace{1em}\hfill \end{array}$$

(14)

$$\begin{array}{cc}\hfill ({\lambda }_t+{\lambda }_d+{\mu }_d)p_{1,0}& ={\lambda }_d{p}_{0,0}+2{\mu }_d{p}_{2,0}+{\mu }_t{p}_{1,1} \hfill \end{array}$$

(15)

$$\begin{array}{cc}\hfill ({\lambda }_t+{\lambda }_d+{\mu }_t)p_{0,1}& ={\lambda }_t{p}_{0,0}+2{\mu }_t{p}_{0,2}+{\mu }_d{p}_{1,1} \hfill \end{array}$$

(16)

$$\begin{array}{cc}\hfill ({\mu }_d+{\mu }_t)p_{1,1}& ={\lambda }_t{p}_{1,0}+{\lambda }_d{p}_{0,1} \hfill \end{array}$$

(17)

$$\begin{array}{cc}\hfill 2{\mu }_d{p}_{2,0}& ={\lambda }_d{p}_{1,0} \hfill \end{array}$$

(18)

$$\begin{array}{cc}\hfill 2{\mu }_t{p}_{0,2}& ={\lambda }_t{p}_{0,1} \hfill \end{array}$$

(19)

These equations, coupled with the normalization condition $p_{0,0}+p_{1,0}+p_{0,1}+p_{2,0}+p_{1,1}+p_{0,2}=1$, uniquely determine the steady-state probabilities.

The total blocking probability $p_b$—the probability that an arriving target finds both servers busy and escapes—is the sum of the probabilities of all states where $i+j=2$:

$$p_b=p_{2,0}+p_{1,1}+p_{0,2}.$$

(20)

Solving the system of equations yields the following expression for $p_b$:

$$p_b={\displaystyle \frac{{\lambda }_t^2{\mu }_d^2+{\lambda }_d^2{\mu }_t^2+2{\lambda }_t{\lambda }_d{\mu }_d{\mu }_t}{{({\lambda }_t{\mu }_d+{\lambda }_d{\mu }_t+{\mu }_d{\mu }_t)}^2+{\mu }_d^2{\mu }_t^2}}.$$

(21)

4. Structural Properties

This section establishes the fundamental properties of the layered security system model. We first present theoretical propositions regarding the monotonicity of the escape probability in the case without decoys. Then, we provide a theoretical proposition regarding the monotonicity of the blocking probability in the case of decoy activities and when $n=2$. The core of our analysis is Observation  1, which shows that splitting a security layer always improves the performance of the system. This Observation is then used to derive Theorem 1 on the optimal number of layers and Theorem 2 on the optimal allocation of resources.

4.1. Monotonicity Properties of Escape Probability

We begin by establishing the monotonic behavior of the layer escape probability, which is foundational to all subsequent results.

Proposition 1.

The escape probability $P_{esc}^i$ is strictly decreasing in:

1. 

$n_i$ for fixed ${\rho }_i$ and $s_i$,

2. 

$s_i$ for fixed $n_i$ and ${\rho }_i$.

Proof. 

Part 1: Monotonicity in $n_i$ (fixed ${\rho }_i,s_i$).

According to the standard properties of the Erlang B loss function, the following applies:

$${\displaystyle \frac{\partial B(n_i,{\rho }_i)}{\partial n_i}}<0,\forall {\rho }_i>0$$

(22)

Since $f\left(s_i\right)\ge 0$:

$${\displaystyle \frac{\partial }{\partial n_i}}[1-B(n_i,{\rho }_i)]=-{\displaystyle \frac{\partial B}{\partial n_i}}>0$$

(23)

$$\Rightarrow {\displaystyle \frac{\partial P_{\mathsf{e}\mathsf{s}\mathsf{c}}^i}{\partial n_i}}=-f\left(s_i\right)·{\displaystyle \frac{\partial }{\partial n_i}}[1-B(n_i,{\rho }_i)]<0$$

(24)

Part 2: Monotonicity in $s_i$ (fixed $n_i,{\rho }_i$).

For sensors with heterogeneous timely detection probabilities, the following applies,

$$f\left(s_i\right)=1-\prod _{j=1}^{s_i}(1-p_j),p_j\in (0,1]$$

(25)

When adding a $(s_i+1)$-th sensor,

$$f(s_i+1)-f\left(s_i\right)=\left[1-(1-p_{s_i+1})\prod _{j=1}^{s_i}(1-p_j)\right]-\left[1-\prod _{j=1}^{s_i}(1-p_j)\right]=p_{s_i+1}\prod _{j=1}^{s_i}(1-p_j)>0$$

(26)

Thus, $f\left(s_i\right)$ increases strictly in $s_i$. Consequently,

$${\displaystyle \frac{\partial P_{\mathsf{e}\mathsf{s}\mathsf{c}}^i}{\partial s_i}}=-[1-B(n_i,{\rho }_i)]·\underset{\ge 0}{\underbrace{{\displaystyle \frac{\partial f}{\partial s_i}}}}<0$$

(27)

   □

4.2. Monotonicity of the Blocking Probability

A central question is how the adversary’s decoy injection rate ${\lambda }_d$ impacts system security, measured by $p_b$.

Proposition 2.

For a system with $n=2$ servers and for fixed ${\lambda }_t,{\mu }_d,{\mu }_t$, the blocking probability $p_b$ is a strictly increasing function of the decoy arrival rate ${\lambda }_d$.

Proof. 

Consider the expression for $p_b$ in Equation (21). We can treat $p_b$ as a function of ${\lambda }_d$, that is, $p_b\left({\lambda }_d\right)$. To prove that it is strictly increasing, we examine its derivative with respect to ${\lambda }_d$, ${\displaystyle \frac{d{p}_b}{d{\lambda }_d}}$.

