Introduction

Stackelberg games are increasingly important for informing real-world decision making, including a growing body of work that applies these techniques in security domains such as critical infrastructure protection (Bier, 2007; Sandler and D. G. A. M., 2003), computer networks (Alpcan and Basar, 2003; Nguyen and Basar 2009), and robot patrolling strategies (Agmon et al., 2009; Basilico, Gatti, and Amigoni, 2009; Gatti, 2008). Two software systems that use this type of game modeling are in use by the the Los Angeles International Airport (LAX) (Pita et al., 2008) and the Federal Air Marshals Service (FAMS) (Tsai et al., 2009) to assist with resource allocation decision. A key issue that has arisen in these applications is whether the models can accurately represent the uncertainty that domain experts have about the inputs used to construct the game models, including the preferences and capabilities of terrorist adversaries.

To apply game-theoretic reasoning, the first step in the analysis is to construct a precise game model. The typical approach (e.g., in the LAX and FAMS applications) is to construct a model using a combination of the available data and expert opinions. Unfortunately, the data is often limited or imprecise, especially in regard to information about the terrorist adversaries. For example, it can be difficult to predict precisely how attackers will weigh casualties, economic consequences, media exposure, and other factors when selecting targets.

Introduction

Transportation networks such as buses, trains, and airplanes carry millions of people per day and from to their destinations, making them a prime target for terrorists and extremely difficult for law enforcement agencies to protect. In 2001, the 9/11 attack on the World Trade Center in New York City with commercial airliners resulted in $27.2 billion of direct short term costs (Looney 2002) as well as a government-reported 2,974 lives lost. The 2004 Madrid commuter train bombings resulted in 191 lives lost, 1755 people wounded, and an estimated cost of 212 million Euros (Blanco et al., 2007). Finally, in the 2005 London subway and bus bombings, 52 innocent lives were lost, 700 others were injured, and the estimated economic cost was 2 billion pounds (Thornton, 2005).

In addition to preboarding security checkpoints patrols aboard the vehicles are another key defensive measure used by many organizations in these domains (Billante, 2003; Kenney, 1989). In all these networks, there are hundreds or thousands of vehicles to protect, making it difficult to create patrol schedules. Furthermore, since motivated aggressors will attempt to observe law-enforcement patterns and try to exploit the schedule, law-enforcement organizations have embraced the use of randomization in their scheduling practices. Also, in all these networks, it is not possible to simply assign law-enforcement personnel to vehicles in isolation, without considering the route the vehicle takes as well as departure and arrival times.

Introduction

Protecting the national infrastructure, such as airports, historical landmarks, or locations of political or economic importance, is a challenging task for police and security agencies around the world, one that is exacerbated by the threat of terrorism. The protection of important locations includes such tasks as monitoring all entrances or inbound roads and checking inbound traffic. However, limited resources mean that it is typically impossible to provide full security coverage at all times. Furthermore, adversaries can observe security arrangements over time and exploit any predictable patterns to their advantage. Randomizing schedules for patrolling, checking, or monitoring is thus an important tool in the police arsenal to avoid the vulnerability that comes with predictability. Even beyond protecting infrastructure, randomized patrolling is important in tasks varying from security on university campuses to normal police beats to border or maritime security (Billante 2003; Paruchuri et al. 2007; Ruan et al. 2005).

This paper focuses on a deployed software-assistant agent that can aid police or other security agencies in randomizing their security schedules. We face at least three key challenges in building such a software assistant. First, the assistant must provide quality guarantees in randomization by appropriately weighing the costs and benefits of the different options available. For example, if an attack on one part of an infrastructure would cause economic damage while an attack on another could potentially cost human lives, we must weigh the two options differently – giving higher weight (probability) to guarding the latter.

Introduction

Security, commonly defined as the ability to deal with intentional threats from other agents, is a major challenge for agents deployed in adversarial environments (Paruchuri et al., 2006). In this paper, we focus on adversarial domains in which the agents have limited information about the adversaries. Such adversarial scenarios arise in a wide variety of situations that are becoming increasingly important, such as patrol agents providing security for a group of houses or regions (Carroll et al., 2005; Paruchuri et al., 2007), UAVs monitoring a humanitarian mission (Beard and Mclain, 2003; Paruchuri et al., 2006), agents assisting in routine security checks at airports (Poole and Passantino, 2003), agents providing privacy in sensor network routing (Ozturk, Zhang, and Trappe, 2004), and agents maintaining anonymity in peer-to-peer networks (Borisov and Waddle, 2005).

This paper brings together some of our recent work on how to plan for agents acting in uncertain environments in the presence of adversaries (Paruchuri et al., 2006, 2007, 2008). This research has introduced two very different approaches to increasing security in agent systems and has lead to the ARMOR (Assistant for Randomized Monitoring over Routes) system, which has been deployed for security scheduling at the LAX airport since August 2007 (Murr, 2007; Paruchuri et al., 2008; Pita et al., 2008). Here we will present the main results and algorithms proposed in these two approaches and highlight the relationship between them.

