Inoculation Strategies for Victims of Viruses and the Sum-of-Squares Partition ProblemKevin Chang

Joint work with James Aspnes and Aleksandr Yampolskiy

(Yale University)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Question Will you install anti-virus software

Norton AntiVirus 2005 = $4995

Value of your data = $35000

Infection probability = 110

Expected loss = $3500

Answer Probably not

Norton AntiVirus 2005 = $4995

Value of your data = $35000

Infection probability = 110

Expected loss = $3500

This selfish behaviorhellip hellipfails to achieve the social optimum

What if insteadhellip hellipa benevolent dictator decided which

computers install an anti-virus

Center node must install an anti-virus

or else

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Our Model

The network is an undirected graph G = (VE)

Installing anti-virus software is a single round non-cooperative game

The players are the network nodes V = 01hellipn-1

Our Model Strategies

Each node has two actions do nothing or inoculate itself

ai = probability that node i installs anti-virus software Write the strategies of all n players as vector

Our Model Attack Model

After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random

Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected

0

2

1

Our Model Attack Model (cont)

3

54

Example Only node 3 installs anti-virus software Adversary chooses to infect node 2

Our Model Attack Graph

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Attack Graph subgraph of G induced by removing nodes that install antivirus

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Question Will you install anti-virus software

Norton AntiVirus 2005 = $4995

Value of your data = $35000

Infection probability = 110

Expected loss = $3500

Answer Probably not

Norton AntiVirus 2005 = $4995

Value of your data = $35000

Infection probability = 110

Expected loss = $3500

This selfish behaviorhellip hellipfails to achieve the social optimum

What if insteadhellip hellipa benevolent dictator decided which

computers install an anti-virus

Center node must install an anti-virus

or else

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Our Model

The network is an undirected graph G = (VE)

Installing anti-virus software is a single round non-cooperative game

The players are the network nodes V = 01hellipn-1

Our Model Strategies

Each node has two actions do nothing or inoculate itself

ai = probability that node i installs anti-virus software Write the strategies of all n players as vector

Our Model Attack Model

After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random

Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected

0

2

1

Our Model Attack Model (cont)

3

54

Example Only node 3 installs anti-virus software Adversary chooses to infect node 2

Our Model Attack Graph

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Attack Graph subgraph of G induced by removing nodes that install antivirus

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Question Will you install anti-virus software

Norton AntiVirus 2005 = $4995

Value of your data = $35000

Infection probability = 110

Expected loss = $3500

Answer Probably not

Norton AntiVirus 2005 = $4995

Value of your data = $35000

Infection probability = 110

Expected loss = $3500

This selfish behaviorhellip hellipfails to achieve the social optimum

What if insteadhellip hellipa benevolent dictator decided which

computers install an anti-virus

Center node must install an anti-virus

or else

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Our Model

The network is an undirected graph G = (VE)

Installing anti-virus software is a single round non-cooperative game

The players are the network nodes V = 01hellipn-1

Our Model Strategies

Each node has two actions do nothing or inoculate itself

ai = probability that node i installs anti-virus software Write the strategies of all n players as vector

Our Model Attack Model

After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random

Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected

0

2

1

Our Model Attack Model (cont)

3

54

Example Only node 3 installs anti-virus software Adversary chooses to infect node 2

Our Model Attack Graph

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Attack Graph subgraph of G induced by removing nodes that install antivirus

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Answer Probably not

Norton AntiVirus 2005 = $4995

Value of your data = $35000

Infection probability = 110

Expected loss = $3500

This selfish behaviorhellip hellipfails to achieve the social optimum

What if insteadhellip hellipa benevolent dictator decided which

computers install an anti-virus

Center node must install an anti-virus

or else

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Our Model

The network is an undirected graph G = (VE)

Installing anti-virus software is a single round non-cooperative game

The players are the network nodes V = 01hellipn-1

Our Model Strategies

Each node has two actions do nothing or inoculate itself

ai = probability that node i installs anti-virus software Write the strategies of all n players as vector

Our Model Attack Model

After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random

Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected

0

2

1

Our Model Attack Model (cont)

3

54

Example Only node 3 installs anti-virus software Adversary chooses to infect node 2

Our Model Attack Graph

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Attack Graph subgraph of G induced by removing nodes that install antivirus

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

This selfish behaviorhellip hellipfails to achieve the social optimum

What if insteadhellip hellipa benevolent dictator decided which

computers install an anti-virus

Center node must install an anti-virus

or else

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Our Model

The network is an undirected graph G = (VE)