The denominator of $p_b$ is always positive. The sign of the derivative is determined by the numerator of ${\displaystyle \frac{d{p}_b}{d{\lambda }_d}}$, which simplifies to an expression of the form:

$${\displaystyle \frac{d{p}_b}{d{\lambda }_d}}={\displaystyle \frac{2{\mu }_d{\mu }_t^2({\mu }_d({\lambda }_t^2+{\mu }_d{\mu }_t)+(\mathrm{positive}\mathrm{terms}))}{{\left(\mathrm{positive}\mathrm{denominator}\right)}^2}}.$$

Given that ${\lambda }_t>0$, ${\mu }_d>0$, and ${\mu }_t>0$, every term in the numerator of the derivative is positive. Therefore, ${\displaystyle \frac{d{p}_b}{d{\lambda }_d}}>0$ for all ${\lambda }_d\ge 0$, proving that $p_b$ is strictly increasing in ${\lambda }_d$.    □

This result confirms the intuitive adversarial effect of decoys: By increasing the load on the system, they cause more frequent congestion, thereby raising the probability that a genuine threat will arrive when all servers are busy and escape.

4.3. The Layer-Splitting Observation

The optimality of a multilayer architecture is based on the following key observation, which establishes that splitting a layer is always beneficial.

Observation 1

(Layer-Splitting Benefit). For any layer configuration $(n,s)$ with $n\ge 2$, $s\ge 2$ and traffic intensity $\rho >0$, splitting it into two layers with configurations $(n-1,s-1)$ and $(1,1)$ always reduces the overall probability of escape. That is, the following inequality holds:

$$g(n,s,\rho )\ge g(n-1,s-1,\rho )·g(1,1,\rho ·g(n-1,s-1\left)\right)$$

(28)

where $g(n,s,\rho )=1-[1-B(n,\rho \left)\right]f\left(s\right)$ is the escape probability of a layer.

Proof. 

We consider two cases based on the joint detection capability:

Case 1: Perfect Detection ($f\left(s\right)=1$)

In the ideal case where sensors provide perfect detection ($f\left(s\right)=1$), the inequality reduces to

$$B(n,\rho )\ge B(n-1,\rho )·B(1,\rho ·B(n-1,\rho \left)\right)$$

(29)

Recall the recurrence relation for the Erlang B function:

$$B(n,\rho )={\displaystyle \frac{\rho B(n-1,\rho )}{n+\rho B(n-1,\rho )}}$$

(30)

The inequality we seek to prove is equivalent to

$${\displaystyle \frac{\rho B(n-1,\rho )}{n+\rho B(n-1,\rho )}}\ge B(n-1,\rho )·{\displaystyle \frac{\rho B(n-1,\rho )}{1+\rho B(n-1,\rho )}}$$

(31)

For $\rho >0$ and $B(n-1,\rho )>0$, we can divide both sides by $\rho B(n-1,\rho )$:

$${\displaystyle \frac{1}{n+\rho B(n-1,\rho )}}\ge {\displaystyle \frac{B(n-1,\rho )}{1+\rho B(n-1,\rho )}}$$

(32)

Cross-multiplying (as both denominators are positive) yields

$$1+\rho B(n-1,\rho )\ge nB(n-1,\rho )+\rho {\left[B(n-1,\rho )\right]}^2$$

(33)

Rearranging terms, we obtain the following:

$$1\ge (n-\rho )B(n-1,\rho )+\rho {\left[B(n-1,\rho )\right]}^2$$

(34)

Let $x=B(n-1,\rho )$. Since $n\ge 2$ and $\rho >0$, it is a known property of the Erlang B function that $0<x<1$. We now define the quadratic function:

$$g\left(x\right)=\rho x^2+(n-\rho )x-1$$

(35)

Proving the inequality $1\ge (n-\rho )x+\rho x^2$ is equivalent to proving that $g\left(x\right)\le 0$. For $n=2$, the upper bound $x=B(1,\rho )=\rho /(1+\rho )$ achieves the maximum. Substituting $x=\rho /(1+\rho )$ into $g\left(x\right)$,

$$g\left({\displaystyle \frac{\rho }{1+\rho }}\right)=\rho {\left({\displaystyle \frac{\rho }{1+\rho }}\right)}^2+(2-\rho )\left({\displaystyle \frac{\rho }{1+\rho }}\right)-1={\displaystyle \frac{-1}{{(1+\rho )}^2}}$$

(36)

The numerator $<0$ for all $\rho >0$, completing the proof for the case $f\left(s\right)=1$.

Case 2: Imperfect Detection ($f\left(s\right)<1$)

For the general case, the analytical proof is intractable. We, therefore, employ numerical validation, following the resource re-allocation mechanism detailed in Section 3.2. Specifically, for a given configuration, $(n,s)$:

• The modified layer $(n-1,s-1)$ is formed by removing the sensor with the lowest $p_j$ from the original set.
• The new layer’s sensor probability $p_{\mathrm{new}}$ is assigned based on the most favorable location in the new layer’s area.

Our investigation considered two realistic scenarios for sensor deployment:

• Scenario A: detection probabilities of sensors in the new layer follow $U(0.8,0.99)$, comparable to those in existing layers.
• Scenario B: detection probabilities of sensors in the new layer follow $U(0.7,0.95)$, representing potentially less favorable deployment conditions.
• Scenario C: detection probabilities of sensors in the new layer follow $Beat(8,2)$, skewed toward high detection probabilities (mean = 0.8).
• Scenario D: detection probabilities of sensors in the new layer follow $N(0.85,0.08)$, truncated to $[0.7,0.98]$.

