Introduction to Game Theory Part II Tyler Moore Computer Science - PDF document

Notes Introduction to Game Theory Part II Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX Lecture 17 Mixed strategies Modeling interdependent security Notes Process control system example: Nash equilibria? Suppose we have two players: plant security manager and a terrorist Manager’s actions A mgr = { disconnect , connect } Terrorist’s actions A terr = { attack , don’t attack } Possible outcomes O = { ( a 1 , a 3 ) , ( a 1 , a 4 ) , ( a 2 , a 3 ) , ( a 2 , a 4 ) } Terrorist attack don’t attack Manager connect ( − 50 , 50) (10 , 0) disconnect ( − 10 , − 10) ( − 10 , 0) 3 / 18 Mixed strategies Modeling interdependent security Notes Mixed strategies Definitions A pure strategy is a single action (e.g., connect or disconnect) A mixed strategy is a lottery over pure strategies (e.g. connect: 1 6 , disconnect: 5 attack: 1 3 , not attack: 2 � � , or � � ). 6 3 4 / 18 Mixed strategies Modeling interdependent security Notes Process control system example: mixed Nash equilibrium Terrorist attack don’t attack Manager connect ( − 50 , 50) (10 , 0) disconnect ( − 10 , − 10) ( − 10 , 0) Mixed strategy Nash equilibrium connect: 1 6 , disconnect: 5 Manager: � � 6 attack: 1 3 , not attack: 2 � � Terrorist: 3 E ( U mgr ) = 1 6(1 3 · − 50 + 2 +5 6(1 3 · − 10 + 2 3 · 10) 3 · − 10) = − 10 E ( U terr ) = 1 6(1 3 · 50 + 2 +5 6(1 3 · − 10 + 2 3 · 0) 3 · 0) = 0 5 / 18

Mixed strategies Modeling interdependent security Notes Existence of Nash Equilibria Theorem (John Nash, 1951) Every game with a finite number of players and a finite set of actions has at least one Nash equilibrium involving mixed strategies. Side Note The proof of this theorem is non-constructive. This means that while the equilibria must exist, there’s no guarantee that finding the equilibria is computationally feasible. 6 / 18 Mixed strategies Modeling interdependent security Notes Process control system example: mixed Nash equilibrium Terrorist attack don’t attack P ( action ) a (1 − a ) Manager connect ( − 50 , 50) (10 , 0) c disconnect (1 − c ) ( − 10 , − 10) ( − 10 , 0) First calculate the manager’s payoff: E ( U mgr ) = − 50 · ca − 10(1 − c ) a + 10 c (1 − a ) − 10(1 − c )(1 − a ) = − 60 ca + 20 c − 10 Find c where δ c ( E ( U mgr )) > 0 δ c ( − 60 ca + 20 c − 10) > 0 − 60 a + 20 > 0 a < 1 3 Similarly a > 1 3 when δ c ( E ( U mgr )) < 0 7 / 18 Mixed strategies Modeling interdependent security Notes Process control system example: mixed Nash equilibrium Terrorist attack don’t attack P ( action ) a (1 − a ) Manager connect ( − 50 , 50) (10 , 0) c disconnect (1 − c ) ( − 10 , − 10) ( − 10 , 0) Next calculate the terrorist’s payoff: E ( U terr ) = 50 · ca − 10(1 − c ) a + 0 c (1 − a ) + 0(1 − c )(1 − a ) = 60 ca − 10 a Find a where δ a ( E ( U terr )) > 0 δ a (60 ca − 10 a ) > 0 60 c − 10 > 0 c > 1 6 Similarly c < 1 6 when δ a ( E ( U terr )) < 0 8 / 18 Mixed strategies Modeling interdependent security Notes Best response curve 1 Attacker’s best response Nash equilibrium 1 3 Manager’s best response 0 1 0 c 1 6 9 / 18

