Inoculation Strategies for Victims of Viruses and the Sum-of-Squares Partition Problem Kevin Chang...
-
Upload
randolf-gibbs -
Category
Documents
-
view
217 -
download
1
Transcript of Inoculation Strategies for Victims of Viruses and the Sum-of-Squares Partition Problem Kevin Chang...
Inoculation Strategies for Victims of Viruses and the Sum-of-Squares Partition ProblemKevin Chang
Joint work with James Aspnes and Aleksandr Yampolskiy
(Yale University)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Question Will you install anti-virus software
Norton AntiVirus 2005 = $4995
Value of your data = $35000
Infection probability = 110
Expected loss = $3500
Answer Probably not
Norton AntiVirus 2005 = $4995
Value of your data = $35000
Infection probability = 110
Expected loss = $3500
This selfish behaviorhellip hellipfails to achieve the social optimum
What if insteadhellip hellipa benevolent dictator decided which
computers install an anti-virus
Center node must install an anti-virus
or else
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Our Model
The network is an undirected graph G = (VE)
Installing anti-virus software is a single round non-cooperative game
The players are the network nodes V = 01hellipn-1
Our Model Strategies
Each node has two actions do nothing or inoculate itself
ai = probability that node i installs anti-virus software Write the strategies of all n players as vector
Our Model Attack Model
After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random
Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected
0
2
1
Our Model Attack Model (cont)
3
54
Example Only node 3 installs anti-virus software Adversary chooses to infect node 2
Our Model Attack Graph
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Attack Graph subgraph of G induced by removing nodes that install antivirus
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Question Will you install anti-virus software
Norton AntiVirus 2005 = $4995
Value of your data = $35000
Infection probability = 110
Expected loss = $3500
Answer Probably not
Norton AntiVirus 2005 = $4995
Value of your data = $35000
Infection probability = 110
Expected loss = $3500
This selfish behaviorhellip hellipfails to achieve the social optimum
What if insteadhellip hellipa benevolent dictator decided which
computers install an anti-virus
Center node must install an anti-virus
or else
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Our Model
The network is an undirected graph G = (VE)
Installing anti-virus software is a single round non-cooperative game
The players are the network nodes V = 01hellipn-1
Our Model Strategies
Each node has two actions do nothing or inoculate itself
ai = probability that node i installs anti-virus software Write the strategies of all n players as vector
Our Model Attack Model
After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random
Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected
0
2
1
Our Model Attack Model (cont)
3
54
Example Only node 3 installs anti-virus software Adversary chooses to infect node 2
Our Model Attack Graph
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Attack Graph subgraph of G induced by removing nodes that install antivirus
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Question Will you install anti-virus software
Norton AntiVirus 2005 = $4995
Value of your data = $35000
Infection probability = 110
Expected loss = $3500
Answer Probably not
Norton AntiVirus 2005 = $4995
Value of your data = $35000
Infection probability = 110
Expected loss = $3500
This selfish behaviorhellip hellipfails to achieve the social optimum
What if insteadhellip hellipa benevolent dictator decided which
computers install an anti-virus
Center node must install an anti-virus
or else
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Our Model
The network is an undirected graph G = (VE)
Installing anti-virus software is a single round non-cooperative game
The players are the network nodes V = 01hellipn-1
Our Model Strategies
Each node has two actions do nothing or inoculate itself
ai = probability that node i installs anti-virus software Write the strategies of all n players as vector
Our Model Attack Model
After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random
Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected
0
2
1
Our Model Attack Model (cont)
3
54
Example Only node 3 installs anti-virus software Adversary chooses to infect node 2
Our Model Attack Graph
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Attack Graph subgraph of G induced by removing nodes that install antivirus
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Answer Probably not
Norton AntiVirus 2005 = $4995
Value of your data = $35000
Infection probability = 110
Expected loss = $3500
This selfish behaviorhellip hellipfails to achieve the social optimum
What if insteadhellip hellipa benevolent dictator decided which
computers install an anti-virus
Center node must install an anti-virus
or else
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Our Model
The network is an undirected graph G = (VE)
Installing anti-virus software is a single round non-cooperative game
The players are the network nodes V = 01hellipn-1
Our Model Strategies
Each node has two actions do nothing or inoculate itself
ai = probability that node i installs anti-virus software Write the strategies of all n players as vector
Our Model Attack Model
After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random
Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected
0
2
1
Our Model Attack Model (cont)
3
54
Example Only node 3 installs anti-virus software Adversary chooses to infect node 2
Our Model Attack Graph
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Attack Graph subgraph of G induced by removing nodes that install antivirus
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
This selfish behaviorhellip hellipfails to achieve the social optimum
What if insteadhellip hellipa benevolent dictator decided which
computers install an anti-virus
Center node must install an anti-virus
or else
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Our Model
The network is an undirected graph G = (VE)
Installing anti-virus software is a single round non-cooperative game
The players are the network nodes V = 01hellipn-1
Our Model Strategies
Each node has two actions do nothing or inoculate itself
ai = probability that node i installs anti-virus software Write the strategies of all n players as vector
Our Model Attack Model
After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random
Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected
0
2
1
Our Model Attack Model (cont)
3
54
Example Only node 3 installs anti-virus software Adversary chooses to infect node 2
Our Model Attack Graph
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Attack Graph subgraph of G induced by removing nodes that install antivirus
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
What if insteadhellip hellipa benevolent dictator decided which
computers install an anti-virus
Center node must install an anti-virus
or else
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Our Model
The network is an undirected graph G = (VE)
Installing anti-virus software is a single round non-cooperative game
The players are the network nodes V = 01hellipn-1
Our Model Strategies
Each node has two actions do nothing or inoculate itself
ai = probability that node i installs anti-virus software Write the strategies of all n players as vector
Our Model Attack Model
After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random
Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected
0
2
1
Our Model Attack Model (cont)
3
54
Example Only node 3 installs anti-virus software Adversary chooses to infect node 2
Our Model Attack Graph