We evaluated the inequality across the following parameter ranges:

• Number of response units: $n=2,3,\dots ,20$.
• Number of sensors: $s=2,3,\dots ,20$.
• Traffic intensity: $\rho \in [0.1,9.9]$ (15 values).
• For each parameter combination, we performed 100 Monte Carlo simulations.

The key finding is unequivocal: the inequality (28) held in 100% of the over 100,000 tested cases across both scenarios. Figure 3 shows the distribution of the difference between the two sides of the inequality, which is strictly positive with a substantial margin in all cases.

This comprehensive numerical verification provides strong empirical evidence that the inequality holds for all practical purposes under realistic operating conditions.    □

4.4. Optimal Architecture Theorems

Based on the layer-splitting observation, we now establish the main theorems regarding the optimal architecture of the layered security system.

Theorem 1

(Optimal Number of Layers). Given a total of n response units and s sensors, the minimal escape probability is achieved when the number of layers l is maximized, subject to each layer containing at least one response unit and one sensor. Thus, the optimal number of layers is $l^{*}=min(n,s)$.

Proof. 

From Observation 1, splitting a layer always reduces the overall probability of escape, which implies that adding more layers (each with at least one unit and one sensor) always improves system performance, as long as resources are available.

However, each layer requires at least one response unit and one sensor. Therefore, the maximum number of layers that can be formed is limited by $min(n,s)$. Any additional layer beyond this would violate the constraints. Hence, $l^{*}=min(n,s)$.    □

Theorem 2

(Resource Allocation for Fixed Layers). When the number of layers, l, is fixed and with $n\ge l$ and $s\ge l$, the probability of escape is minimized when resources are allocated in a decreasing manner between layers: that is, $n_i\ge n_{i+1}$ and $s_i\ge s_{i+1}$ for $i=1, 2, \dots , l-1$.

Proof. 

We proceed by induction on the number of layers, l.

Base Case ($l=2$): Consider a two-layer system with total resources $n=n_1+n_2$ and $s=s_1+s_2$. The overall escape probability is as follows:

$$P_{\mathrm{escape}}=P_{\mathrm{esc}}^1·P_{\mathrm{esc}}^2=(1-[1-B(n_1,x_1)]f\left(s_1\right))·(1-[1-B(n_2,x_2)]f\left(s_2\right))$$

(37)

where $x_1=\lambda /\mu$ and $x_2={\lambda }_1/\mu =\lambda ·P_{\mathrm{esc}}^1/\mu$.

By Proposition 1, $P_{\mathsf{e}\mathsf{s}\mathsf{c}}^i$ is strictly decreasing in both $n_i$ and $s_i$. Furthermore, since ${\lambda }_1>{\lambda }_2$, it follows that $x_1>x_2$, and thus $B(n_i,x_1)>B(n_i,x_2)$ for any fixed $n_i$. Consequently, the marginal reduction in $P_{\mathrm{escape}}$ achieved by allocating an additional unit of resource is greater in the first layer than in the second, due to the higher intensity of traffic and the multiplicative nature of the overall objective function. Therefore, the optimal allocation must satisfy $n_1\ge n_2$ and $s_1\ge s_2$.

Inductive Hypothesis: Assume that the theorem holds for a system with $l=k$ layers. That is, for a system of k layers, the optimal allocation of resources is decreasing:

$$n_1\ge n_2\ge \cdots \ge n_k\mathrm{and}{s}_1\ge s_2\ge \cdots \ge s_k.$$

(38)

Inductive Step ($l=k+1$): Consider a system with $k+1$ layers. We can conceptually aggregate the first k layers into a single super-layer, denoted as layer A, with a composite escape probability:

$$P_{\mathrm{esc}}^A=P_{\mathrm{esc}}^{1,k}=\prod _{i=1}^k{P}_{\mathrm{esc}}^i.$$

(39)

The entire $(k+1)$-layer system is then equivalent to a two-layer system comprising:

• Layer A: the first k layers (superlayer), with total resources $n_A={\sum }_{i=1}^k{n}_i$ and $s_A={\sum }_{i=1}^k{s}_i$, and output rate ${\lambda }_k=\lambda ·P_{\mathrm{esc}}^A$.
• Layer B: the $(k+1)$-th layer, with resources $n_{k+1}$ and $s_{k+1}$.

The overall escape probability is $P_{\mathrm{escape}}=P_{\mathrm{esc}}^A·P_{\mathrm{esc}}^{k+1}$.

By the inductive hypothesis, the resources within the superlayer A (i.e., the first k layers) are optimally allocated in a decreasing manner. We now apply the logic of the base case to this equivalent two-layer system (A and B). The arrival rate to Layer B is ${\lambda }_k$, which is strictly less than the arrival rate $\lambda$ to Layer A. Therefore, to minimize $P_{\mathrm{escape}}$, the optimal allocation between Layer A and Layer B must satisfy the following:

$$n_A\ge n_{k+1}\mathrm{and}{s}_A\ge s_{k+1}.$$

(40)

Since the resources within Layer A are already optimally structured as a decreasing sequence ($n_1\ge \cdots \ge n_k,s_1\ge \cdots \ge s_k$), and the total resources for Layer A are not less than those for Layer B, it follows that the allocation of resources across all $k+1$ layers must also be decreasing:

$$n_1\ge n_2\ge \cdots \ge n_k\ge n_{k+1},s_1\ge s_2\ge \cdots \ge s_k\ge s_{k+1}.$$

(41)

This completes the induction.    □

5. Solution Algorithm

Given the combinatorial complexity and non-linear nature of the optimization problem formulated in Section 3, finding an exact optimal solution for large-scale instances is computationally intractable. Therefore, we develop a Simulated Annealing (SA) metaheuristic to efficiently find high-quality approximate solutions. The SA framework is well suited to this problem due to its ability to escape local optima and its flexibility in handling complex constraints and objective functions.

