Inoculation strategies for victims of viruses

Inoculation Strategies for
Victims of Viruses and
the Sum-of-Squares
Partition Problem
James Aspnes, Kevin Chang,
and Aleksandr Yampolskiy
(Yale University)
Copyright (C) 2005 by Aleksandr
Yampolskiy

Outline

Ø Motivation
n Our Model
n Nash Strategies
n Optimal Strategies
n Sum-of-Squares Partition Problem
n Conclusion
Yampolskiy

Question: Will you install anti-virus
software?

Norton AntiVirus 2005 = $49.95

Value of your data = $350.00
Infection probability = 1/10
Expected loss = $35.00
Yampolskiy

Answer: Probably not.

Norton AntiVirus 2005 = $49.95

Value of your data = $350.00
Infection probability = 1/10
Expected loss = $35.00
Yampolskiy

This selfish behavior…
n …fails to achieve the social optimum.

Yampolskiy

What if instead…
n …a benevolent dictator decided which
computers install an anti-virus?

Center node
must install
an anti-virus
or else!
Yampolskiy

Outline

n Motivation
Ø Our Model
n Nash Strategies
n Conclusion
Yampolskiy

Our Model
n The network is an undirected graph
G = (V,E).
n Installing anti-virus software is a single
round non-cooperative game.
n The players are the network nodes:
V = {0,1,…,n-1}.

Yampolskiy

Our Model : Strategies
n Each node has two actions: do nothing or
inoculate itself.
n Strategy profile summarizes
players’ choices.
n ai = probability that node i installs anti-
virus software

Yampolskiy

Our Model : Attack Model
n After the nodes choose their strategies,
the adversary picks a starting point for
infection uniformly at random
n Node i gets infected if it has no anti-virus
software installed and if any of its
neighbors become infected.

Yampolskiy

Our Model : Attack Model (cont.)
n Example: Only node 3 installs anti-virus
software. Adversary chooses to infect
node 2.
0 1

2 3

4 5
Yampolskiy

Our Model : Attack Graph

0 1 0 1

2 3 2 3

4 5 4 5

network graph G Copyright (C) 2005 by Aleksandr
Yampolskiy
attack graph Ga= G - Ia

Our Model : Individual Costs
n Anti-virus software costs C. Expected loss
from virus is L.
n Cost of strategy to node i:

n Here, pi(a) = Pr[i is infected | i does not
install an anti-virus]

Yampolskiy

Our Model : Social Cost
n Social cost of is simply a sum of
individual costs:

Yampolskiy

Outline

n Motivation
n Our Model
Ø Nash Strategies
n Conclusion
Yampolskiy

Nash Strategies
n Def: Strategy profile is in Nash
equilibrium if no node can improve its
payoff by switching to a different strategy:
for i = 0,...,n-1 and any x 2 [0,1],

n Fact: Nash strategies do not optimize total
social cost (cf. Prisoner’s Dilemma)
Yampolskiy

Nash Strategies (cont.)

Thm: There is a threshold t=Cn/L such that each
node in a Nash equilibrium
¨ will install an anti-virus if it would otherwise end up in
a component of expected size > t
¨ will not install an anti-virus if it would end up in a
component of expected size < t.
¨ is indifferent between installing and not installing
when the expected size = t.

Yampolskiy

n Corollary: Let t = Cn/L. Then a pure
strategy is a Nash equilibrium if and only
if
¨ Every component in Ga has size · t
¨ Inserting any secure node j and its edges into
Ga yields a component of size ¸ t.

Yampolskiy

n Example: Let C=0.5,L=1 so that t=Cn/L=2.5.
Then is not a Nash equilibrium.

0 1 0 1

2 3 2 3

4 5 4 5
network graph G Yampolskiy attack graph Ga= G - Ia

Thm: It is NP-hard to compute a pure Nash
equilibrium with lowest (resp., highest) cost.
Proof sketch: By reduction to VERTEX COVER
(resp., INDEPENDENT DOMINATING SET) .
¨ Set C, L so that t=Cn/L=1.5.
¨ In a Nash equilibrium, (a) every vulnerable node
has all neighbors secure; (b) every secure node
has an insecure neighbor

Yampolskiy

n If V’µ V is a minimal vertex cover, then
installing software on its nodes satisfies
(a) because V’ is a vertex cover and (b)
because V’ is minimal.
n Conversely, if V’ are secure nodes in a
Nash equilibrium, then V’ is a vertex cover
by (a).

Yampolskiy

n Nash Theorem guarantees our game has
a mixed Nash equilibrium.
n But does it make sense talking about pure
Nash equilibria?