Installing anti-virus software is a single round non-cooperative game

The players are the network nodes V = 01hellipn-1

Our Model Strategies

Each node has two actions do nothing or inoculate itself

ai = probability that node i installs anti-virus software Write the strategies of all n players as vector

Our Model Attack Model

After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random

Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected

0

2

1

Our Model Attack Model (cont)

3

54

Example Only node 3 installs anti-virus software Adversary chooses to infect node 2

Our Model Attack Graph

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Attack Graph subgraph of G induced by removing nodes that install antivirus

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

What if insteadhellip hellipa benevolent dictator decided which

computers install an anti-virus

Center node must install an anti-virus

or else

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Our Model

The network is an undirected graph G = (VE)

Installing anti-virus software is a single round non-cooperative game

The players are the network nodes V = 01hellipn-1

Our Model Strategies

Each node has two actions do nothing or inoculate itself

ai = probability that node i installs anti-virus software Write the strategies of all n players as vector

Our Model Attack Model

After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random

Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected

0

2

1

Our Model Attack Model (cont)

3

54

Example Only node 3 installs anti-virus software Adversary chooses to infect node 2

Our Model Attack Graph

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Attack Graph subgraph of G induced by removing nodes that install antivirus

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Our Model

The network is an undirected graph G = (VE)

Installing anti-virus software is a single round non-cooperative game

The players are the network nodes V = 01hellipn-1

Our Model Strategies

Each node has two actions do nothing or inoculate itself

ai = probability that node i installs anti-virus software Write the strategies of all n players as vector

Our Model Attack Model

After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random

Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected

0

2

1

Our Model Attack Model (cont)

3

54

Example Only node 3 installs anti-virus software Adversary chooses to infect node 2

Our Model Attack Graph

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Attack Graph subgraph of G induced by removing nodes that install antivirus

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Our Model

The network is an undirected graph G = (VE)

Installing anti-virus software is a single round non-cooperative game

The players are the network nodes V = 01hellipn-1

Our Model Strategies

Each node has two actions do nothing or inoculate itself

ai = probability that node i installs anti-virus software Write the strategies of all n players as vector

Our Model Attack Model

After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random

Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected

0

2

1

Our Model Attack Model (cont)

3

54

Example Only node 3 installs anti-virus software Adversary chooses to infect node 2

Our Model Attack Graph

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Attack Graph subgraph of G induced by removing nodes that install antivirus

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Our Model Strategies

Each node has two actions do nothing or inoculate itself

ai = probability that node i installs anti-virus software Write the strategies of all n players as vector

Our Model Attack Model

After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random

Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected

0

2

1

Our Model Attack Model (cont)

3

54

Example Only node 3 installs anti-virus software Adversary chooses to infect node 2

Our Model Attack Graph

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Attack Graph subgraph of G induced by removing nodes that install antivirus

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Our Model Attack Model

After the nodes choose their strategies the adversary picks a starting point for infection uniformly at random

Node i gets infected if it has no anti-virus software installed and if any of its neighbors become infected

0

2

1

Our Model Attack Model (cont)

3

54

Example Only node 3 installs anti-virus software Adversary chooses to infect node 2

Our Model Attack Graph

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Attack Graph subgraph of G induced by removing nodes that install antivirus

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

0

2

1

Our Model Attack Model (cont)

3

54

Example Only node 3 installs anti-virus software Adversary chooses to infect node 2

Our Model Attack Graph

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Attack Graph subgraph of G induced by removing nodes that install antivirus

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Our Model Attack Graph

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Attack Graph subgraph of G induced by removing nodes that install antivirus

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Our Model Individual Costs

Anti-virus software costs C Loss from infection is L

Cost of strategy to node i

Here pi( ) = Pr[i is infected | i does not install an anti-virus]

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Our Model Social Cost

Social cost of is simply a sum of individual costs

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Nash Strategies Quick definition

Def Strategy profile is in Nash equilibrium if no node can improve its payoff by switching to a different strategy

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Nash Strategies Some intuition

Some Intuition Suppose ai=0 but node i expects that it will lie in component of size greater than t=CnL in attack graph

Prob[i infected] = tn Then its expected loss from infection is

gtL(CnL)n = C and it will switch to ai = 1

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Nash Strategies Characterization