The core challenge lies in jointly determining the number of layers l and the allocation of sensors $\mathbf{s}=(s_1,s_2,\dots ,s_l)$ and response units $\mathbf{n}=(n_1,n_2,\dots ,n_l)$ between them. Crucially, the structural properties derived in Section 4 (Theorems 1 and 2) are used to initialize the algorithm with a high-quality starting solution and to effectively guide the search process.

5.1. Solution Representation and Initialization

A solution, X, is represented by the number of layers, l, and two integer vectors:

$$\begin{array}{cc}\hfill X& =(l,\mathbf{s},\mathbf{n}),\mathrm{where}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hfill \end{array}$$

(42)

$$\begin{array}{cc}\hfill \mathbf{s}& =(s_1,s_2,\dots ,s_l),\sum _{i=1}^l{s}_i\le s,s_i\ge 1 \hspace{1em}\hfill \end{array}$$

(43)

$$\begin{array}{cc}\hfill \mathbf{n}& =(n_1,n_2,\dots ,n_l),\sum _{i=1}^l{n}_i\le n,n_i\ge 1 \hfill \end{array}$$

(44)

The objective value $F\left(X\right)$ is the overall escape probability calculated by Objective 6.

The initialization of X is directly governed by Theorems 1 and 2:

• Number of Layers (l): $l_{\mathrm{init}}=min(s,n)$.
• hlResource Allocation ($\mathbf{s},\mathbf{n}$): Resources are allocated in a decreasing manner across layers. The specific initial distribution depends on the relationship between s and n:

  1.

  Case 1: $s>n$. $l=n$ layers are initialized, each with one response unit ($n_i=1$). The s sensors are distributed, such that $s_1\ge s_2\ge \dots \ge s_l$ and $\sum s_i=s$.

  2.

  Case 2: $s<n$. $l=s$ layers are initialized, each with one sensor ($s_i=1$). The n response units are distributed, such that $n_1\ge n_2\ge \dots \ge n_l$ and $\sum n_i=n$.

  3.

  Case 3: $s=n$. $l=s=n$ layers are initialized, each with one sensor and one response unit ($s_i=1,n_i=1$). This initial solution is then perturbed to explore the search space.

This initialization strategy ensures the algorithm starts from a solution that already satisfies the proven optimal structure, providing a superior starting point compared to a random initial solution.

Discussion on Fixed Number of Layers (l): The initialization strategy and the subsequent algorithm are designed for the general case where the number of layers l is a decision variable, as established by Theorem 1. However, in certain practical scenarios, the number of security layers might be fixed a priori due to geographical, logistical, or budgetary constraints.

In such cases where l is fixed and is not $min(s,n)$, the core optimization problem reduces to allocating the resources s and n among these l fixed layers. Theorem 2 still applies: the optimal allocation follows a decreasing pattern across the sequential layers ($s_1\ge s_2\ge \dots \ge s_l$ and $n_1\ge n_2\ge \dots \ge n_l$). Our SA algorithm seamlessly handles this case by simply fixing the number of layers l to the pre-defined value during the initialization and throughout the neighbor generation process, while still utilizing the same resource transfer operator to find the optimal decreasing allocation.

5.2. Simulated Annealing Framework

The SA algorithm iteratively explores the solution space by moving from the current solution $X_{\mathrm{current}}$ to a neighbor solution, $X_{\mathrm{neighbor}}$. The move is always accepted if it improves the objective function ($F\left(X_{\mathrm{neighbor}}\right)<F\left(X_{\mathrm{current}}\right)$). To escape local optima, it may also be accepted with a probability $exp(-\Delta E/T)$, where $\Delta E$ is the increase in objective value and T is the current temperature parameter, which decreases according to a cooling schedule.

Key implementation details:

• The number of layers l is fixed at $l^{*}=min(S,N)$ throughout the optimization process, as established by Theorem 1.
• The neighborhood generation focuses exclusively on reallocating sensors and response units between these fixed layers.
• The initial solution is generated to satisfy the decreasing allocation pattern ($s_1\ge s_2\ge \dots \ge s_l$ and $n_1\ge n_2\ge \dots \ge n_l$) based on Theorem 2.

The pseudocode for the proposed SA heuristic is presented in Algorithm 1.

Algorithm 1 Simulated annealing heuristic for resource allocation.

Require: Total sensors s, total response units n, initial temperature $T_0$, cooling rate $\alpha$, Markov chain length $L_{\max }$, stopping criterion Ensure: Best-found solution $X^{*}$   1: $X_{\mathrm{current}}\leftarrow \mathrm{InitializeSolution}(s,n)$ {Based on Section 5.1}   2: $X^{*}\leftarrow X_{\mathrm{current}}$   3: $T\leftarrow T_0$   4: $k\leftarrow 0$   5: while stopping criterion not met do   6:    for $l=1$ to $L_{\max }$ do   7:      $X_{\mathrm{neighbor}}\leftarrow \mathrm{GenerateNeighbor}\left(X_{\mathrm{current}}\right)$ {See Section 5.3}   8:      $\Delta E\leftarrow F\left(X_{\mathrm{neighbor}}\right)-F\left(X_{\mathrm{current}}\right)$ {Calculate change in objective}   9:      if $\Delta E<0$ then 10:         $X_{\mathrm{current}}\leftarrow X_{\mathrm{neighbor}}$ 11:         if $F\left(X_{\mathrm{current}}\right)<F\left(X^{*}\right)$ then 12:           $X^{*}\leftarrow X_{\mathrm{current}}$ 13:         end if 14:      else if $exp(-\Delta E/T)>\mathrm{random}(0,1)$ then 15:         $X_{\mathrm{current}}\leftarrow X_{\mathrm{neighbor}}$ 16:      end if 17:    end for 18:    $T\leftarrow \alpha ·T$ {Cooling} 19:    $k\leftarrow k+1$ 20: end while 21: return  $X^{*}$

