Decarbonising Buildings: Making a net-zero built environment a reality
Inoculation strategies for victims of viruses
1. Inoculation Strategies for
Victims of Viruses and
the Sum-of-Squares
Partition Problem
James Aspnes, Kevin Chang,
and Aleksandr Yampolskiy
(Yale University)
Copyright (C) 2005 by Aleksandr
Yampolskiy
2. Outline
Ø Motivation
n Our Model
n Nash Strategies
n Optimal Strategies
n Sum-of-Squares Partition Problem
n Conclusion
Copyright (C) 2005 by Aleksandr
Yampolskiy
3. Question: Will you install anti-virus
software?
Norton AntiVirus 2005 = $49.95
Value of your data = $350.00
Infection probability = 1/10
Expected loss = $35.00
Copyright (C) 2005 by Aleksandr
Yampolskiy
4. Answer: Probably not.
Norton AntiVirus 2005 = $49.95
Value of your data = $350.00
Infection probability = 1/10
Expected loss = $35.00
Copyright (C) 2005 by Aleksandr
Yampolskiy
5. This selfish behavior…
n …fails to achieve the social optimum.
Copyright (C) 2005 by Aleksandr
Yampolskiy
6. What if instead…
n …a benevolent dictator decided which
computers install an anti-virus?
Center node
must install
an anti-virus
or else!
Copyright (C) 2005 by Aleksandr
Yampolskiy
7. Outline
n Motivation
Ø Our Model
n Nash Strategies
n Optimal Strategies
n Sum-of-Squares Partition Problem
n Conclusion
Copyright (C) 2005 by Aleksandr
Yampolskiy
8. Our Model
n The network is an undirected graph
G = (V,E).
n Installing anti-virus software is a single
round non-cooperative game.
n The players are the network nodes:
V = {0,1,…,n-1}.
Copyright (C) 2005 by Aleksandr
Yampolskiy
9. Our Model : Strategies
n Each node has two actions: do nothing or
inoculate itself.
n Strategy profile summarizes
players’ choices.
n ai = probability that node i installs anti-
virus software
Copyright (C) 2005 by Aleksandr
Yampolskiy
10. Our Model : Attack Model
n After the nodes choose their strategies,
the adversary picks a starting point for
infection uniformly at random
n Node i gets infected if it has no anti-virus
software installed and if any of its
neighbors become infected.
Copyright (C) 2005 by Aleksandr
Yampolskiy
11. Our Model : Attack Model (cont.)
n Example: Only node 3 installs anti-virus
software. Adversary chooses to infect
node 2.
0 1
2 3
4 5
Copyright (C) 2005 by Aleksandr
Yampolskiy
12. Our Model : Attack Graph
0 1 0 1
2 3 2 3
4 5 4 5
network graph G Copyright (C) 2005 by Aleksandr
Yampolskiy
attack graph Ga= G - Ia
13. Our Model : Individual Costs
n Anti-virus software costs C. Expected loss
from virus is L.
n Cost of strategy to node i:
n Here, pi(a) = Pr[i is infected | i does not
install an anti-virus]
Copyright (C) 2005 by Aleksandr
Yampolskiy
14. Our Model : Social Cost
n Social cost of is simply a sum of
individual costs:
Copyright (C) 2005 by Aleksandr
Yampolskiy
15. Outline
n Motivation
n Our Model
Ø Nash Strategies
n Optimal Strategies
n Sum-of-Squares Partition Problem
n Conclusion
Copyright (C) 2005 by Aleksandr
Yampolskiy
16. Nash Strategies
n Def: Strategy profile is in Nash
equilibrium if no node can improve its
payoff by switching to a different strategy:
for i = 0,...,n-1 and any x 2 [0,1],
n Fact: Nash strategies do not optimize total
social cost (cf. Prisoner’s Dilemma)
Copyright (C) 2005 by Aleksandr
Yampolskiy
17. Nash Strategies (cont.)
Thm: There is a threshold t=Cn/L such that each
node in a Nash equilibrium
¨ will install an anti-virus if it would otherwise end up in
a component of expected size > t
¨ will not install an anti-virus if it would end up in a
component of expected size < t.
¨ is indifferent between installing and not installing
when the expected size = t.
Copyright (C) 2005 by Aleksandr
Yampolskiy
18. Nash Strategies (cont.)
n Corollary: Let t = Cn/L. Then a pure
strategy is a Nash equilibrium if and only
if
¨ Every component in Ga has size · t
¨ Inserting any secure node j and its edges into
Ga yields a component of size ¸ t.
Copyright (C) 2005 by Aleksandr
Yampolskiy
19. Nash Strategies (cont.)
n Example: Let C=0.5,L=1 so that t=Cn/L=2.5.
Then is not a Nash equilibrium.
0 1 0 1
2 3 2 3
4 5 4 5
Copyright (C) 2005 by Aleksandr
network graph G Yampolskiy attack graph Ga= G - Ia
20. Nash Strategies (cont.)
Thm: It is NP-hard to compute a pure Nash
equilibrium with lowest (resp., highest) cost.
Proof sketch: By reduction to VERTEX COVER
(resp., INDEPENDENT DOMINATING SET) .
¨ Set C, L so that t=Cn/L=1.5.
¨ In a Nash equilibrium, (a) every vulnerable node
has all neighbors secure; (b) every secure node
has an insecure neighbor
Copyright (C) 2005 by Aleksandr
Yampolskiy
21. Nash Strategies (cont.)
n If V’µ V is a minimal vertex cover, then
installing software on its nodes satisfies
(a) because V’ is a vertex cover and (b)
because V’ is minimal.
n Conversely, if V’ are secure nodes in a
Nash equilibrium, then V’ is a vertex cover
by (a).