Mixed strategies Modeling interdependent security Notes Exercise: compute mixed strategy equilibria Bob left right P ( action ) (1 − b ) b Alice up a (2 , 1) (0 , 0) down (1 − a ) (0 , 0) (1 , 2) 1 Are there any pure Nash equilibria? 2 What is Alice’s expected payoff? 3 What is Bob’s expected payoff? 4 What is the mixed strategy Nash equilibrium? 5 Draw the best-response curves 10 / 18 Why is security often interdependent? Mixed strategies Modeling interdependent security Modeling interdependent security Liability as means of encouraging security investment Notes Interdependent Security: Examples Software Engineering Product security depends on the security of all components Interconnected Supply Chains The security of clients’ and suppliers’ systems determines own security Information Sharing in Business Networks The confidentiality of informations depends on the trustworthiness of all contacts (or “friends”) Internet Security Botnets threaten our systems because other peoples’ systems are insufficiently secured 12 / 18 Why is security often interdependent? Mixed strategies Modeling interdependent security Modeling interdependent security Liability as means of encouraging security investment Notes Physical World: Airline Baggage Security A B 1988: Lockerbie Bomb explodes in flight PA 103 killing 259. Malta → Frankfurt → London → New York 2010: Cargo bombs hidden in toner cartridges to be activated remotely during approach to US airports. Jemen → Kln/Bonn → London → USA H. Kunreuther & G. Heal: Interdependent Security, Journal of Risk and Uncertainty 26 , 231–249, 2003 13 / 18 Why is security often interdependent? Mixed strategies Modeling interdependent security Modeling interdependent security Liability as means of encouraging security investment Notes Interdependent Security A B P loss A ≥ P attack · (1 − s A ) 1 − P loss A = (1 − P attack · (1 − s A )) (1 − P attack · (1 − s B )) P loss A = 1 − � (1 − P attack · (1 − s A )) (1 − P attack · (1 − s B )) � → Own payoff depends on own and others’ security choices P ∈ [0 , 1]: probability of attempted attack, respectively loss due to attack s ∈ { 0 , 1 } : discrete choice of security level 14 / 18

Why is security often interdependent? Mixed strategies Modeling interdependent security Modeling interdependent security Liability as means of encouraging security investment Notes Utility Function Simple utility function of risk-neutral player A : expected loss security investment U A = − L · P loss A − s A = − L + L · (1 − P loss A ) − s A Utility function when A ’s security depends on B = − L + L · (1 − P attack · (1 − s A )) (1 − P attack · (1 − s B )) − s A 15 / 18 Why is security often interdependent? Mixed strategies Modeling interdependent security Modeling interdependent security Liability as means of encouraging security investment Notes Matrix Game of Interdependent Security player A Nash equilibrium secure insecure s A = 0 s A = 1 − 3 / 2 − 2 player A’s utility insecure − 3 / 2 − 1 player B’s utility s B = 0 − 3 − 3 sum of A’s and B’s utility player B social optimum − 1 − 1 secure − 2 − 1 s B = 1 − 3 − 2 P attack = 1 / 2 L = 2 → Interdependence can lead to security under-investment 16 / 18 Why is security often interdependent? Mixed strategies Modeling interdependent security Modeling interdependent security Liability as means of encouraging security investment Notes Utility Function Simple utility function of risk-neutral player A : expected loss security investment U A = − L · P loss A − s A = − L + L · (1 − P loss A ) − s A 17 / 18 Why is security often interdependent? Mixed strategies Modeling interdependent security Modeling interdependent security Liability as means of encouraging security investment Notes Utility Function Simple utility function of risk-neutral player A : expected loss security investment U A = − L · P loss A − s A = − L + L · (1 − P loss A ) − s A Modified utility function with liability: compensation if player B caused the loss U A = − L · P loss A − s A + L · P attack B · (1 − s B ) − L · P attack A · (1 − s A ) compensation if player A caused the loss 17 / 18

Why is security often interdependent? Mixed strategies Modeling interdependent security Modeling interdependent security Liability as means of encouraging security investment Notes Interdependent Security with Liability player A secure insecure s A = 0 s A = 1 − 3 / 2 − 1 player A’s utility insecure − 3 / 2 − 2 player B’s utility s B = 0 − 3 − 3 sum of A’s and B’s utility player B − 2 − 1 Nash equilibrium secure − 1 − 1 s B = 1 − 3 − 2 P attack = 1 / 2 L = 2 → Liability internalizes negative externalities of insecurity 18 / 18 Notes Notes Notes