5.3. Neighborhood Generation

Given that Theorem 1 establishes the optimal number of layers as $l^{*}=min(s,n)$ for the available resources, the neighborhood generation function $\mathrm{GenerateNeighbor}\left(X\right)$ is designed to explore the solution space while maintaining a fixed number of layers $l=l^{*}$ and the decreasing allocation patterns ($s_1\ge s_2\ge \dots \ge s_l$ and $n_1\ge n_2\ge \dots \ge n_l$). This approach ensures that the search remains within the structurally optimal configuration space. We define three neighborhood operators that perturb the resource allocation between layers, applied with equal probability:

1.

Sensor Reallocation: Randomly select two distinct layers, i and j. If $s_i>1$ (donor layer has at least one sensor to give), transfer one sensor from layer i to layer j. This operator fine-tunes the sensor distribution while maintaining ${\sum }_{i=1}^l{s}_i=s$.

2.

Response Unit Reallocation: Randomly select two distinct layers, i and j. If $n_i>1$ (donor layer has at least one response unit to give), transfer one response unit from layer i to layer j. This operator fine-tunes the response unit distribution while maintaining ${\sum }_{i=1}^l{n}_i=s$.

3.

Balanced Resource Reallocation: Randomly select two distinct layers, i and j. If $s_i>1$ and $n_i>1$, simultaneously transfer one sensor and one response unit from layer i to layer j. This operator maintains the balance between sensing and response capabilities while exploring different resource distributions.

All generated neighbor solutions are verified for feasibility ($s_i\ge 1,n_i\ge 1$ for all layers $i=1,\dots ,l$). If a move would result in an infeasible solution, the operator is applied again with different layer pairs until a feasible neighbor is found.

This neighborhood design ensures that the algorithm efficiently explores the optimal allocation of resources across layers, as established by Theorem 2, while respecting the fixed optimal number of layers determined by Theorem 1.

5.4. Integration with Spatial Deployment Subproblem

The optimization model involves a critical subproblem: for a fixed number of sensors, $s_i$, in a layer, determine their spatial deployment to maximize the probability of joint detection, $f\left(s_i\right)$. Our algorithm addresses this through a computationally efficient greedy approach that operates under simplified but reasonable assumptions.

Greedy Sensor Placement Algorithm: Given the fixed OD path through a layer and the assumption that all grid cells are equally feasible for sensor deployment, the greedy algorithm proceeds as follows:

1.

Pre-compute the detection probability $p_j$ for each grid cell based on the target’s exposure distance within the sensor’s range using Equation (1).

2.

Sort all grid cells in descending order of their individual detection probabilities, $p_j$.

3.

Select the top $s_i$ cells with the highest detection probabilities.

4.

Calculate the joint detection probability $f\left(s_i\right)$ using Equation (2).

This approach has linear time complexity $O\left(m\right)$, where m is the number of grid cells, making it highly efficient for integration within the SA framework. Under our simplified assumptions, this greedy selection is optimal, as it maximizes the immediate gain in detection probability at each deployment step.

Two-Stage Implementation: Our algorithm employs a decoupled approach to manage computational complexity:

1. Stage 1 (Global Allocation): The SA heuristic optimizes the number of layers, l, and the allocation of resources, $\mathbf{s}$, $\mathbf{n}$, across them. During the evaluation of $F\left(X\right)$ for any candidate solution, the greedy algorithm provides a quick estimate of $f\left(s_i\right)$ for each layer.

2. Stage 2 (Post-Processing): For the final optimized solution, more sophisticated placement algorithms can be applied to incorporate additional practical constraints such as terrain feasibility and deployment costs. However, this detailed placement problem is beyond the scope of the current study, which focuses on the higher-level interlayer resource allocation.

This decoupled approach ensures that the complex joint problem remains computationally tractable while providing effective solutions for the primary optimization objective.

6. Numerical Experiments and Analysis

6.1. Base Case and Model Validation

This section provides comprehensive numerical experiments to validate the proposed model and investigate the efficiency of the derived structural properties. We analyze both two- and three-layer systems to demonstrate the scalability of our approach and provide empirical evidence for the optimality principles established in Section 4.

6.1.1. Experimental Setup

We maintain consistent parameter values across all experiments (

Table 1. Parameter settings for the base case.

Parameter	Description	Value
$\lambda$	Arrival rate	10
$\mu$	Service rate	2
n	Number of response units	10
s	Number of sensors	10
r	Detection radius	10 m
$\eta$	Instantaneous detection rate	0.06

). The total number of sensors and response units is fixed at $s=n=10$. The arrival rate of suspicious targets is $\lambda =10$, and the service rate is $\mu =2$. For each layer, the set of detection probabilities is generated from a uniform distribution $U(0.8,0.99)$, reflecting realistic sensor capabilities. When allocating sensors within a layer, the strategy is to always select the sensors with the highest individual detection probabilities first.