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Attack Graph subgraph of G induced by removing nodes that install antivirus
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Our Model
The network is an undirected graph G = (VE)
Installing anti-virus software is a single round non-cooperative game
The players are the network nodes V = 01hellipn-1
Our Model Strategies
Each node has two actions do nothing or inoculate itself
ai = probability that node i installs anti-virus software Write the strategies of all n players as vector
Our Model Attack Model
After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random
Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected
0
2
1
Our Model Attack Model (cont)
3
54
Example Only node 3 installs anti-virus software Adversary chooses to infect node 2
Our Model Attack Graph
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Attack Graph subgraph of G induced by removing nodes that install antivirus
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Our Model
The network is an undirected graph G = (VE)
Installing anti-virus software is a single round non-cooperative game
The players are the network nodes V = 01hellipn-1
Our Model Strategies
Each node has two actions do nothing or inoculate itself
ai = probability that node i installs anti-virus software Write the strategies of all n players as vector
Our Model Attack Model
After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random
Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected
0
2
1
Our Model Attack Model (cont)
3
54
Example Only node 3 installs anti-virus software Adversary chooses to infect node 2
Our Model Attack Graph
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Attack Graph subgraph of G induced by removing nodes that install antivirus
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Our Model Strategies
Each node has two actions do nothing or inoculate itself
ai = probability that node i installs anti-virus software Write the strategies of all n players as vector
Our Model Attack Model
After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random
Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected
0
2
1
Our Model Attack Model (cont)
3
54
Example Only node 3 installs anti-virus software Adversary chooses to infect node 2
Our Model Attack Graph
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Attack Graph subgraph of G induced by removing nodes that install antivirus
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Our Model Attack Model
After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random
Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected
0
2
1
Our Model Attack Model (cont)
3
54
Example Only node 3 installs anti-virus software Adversary chooses to infect node 2
Our Model Attack Graph
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Attack Graph subgraph of G induced by removing nodes that install antivirus
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
0
2
1
Our Model Attack Model (cont)
3
54
Example Only node 3 installs anti-virus software Adversary chooses to infect node 2
Our Model Attack Graph
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Attack Graph subgraph of G induced by removing nodes that install antivirus
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Our Model Attack Graph
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Attack Graph subgraph of G induced by removing nodes that install antivirus
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Our Model Individual Costs
Anti-virus software costs C Loss from infection is L
Cost of strategy to node i
Here pi( ) = Pr[i is infected | i does not install an anti-virus]
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Our Model Social Cost
Social cost of is simply a sum of individual costs
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Nash Strategies Quick definition
Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Nash Strategies Some intuition
Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph
Prob[i infected] = tn Then its expected loss from infection is
gtL(CnL)n = C and it will switch to ai = 1
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Nash Strategies Characterization
Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in
a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a
component of expected size lt t in the attack graph is indifferent between installing and not installing
when the expected size = t in the attack graph
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25
Then is not a Nash equilibrium
0 1
2 3
54
0
2 3
54
network graph G attack graph Ga= G - Ia
1
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash
equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium
which can be achieved by a distributed iterative process in 2n steps
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Price of Anarchy Price of anarchy measures how far away a
Nash equilibrium can be from the social optimum
Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum
For network G and costs C L we denote it
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
A lower bound
Consider a star graph K1n
Let C=L(n-1)n so that t=n-1
G = K1n
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Price of Anarchy (cont)
Then is an optimum strategy with cost C+L(n-1)n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Price of Anarchy (cont)
And is worst-cost Nash with cost C+L(n-1)2n
G = K1n
0
n-11
2
3n-2
hellip
Ga
0
n-11
2
3n-2
hellip
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Price of Anarchy (cont)Lower Bound For a star graph K1n
(G C L) = n2
Upper Bound For any graph G and any C L (G C L)le n
Thm Price of anarchy in our game is (G C L) = (n)
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Optimum Strategies
So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient
Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Optimum Strategies (cont)
Unfortunately
Thm It is NP-hard to compute an optimum strategy
Fortunately
Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Sum-of-Squares Partition
We can reduce the network security problem to the following
Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that
i |Hi|2 is minimum
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Sum-of-Squares Partition (cont)
Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi
such that i |Hi|2 = O(1)OPT
Proof sketch
The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Sum-of-squares partition (cont)
Suppose we remove node set R to cut a graph H into components Hi and Hj
cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find
a cut with cost effectiveness within O(log n) of best cost effectiveness
O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
G
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Rough Outline of Algorithm
In first iteration partition the graph G into H1H2 by removing a sparse node cut
H1 H2
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Rough Outline of Algorithm
In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness
H1 H2
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Rough Outline of Algorithm
Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml
H1H2 H3
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Outline
Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Conclusion We proposed a simple game for modeling
containment of viruses in a network Nash equilibria of our game have a simple
characterization We showed that in the worst case they can be
far off from the optimum solution However a near-optimum deployment of anti-
virus software can be computed by reduction to the sum-of-squares partition problem
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Open Problems
Introduce a discount (or taxation) mechanism into the system
Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph
Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio
Questions
Questions