Copyright (C) 2005 by Aleksandr
Yampolskiy
22. Nash Strategies (cont.)
n Nash Theorem guarantees our game has
a mixed Nash equilibrium.
n But does it make sense talking about pure
Nash equilibria?
Copyright (C) 2005 by Aleksandr
Yampolskiy
23. Nash Strategies (cont.)
Yes, it does!
Thm: If at each step some node with
suboptimal strategy switches its strategy,
the system converges to a pure Nash
equilibrium in · 2n steps.
Copyright (C) 2005 by Aleksandr
Yampolskiy
24. Price of Anarchy [KP99]
n Price of anarchy measures how far away a
Nash equilibrium can be from the social
optimum
n Formally, it is the worst-case ratio between
cost of Nash equilibrium and cost of social
optimum
n For network G and costs C, L, we denote it:
Copyright (C) 2005 by Aleksandr
Yampolskiy
25. Price of Anarchy (cont.)
Lower Bound: For a star graph K1,n,
ρ(G, C, L) = n/2.
Upper Bound: For any graph G and any C, L,
ρ(G, C, L)· n.
Thm: Price of anarchy in our game is
ρ(G, C, L) = Θ(n).
Copyright (C) 2005 by Aleksandr
Yampolskiy
26. Price of Anarchy (cont.)
Proof for lower bound:
Consider a star graph K1,n.
Let C=L(n-1)/n so that t=Cn/L=n-1.
1
n-1 2
n-2 3
0
…
Copyright (C) 2005 by Aleksandr
G = K1,n
Yampolskiy
27. Price of Anarchy (cont.)
Then, is an optimum strategy with
cost C+L(n-1)/n.
1 1
n-1 2 n-1 2
n-2 3 n-2 3
0 0
… …
Copyright (C) 2005 by Aleksandr
G = K1,n Yampolskiy Ga*
28. Price of Anarchy (cont.)
And is worst-cost Nash with
cost C+L(n-1)2/n.
1 1
n-1 2 n-1 2
n-2 3 n-2 3
0 0
… …
Copyright (C) 2005 by Aleksandr
G = K1,n Yampolskiy Ga*
29. Price of Anarchy (cont.)
n Therefore,
n Proof for upper bound uses similar ideas.
Copyright (C) 2005 by Aleksandr
Yampolskiy
30. Outline
n Motivation
n Our Model
n Nash Strategies
Ø Optimal Strategies
n Sum-of-Squares Partition Problem
n Conclusion
Copyright (C) 2005 by Aleksandr
Yampolskiy
31. Optimal Strategies
n So, allowing users to selfishly choose
whether or not to install anti-virus software
may be very inefficient
n Instead, let’s have a benevolent dictator
compute and impose a solution
maximizing overall welfare
Copyright (C) 2005 by Aleksandr
Yampolskiy
32. Optimal Strategies (cont.)
n We can show:
Thm: Let t=Cn/L. If is an optimum
strategy, then every component in Ga has
size · max(1, (t+1)/2).
n Unfortunately,
Thm: It is NP-hard to compute an optimal
strategy.
Copyright (C) 2005 by Aleksandr
Yampolskiy
33. Optimum Strategies (cont.)
n Naturally, we consider approximating the
solution.
k1=2
0 1 0 1 secure
nodes
2 3 2 3 Ia
k2=2
4 5 4 5
network graph G attack graph Ga=G - Ia
Copyright (C) 2005 by Aleksandr
Yampolskiy
34. Optimum Strategies (cont.)
n For pure strategy , we have:
we concentrate on
this part
Copyright (C) 2005 by Aleksandr
Yampolskiy
35. Outline
n Motivation
n Our Model
n Nash Strategies
n Optimal Strategies
Ø Sum-of-Squares Partition Problem
n Conclusion
Copyright (C) 2005 by Aleksandr
Yampolskiy
36. Sum-of-Squares Partition
n We guess that there are m=|Ia| secure
nodes.
n Problem: By removing a set of at most
m · n nodes, partition the graph into
components H1, …, Hk such that ∑i |Hi|2 is
minimum.
Copyright (C) 2005 by Aleksandr
Yampolskiy
37. Sum-of-Squares Partition (cont.)
Thm: We can find a set of O(log2 n)¢m nodes whose
removal partitions the graph into components
H1,…,Hk such that ∑i |Hi|2 · O(1)¢OPT.
Proof sketch: We use the Leighton-Rao sparse cut
algorithm [LR99]. The approach is similar to greedy
log n approximation algorithm for set cover. We
repeatedly remove the node cut that gives the best
per-node benefit.
Copyright (C) 2005 by Aleksandr
Yampolskiy
38. Outline
n Motivation
n Our Model
n Nash Strategies
n Optimal Strategies
n Sum-of-Squares Partition Problem
Ø Conclusion
Copyright (C) 2005 by Aleksandr
Yampolskiy
39. Conclusion
n We proposed a simple game for modeling
containment of viruses in a network.
n Nash equilibria of our game have a simple
characterization.
n We showed that, in the worst case, they can be
far off from the optimal solution.
n However, a near-optimal deployment of anti-
virus software can be computed by reduction to
the sum-of-squares partition problem.
Copyright (C) 2005 by Aleksandr
Yampolskiy
40. Open Problems
n Introduce a discount (or taxation) mechanism into the
system.
n Suppose nodes can lie about their level of security (or
about who their neighbors are). How do we make truth-
telling a dominant strategy?
n Consider a “smart” adversary who targets the biggest
graph component.
n How do we evaluate what C and L are?
n Is there an algorithm for the sum-of-squares partition
problem with a better approximation ratio?
Copyright (C) 2005 by Aleksandr
Yampolskiy