6.1.2. Two-Layer System Analysis

We first analyze the two-layer system configuration. Through exhaustive search over all feasible resource allocations, the optimal configuration is found to be $(s_1=7,n_1=7)$ for Layer 1 and $(s_2=3,n_2=3)$ for Layer 2. This allocation achieves an overall performance $-log\left(P_{\mathrm{escape}}\right)=6.983$.

The results confirm the decreasing allocation pattern ($s_1\ge s_2$, $n_1\ge n_2$) as established in Theorem 2. Figure 4 shows the performance landscape visualized as a heatmap, where warmer colors indicate higher escape probabilities (worse performance) and cooler colors indicate better performance. The optimal configuration is clearly identifiable in the region where both sensor and response unit allocations favor the first layer.

6.1.3. Three-Layer System Analysis

Extending the analysis to a three-layer system, we conduct an exhaustive search over all feasible resource allocations under the constraints that each layer must have at least one sensor and one response unit ($s_i\ge 1,n_i\ge 1$). This results in 1296 valid configurations to evaluate.

The optimal allocation for the three-layer system is as follows:

• Layer 1: $s_1=4$, $n_1=5$
• Layer 2: $s_2=3$, $n_2=3$
• Layer 3: $s_3=3$, $n_3=2$

This configuration achieves a performance $-log\left(P_{\mathrm{escape}}\right)=7.704$. The optimal allocation follows the predicted decreasing pattern: $s_1\ge s_2\ge s_3$ and $n_1\ge n_2\ge n_3$, providing strong empirical validation for Theorem 2 in multi-layer systems beyond the two-layer case.

Figure 5 shows the performance landscape for the three-layer system using a 3D surface plot. The plot displays the best achievable performance for each sensor allocation pattern to Layers 1 and 2 (with Layer 3 receiving the remaining sensors), after optimizing the response unit distribution. The results demonstrate that balanced-decreasing allocations consistently outperform other patterns.

6.1.4. Comparative Analysis and Theoretical Validation

Table 2. Performance comparison across different layer configurations.

System	Optimal Allocation	−log(Pescape)
Single-Layer	(10,10)	4.151
Two-Layer	(7,7), (3,3)	6.983
Three-Layer	(4,5), (3,3), (3,2)	7.704

summarizes the performance comparison across different system configurations. The results demonstrate the progressive improvement achieved by increasing the number of layers while maintaining the same total resource budget, providing strong empirical support for Theorem 1.

The experimental results validate the core theoretical contributions:

1.

Theorem 1 (Max-Layer Optimality): The three-layer system demonstrates substantially better performance than the two-layer system, confirming that increasing the number of layers improves security effectiveness given the same total resources.

2.

Theorem 2 (Decreasing Allocation): The optimal allocations for both two- and three-layer systems follow the predicted decreasing pattern, validating the theoretical findings across different system scales.

3.

Robustness of Structural Properties: The consistent emergence of optimal patterns across different configurations provides robust validation of the structural properties derived in Section 4.

This comprehensive analysis demonstrates the practical effectiveness of the multi-layer security architecture and provides strong empirical evidence for the proposed theoretical framework.

6.2. Performance Comparison: Simulated Annealing vs. Tabu Search

To validate the effectiveness of our optimization approach, we conducted a comprehensive comparison between the proposed Simulated Annealing (SA) heuristic and a Tabu Search (TS) algorithm. Both metaheuristics were applied to a case problem on a median scale with total resources of $s=12,n=10$, an arrival rate of $\lambda =10$, a service rate of $\mu =2$, and a redefined number of layers, $l=6$.

6.2.1. Experimental Setup

The comparative analysis was designed with the following experimental setup:

• Algorithm Parameters:

  –

  Simulated Annealing: Geometric cooling schedule with initial temperature $T_0=100$, cooling rate $\alpha =0.95$

  –

  Tabu Search: Tabu list size = 15 with aspiration criterion

  –

  Steady-State Rule: Both algorithms stop if the relative improvement in the best-found objective value over the last 100 temperature cycles is less than $0.1\%$

  –

  Maximum Iteration Rule: A force stop is triggered if the algorithm reaches a maximum of 1000 iterations.

• Evaluation Protocol: 10 independent runs with random initial solutions following the decreasing allocation pattern established in Theorem 2.
• Implementation: Python 3.9 on an Intel i7-10700K processor with 32 GB of RAM.
• Performance Metrics:

  –

  Solution quality: best and average escape probability.

  –

  Computational efficiency: average runtime.

6.2.2. Comparison Results

Table 3. Algorithm performance comparison.

Metric	Simulated Annealing	Tabu Search
Best Escape Probability (−log scale)	8.271	8.271
Average Escape Probability (−log scale)	8.036	8.032
Average Runtime (seconds)	2.34	15.37

presents the quantitative comparison between the two algorithms in multiple performance metrics.

6.2.3. Key Findings

The comparative analysis revealed several important insights:

1.

Solution Quality Parity: Both algorithms achieved identical best-case performance $-log\left(P_{\mathrm{escape}}\right)=8.271$, with nearly identical average performance. This demonstrates that both metaheuristics are capable of finding high-quality solutions for the layered security optimization problem.

2.

Computational Efficiency Advantage: The most significant difference emerged in computational efficiency. Simulated Annealing was approximately 6 times faster than Tabu Search (2.34 s vs. 15.37 s average runtime). This substantial efficiency advantage makes SA more suitable for real-time applications and large-scale problem instances.

3.

Optimal Allocation Pattern: the best solutions found using both algorithms consistently exhibited the decreasing resource allocation pattern ($s_1\ge s_2\ge \cdots \ge s_l$, $n_1\ge n_2\ge \cdots \ge n_l$) as predicted by Theorem 2, validating our structural properties.