Rational Power Series in One Variable

The theory of binomial posets developed in the previous chapter sheds considerable light on the “meaning” of generating functions and reduces certain types of enumerative problems to a routine computation. However, it does not seem worthwhile to attack more complicated problems from this point of view. The remainder of this book will for the most part be concerned with other techniques for obtaining and analyzing generating functions. We first consider the simplest general class of generating functions, namely, the rational generating functions. In this chapter we will concern ourselves primarily with rational generating functions in one variable; that is, generating functions of the form F(x) = Σn≥0f(n)xn that are rational functions in the ring K[[x]], where K is a field. This means that there exist polynomials P(x),Q(x) ∈ K[x] such that F(x) = P(x)Q(x)-1 in K[[x]]. Here it is assumed that Q(0) ≠ 0, so that Q(x)-1 exists in K[[x]]. The field of all rational functions in x over K is denoted K(x), so the ring of rational power series is given by K[[x]]∩K(x). For our purposes here it suffices to take K = ℂ or sometimes ℂ with some indeterminates adjoined.

The fundamental property of rational functions in ℂ[[x]] from the viewpoint of enumeration is the following.

Introduction

The history of plots and attacks on LAX suggests that it has achieved a level of importance in the minds of a diverse collection of terrorist organizations. The counterterrorism community is challenged by an intelligent and adaptive adversary who is prone to return to targets and continues to demonstrate sustained intent and an evolving attack methodology. LAX seems to present itself as an elusive trophy, as homeland security forces struggle, along with the rest of the world, to achieve and maintain a level of resistance capable of thwarting a man-enabled catastrophe.

“Over 5,000 deaths have resulted from terrorist attacks on civil aviation since 1980; about 200 deaths occurred in attacks on airports themselves, as opposed to aircraft.” Although the aviation domain has become the hardest critical infrastructure since the terror attack on September 11, 2001, it remains the most desirable for the attacker. There are essentially three fundamental strategies for attacking the aviation system – hijackings, bombings, and airport assaults. Security countermeasures designed to reduce the threat of in-flight incidents suggest attacks on airport facilities are probable.

A Brief History of Significant Events

Terrorism has long been a serious threat to the air transportation system of the United States and other nations. In 1972, three members of the Japanese Red Army initiated what is now known as the Lod Airport Massacre.

Introduction

The United States Transportation Security Administration (TSA) is tasked with protecting the nation's transportation systems. These systems are often large in scale and protecting them requires many personnel and security activities. One set of systems in particular is the over 400 airports. These airports serve approximately 28,000 commercial flights per day and up to approximately 87,000 total flights [Air Traffic Control]. To protect this large transportation network, the TSA employs approximately 48,000 Transportation Security Officers (TSA); who are responsible for implementing security activities at each.

Many people are aware of the common security activities, especially individual passenger screening. However, this is just one of many security layers TSA personnel implement to help prevent potential threats (TSA). These layers can involve hundreds of heterogeneous security activities executed by limited TSA personnel, leading to a complex resource-allocation challenge. Unfortunately, TSA cannot possibly run every security activity all the time and thus must decide how to appropriately allocate its resources among the layers of security activities.

To aid the TSA in scheduling resources in a risk-based manner, we take a multi-agent game-theoretic approach. Motivated by advantages of such an approach reported at AAMAS conferences (see Section 6.2.2), we utilize Stackelberg games, in which one agent (the leader) must commit to some strategy first and a second agent (the follower) can make his decision with knowledge of this commitment. Here, the TSA acts as a defender (i.e., the leader) who has a set of targets to protect, a number of security activities they can utilize to protect each target, and a limited number of resources to assign to these security activities.

Introduction

Providing security for transportation systems, computer networks, and other critical infrastructure is a large and growing problem. Central to many of these security problems is a resource allocation task. For example, a police force may have limited personnel to conduct patrols, operate checkpoints, and conduct random searches. Other scarce resources including bomb-sniffing canines, vehicles, and security cameras. The key question is how to efficiently allocate these resources to protect against a wide variety of potential threats.

The adversarial aspect of security domains poses unique challenges for resource allocation. A motivated attacker can gather information about security measures using surveillance and plan more effective attacks. Predictable resource allocations may be exploited by an attacker, greatly reducing resource effectiveness. A better approach for deploying security resources is to use randomization to increase the uncertainty of potential attackers. We develop new computational methods that use game-theoretic analysis to generate optimal randomized resource allocations for security domains.

Game theory offers a more sophisticated approach to randomization than simply “rolling dice.” It allows the analyst to factor differential risks and values into the game model, and incorporates game-theoretic predictions of how the attacker will respond to a given security policy. Recent work by Paruchuri et al. uses a game-theoretic approach to create randomized security policies for traffic checkpoints and canine patrols at the Los Angeles International Airport (LAX), which are deployed in the daily airport-security operations (Paruchuri et al., 2008; Pita et al., 2008).