Thm There is a threshold t=CnL such that each node in a Nash equilibrium will install an anti-virus if it would otherwise end up in

a component of expected size gt t in the attack graph will not install an anti-virus if it would end up in a

component of expected size lt t in the attack graph is indifferent between installing and not installing

when the expected size = t in the attack graph

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Nash Strategies (cont) Example Let C=05L=1 so that t=CnL=25

Then is not a Nash equilibrium

0 1

2 3

54

0

2 3

54

network graph G attack graph Ga= G - Ia

1

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Nash Strategies (cont) Thm It is NP-hard to compute a pure Nash

equilibrium with lowest (resp highest) cost Thm There exists a pure Nash equilibrium

which can be achieved by a distributed iterative process in 2n steps

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Price of Anarchy Price of anarchy measures how far away a

Nash equilibrium can be from the social optimum

Formally it is the worst-case ratio between cost of Nash equilibrium and cost of social optimum

For network G and costs C L we denote it

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

A lower bound

Consider a star graph K1n

Let C=L(n-1)n so that t=n-1

G = K1n

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Price of Anarchy (cont)

Then is an optimum strategy with cost C+L(n-1)n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Price of Anarchy (cont)

And is worst-cost Nash with cost C+L(n-1)2n

G = K1n

0

n-11

2

3n-2

hellip

Ga

0

n-11

2

3n-2

hellip

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Price of Anarchy (cont)Lower Bound For a star graph K1n

(G C L) = n2

Upper Bound For any graph G and any C L (G C L)le n

Thm Price of anarchy in our game is (G C L) = (n)

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Optimum Strategies

So allowing users to selfishly choose whether or not to install anti-virus software may be very inefficient

Instead letrsquos have a benevolent dictator compute and impose a solution maximizing overall welfare

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Optimum Strategies (cont)

Unfortunately

Thm It is NP-hard to compute an optimum strategy

Fortunately

Thm a strategy with cost at most O(log2 n) OPT can be computed in polytime

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Sum-of-Squares Partition

We can reduce the network security problem to the following

Problem By removing a set of at most m nodes partition the graph into mutually disconnected components Hi such that

i |Hi|2 is minimum

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Sum-of-Squares Partition (cont)

Thm We can find a set of O(log2 n)m nodes whose removal partitions the graph into components Hi

such that i |Hi|2 = O(1)OPT

Proof sketch

The approach is similar to greedy log n approximation algorithm for set cover We recursively partition the graph by repeatedly removing the node cut that gives the best ldquoper-node benefitrdquo

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Sum-of-squares partition (cont)

Suppose we remove node set R to cut a graph H into components Hi and Hj

cost effectiveness of cut R is (|H|2-|Hi|2- |Hj|2)|R| Lemma Leighton-Rao algorithm for node cuts will find

a cut with cost effectiveness within O(log n) of best cost effectiveness

O(log05 n) algorithms do not extend to directed cuts and thus cannot be used for node cuts

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

G

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Rough Outline of Algorithm

In first iteration partition the graph G into H1H2 by removing a sparse node cut

H1 H2

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Rough Outline of Algorithm

In subsequent iterations cut the Hi for which we find the cut with the best cost effectiveness

H1 H2

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Rough Outline of Algorithm

Complete details can be found in full version httpwwwcsyaleedu~aspnesinoculation-abstracthtml

H1H2 H3

Outline

Motivation Our Model Nash Strategies Optimum Strategies Sum-of-Squares Partition Problem Conclusion

Conclusion We proposed a simple game for modeling

containment of viruses in a network Nash equilibria of our game have a simple

characterization We showed that in the worst case they can be

far off from the optimum solution However a near-optimum deployment of anti-

virus software can be computed by reduction to the sum-of-squares partition problem

Open Problems

Introduce a discount (or taxation) mechanism into the system

Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph

Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio

Questions

Conclusion We proposed a simple game for modeling

containment of viruses in a network Nash equilibria of our game have a simple

characterization We showed that in the worst case they can be

far off from the optimum solution However a near-optimum deployment of anti-

virus software can be computed by reduction to the sum-of-squares partition problem

Open Problems

Introduce a discount (or taxation) mechanism into the system

Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph

Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio

Questions

Open Problems

Introduce a discount (or taxation) mechanism into the system

Consider a ldquosmartrdquo adversary who targets the biggest component in the attack graph

Is there an approximation algorithm for the sum-of-squares partition problem that removes fewer nodes or has a better approximation ratio

Questions

Questions