The computational efficiency advantage of Simulated Annealing can be attributed to its stochastic acceptance criterion, which allows more aggressive exploration of the solution space with fewer function evaluations. The probability of accepting worse solutions, given by $exp(-\Delta E/T)$, enables SA to escape local optima efficiently. In contrast, Tabu Search’s deterministic neighborhood evaluation and tabu list management incur higher computational overhead due to the need to maintain and check against historical solutions.

This comparative analysis confirms that our proposed Simulated Annealing heuristic not only produces high-quality solutions but does so with exceptional computational efficiency. The results justify our algorithm selection and demonstrate its suitability for the layered security system optimization problem, particularly in scenarios requiring rapid solution generation. While both algorithms are effective, SA’s superior computational performance makes it the preferred choice for practical implementations where response time is critical.

6.3. Sensitivity Analysis

In terms of a large-scale problem, we provide a sensitivity analysis to test the influence of three factors: the ratio of response units to sensors, the instantaneous detection rate, and the number of sensors. We keep the arrival rate of the suspicious target $\lambda =10$ and the service rate $\mu =2$ the same for all instances. Detailed data are shown in

Table 4. Factors with different levels.

Factors	Low	Medium	High
Ratio of response units to sensors	0.75	0.96	1.2
Instantaneous detection rate ${\eta }_{\mathrm{HS}}$	0.04	0.06	0.08
Number of sensors s	12	18	24

. In this computational test, the number of layers itself is also a decision variable determined based on the developed properties. In terms of each layer, we have three different patterns to work with, shown in Figure 6. During the test, each layer will randomly select a pattern from three candidates to simulate the complex situation in a border crossing scenario in a wild area. We have nine instances in total to further test the influence of the ratio of response units to sensors in a larger range, shown in

Table 5. Summary of instances.

Instance	1	2	3	4	5	6	7	8	9
Settings	$n-1$	$n-2$	$n-3$	$n-4$	n	$n+1$	$n+2$	$n+3$	$n+4$

.

We study one-way, two-way, and three-way effects to understand the impact of each factor on the objective function.

Table 6. Results of sensitive analysis with three factors.

	Factors			Result
Run	Fraction	Rate	Sensor	Result	CPU Time (s)
1	Low	Low	Low	2.468417325	905.8492904
2	Low	Low	Medium	0.377122394	1453.895795
3	Low	Low	High	0.017213046	1859.566701
4	Low	Medium	Low	4.215767419	909.8106087
5	Low	Medium	Medium	1.85663959	1430.789385
6	Low	Medium	High	0.503115247	1852.283655
7	Low	High	Low	5.660872497	905.7008405
8	Low	High	Medium	3.680056187	1445.041258
9	Low	High	High	2.112280723	1817.905169
10	Medium	Low	Low	1.508244681	1124.397979
11	Medium	Low	Medium	0.122815612	1759.212189
12	Medium	Low	High	0.002220513	2340.808934
13	Medium	Medium	Low	3.401321815	1117.571303
14	Medium	Medium	Medium	1.219613748	1737.764299
15	Medium	Medium	High	0.217597993	2359.47242
16	Medium	High	Low	5.192311209	1109.597461
17	Medium	High	Medium	3.171271485	1744.040538
18	Medium	High	High	1.627679584	2305.239862
19	High	Low	Low	0.741589108	1220.965206
20	High	Low	Medium	0.027227451	1841.022417
21	High	Low	High	0.000261384	2454.786236
22	High	Medium	Low	2.548176912	1212.837232
23	High	Medium	Medium	0.608983365	1811.1534
24	High	Medium	High	0.061356706	2493.959533
25	High	High	Low	4.469005247	1230.350301
26	High	High	Medium	2.369278176	1883.218999
27	High	High	High	0.880806767	2454.921907

shows the combination of the three factors and the results obtained for one of the cases.

Table 7. ANOVA table for results.

Source	DF	Adj SS	Adj MS	F-Value	p-Value
fraction	2	42.198	21.099	82.95	0
rate	2	290.012	145.006	570.11	0
sensor	2	319.899	159.949	628.86	0
fraction × rate	4	2.598	0.65	2.55	0.04
fraction × sensor	4	6.344	1.586	6.24	0
rate × sensor	4	31.372	7.843	30.84	0
fraction × rate × sensor	8	4.628	0.579	2.27	0.024
Error	216	54.939	0.254
Total	242	751.99

shows the ANOVA analysis for the results, and we can conclude that all three factors, including the ratio of response units to sensors, the instantaneous detection rate, and the number of sensors, have a significant impact on the total expected escape rate of suspicious targets. All three factors have p-value = 0, which means that, for any confidence level, the ratio of response units to sensors, the instantaneous detection rate of sensors, and the number of sensors would contribute to the success of capturing suspicious targets.

Table 8. ANOVA table for computational time.

Source	DF	Adj SS	Adj MS	F-Value	p-Value
fraction	2	8,764,533	4,382,267	120.64	0
rate	2	2084	1042	0.03	0.972
sensor	2	52,086,944	26,043,472	716.98	0
fraction × rate	4	14,515	3629	0.1	0.982
fraction × sensor	4	837,890	209,473	5.77	0
rate × sensor	4	37,333	9333	0.26	0.905
fraction × rate × sensor	8	8520	1065	0.03	1
Error	216	7,845,915	36,324
Total	242	69,597,735

shows the ANOVA analysis for CPU times. In terms of the one-way effect, only the instantaneous sensor response rate factor shows a low impact on the computation time of SA heuristics (p-value = 0.972). The reason is that a large fraction of high-value sensors will provide a better starting point for the heuristics to work with. Because of this, two-way and three-way effects involved with an instantaneous detection rate show low sensitivity to the computational time.