Yampolskiy

Yes, it does!

Thm: If at each step some node with
suboptimal strategy switches its strategy,
the system converges to a pure Nash
equilibrium in · 2n steps.

Yampolskiy

Price of Anarchy [KP99]
n Price of anarchy measures how far away a
Nash equilibrium can be from the social
optimum
n Formally, it is the worst-case ratio between
cost of Nash equilibrium and cost of social
optimum
n For network G and costs C, L, we denote it:

Yampolskiy

Price of Anarchy (cont.)
Lower Bound: For a star graph K1,n,
ρ(G, C, L) = n/2.
Upper Bound: For any graph G and any C, L,
ρ(G, C, L)· n.

Thm: Price of anarchy in our game is
ρ(G, C, L) = Θ(n).

Yampolskiy

Proof for lower bound:
Consider a star graph K1,n.
Let C=L(n-1)/n so that t=Cn/L=n-1.

1
n-1 2

n-2 3
0

…
G = K1,n
Yampolskiy

Then, is an optimum strategy with
cost C+L(n-1)/n.

1 1
n-1 2 n-1 2

n-2 3 n-2 3
0 0

… …
G = K1,n Yampolskiy Ga*

And is worst-cost Nash with
cost C+L(n-1)2/n.

1 1
n-1 2 n-1 2

n-2 3 n-2 3
0 0

… …
G = K1,n Yampolskiy Ga*

n Therefore,

n Proof for upper bound uses similar ideas.
Yampolskiy

Outline

n Motivation
n Our Model
n Nash Strategies
Ø Optimal Strategies
n Conclusion
Yampolskiy

Optimal Strategies
n So, allowing users to selfishly choose
whether or not to install anti-virus software
may be very inefficient
n Instead, let’s have a benevolent dictator
compute and impose a solution
maximizing overall welfare

Yampolskiy

Optimal Strategies (cont.)
n We can show:
Thm: Let t=Cn/L. If is an optimum
strategy, then every component in Ga has
size · max(1, (t+1)/2).

n Unfortunately,
Thm: It is NP-hard to compute an optimal
strategy.

Yampolskiy

Optimum Strategies (cont.)
n Naturally, we consider approximating the
solution.

k1=2
0 1 0 1 secure
nodes
2 3 2 3 Ia

k2=2
4 5 4 5

network graph G attack graph Ga=G - Ia
Yampolskiy

Optimum Strategies (cont.)
n For pure strategy , we have:

we concentrate on
this part
Yampolskiy

Outline

n Motivation
n Our Model
n Nash Strategies
Ø Sum-of-Squares Partition Problem
n Conclusion
Yampolskiy

Sum-of-Squares Partition
n We guess that there are m=|Ia| secure
nodes.
n Problem: By removing a set of at most
m · n nodes, partition the graph into
components H1, …, Hk such that ∑i |Hi|2 is
minimum.

Yampolskiy

Sum-of-Squares Partition (cont.)
Thm: We can find a set of O(log2 n)¢m nodes whose
removal partitions the graph into components
H1,…,Hk such that ∑i |Hi|2 · O(1)¢OPT.
Proof sketch: We use the Leighton-Rao sparse cut
algorithm [LR99]. The approach is similar to greedy
log n approximation algorithm for set cover. We
repeatedly remove the node cut that gives the best
per-node benefit.

Yampolskiy

Outline

n Motivation
n Our Model
n Nash Strategies
Ø Conclusion
Yampolskiy

Conclusion
n We proposed a simple game for modeling
containment of viruses in a network.
n Nash equilibria of our game have a simple
characterization.
n We showed that, in the worst case, they can be
far off from the optimal solution.
n However, a near-optimal deployment of anti-
virus software can be computed by reduction to
the sum-of-squares partition problem.

Yampolskiy

Open Problems
n Introduce a discount (or taxation) mechanism into the
system.
n Suppose nodes can lie about their level of security (or
about who their neighbors are). How do we make truth-
telling a dominant strategy?
n Consider a “smart” adversary who targets the biggest
graph component.
n How do we evaluate what C and L are?
n Is there an algorithm for the sum-of-squares partition
problem with a better approximation ratio?

Yampolskiy

Acknowledgments
Joan Feigenbaum, Hong Jiang, and Yang
Richard Yang

Yampolskiy

Thank you!

Yampolskiy

Inoculation strategies for victims of viruses

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (17)

Plus de Aleksandr Yampolskiy

Plus de Aleksandr Yampolskiy (9)

Dernier

Dernier (20)

Inoculation strategies for victims of viruses