6.4. Numerical Analysis of Impact of Decoy Activities

We numerically analyze the model to quantify the impact of adversarial decoys. We set a base scenario with ${\lambda }_t=3$, ${\mu }_d=2.0$, ${\mu }_t=0.5$, and $n=2$. We vary the decoy arrival rate ${\lambda }_d$ from 0 to 7.

Figure 7a plots the blocking probability $p_b$ against ${\lambda }_d$, calculated using Equation (21). The curve confirms the proposition: $p_b$ increases monotonically with the decoy rate. This graph translates the abstract resource draining effect into a concrete security metric, showing how an adversary can systematically degrade system performance.

Figure 7b provides further insight by comparing the system’s performance with a traditional model that assumes homogeneous service times. It plots the relative error in the estimated blocking probability if one incorrectly assumes that all targets have the same service rate ${\mu }_t$. The discrepancy highlights the need for the proposed heterogeneous model to accurately assess security when there are decoys.

Implications for Layered Security System Design

The analysis confirms that decoys are an effective adversarial strategy. Their resource-draining effect is twofold: they increase the total arrival rate, $\lambda$, and alter the effective service capacity by introducing a mixture of fast and slow service requirements.

When integrating this into the multilayer design framework, the decision variables for a layer should be based on the expected decoy injection rate, ${\lambda }_d$, in addition to the real threat rate, ${\lambda }_t$. A layer expecting significant decoy activity will have a higher total load and thus require more resources to maintain a low escape probability for genuine threats. The explicit formula for $p_b$ (Equation (21)) or the state-based model for higher n can be directly incorporated into the optimization heuristic from Section 6, replacing the simpler Erlang B formula, to design systems that are robust against this type of adversarial deception.

7. Limitations and Future Work

7.1. Conclusions

This paper has presented an integrated queuing-theoretic framework for the optimal design of a multilayer security system against intruders employing decoys. Our core contributions are threefold: (1) a novel nonlinear integer programming model that co-optimizes the number of layers and the allocation of imperfect sensors and mobile response units; (2) the derivation of key structural properties proving the optimality of a max-layer, balanced-resource strategy; and (3) an efficient simulated annealing heuristic for practical problem-solving. Numerical experiments validated that the optimized multilayer system significantly outperforms a single-layer baseline. Furthermore, we extended the model to analyze the impact of decoys, revealing that their resource-draining effect arises not only from increased arrival rates but also from service heterogeneity, leading to a higher-than-expected risk of genuine threats escaping.

7.2. Limitations

• Arrival Process Assumption: Our model assumes that threats arrive according to a Poisson process. Although mathematically tractable and common in initial queueing models, this assumption does not capture potential batch arrivals (e.g., coordinated groups of intruders or decoys), which could lead to short-term system congestion not fully captured by the average arrival rate $\lambda$.
• Sensor Detection Independence: The calculation of the joint detection probability $f\left(s_i\right)$ is based on the assumption of conditional independence between sensors. In practice, correlated false alarms or common environmental factors affecting nearby sensors could violate this assumption, potentially leading to an overestimation of system performance.
• Analytical Bound for Layer-Splitting: The key Observation 1, which underpins the optimality of the max-layer architecture, is proven analytically only for the case of perfect sensors ($f\left(s\right)=1$). For the general case, we rely on comprehensive but not exhaustive numerical validation. The absence of a general analytical proof remains a theoretical limitation.
• Static and Deterministic Path Modeling: The model assumes a single, fixed, and known Origin-Destination (OD) path for targets within a layer. In reality, adversaries can adapt their routes dynamically or choose from a set of possible paths, reducing the effectiveness of a static sensor deployment optimized for a single path.
• Computational Scalability of Decoy Model: The state-based model for decoys with heterogeneous service times is solved in closed form only for $n=2$ servers. For layers with more resources, the combinatorial explosion of the state space makes exact analysis computationally intractable within our current framework.

7.3. Future Research Directions

These limitations naturally chart a course for valuable future work:

• Modeling Batch Arrivals and Correlated Sensors: Future models could incorporate more sophisticated arrival processes, such as a Markov-Modulated Poisson Process (MMPP) or a compound Poisson process, to better represent coordinated adversarial actions. Similarly, the sensor model could be extended using copulas or spatial correlation structures to account for dependent detection events.
• Theoretical Analysis of the Layer-Splitting Observation: A significant theoretical endeavor would be to derive formal sufficient conditions under which Observation 1 holds for imperfect sensors or to provide a rigorous proof for a broader class of detection functions.
• Robust and Adaptive Optimization: To address the uncertainty of the path, a promising direction is to develop a robust optimization or stochastic programming version of our model. This would involve optimizing against a distribution of possible paths or worst-case scenarios, making the system design less sensitive to adversarial route adaptation.
• Dynamic Resource Allocation and Machine Learning: Extending the model from a static design to a dynamic resource allocation problem is a critical next step. Reinforcement Learning (RL) is a suitable framework for developing policies that reallocate sensors and response units in real time based on evolving threat levels and system congestion.
• Game-Theoretic Adversarial Modeling: Finally, treating the adversary’s decoy deployment strategy not as an exogenous parameter but as an endogenous, strategic choice leads to a Stackelberg game formulation. The defender (system designer) would optimize their layered system, anticipating the best-response attack strategy of an intelligent adversary, leading to more resilient and robust designs.