Allocating patrolling resources to effectively thwart intelligent attackers

Lowbridge, Thomas (2021) Allocating patrolling resources to effectively thwart intelligent attackers. PhD thesis, University of Nottingham.

[thumbnail of Final submitted Thesis.pdf]
Preview
PDF (Thesis - as examined) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Available under Licence Creative Commons Attribution.
Download (3MB) | Preview

Abstract

This thesis considers the allocation of patrolling resources deployed in an effort to thwart intelligent attackers, who are committing malicious acts at unknown locations which take a specified length of time to complete. This thesis considers patrolling games which depend on three parameters; a graph, a game length and an attack length. For patrolling games, the graph models the locations and how they are connected, the game length corresponds to the time-horizon in which two players, known as the patroller and attacker, act and the attack length is the time it takes an attacker to complete their malicious act. This thesis defines patrolling games (as first seen in [16]) and explains its known properties and how such games are solved. While any patrolling game can be solved by a linear program (LP) when the number of locations or game length is small, this becomes infeasible when either of these parameters are of moderate size. Therefore, strategies are often evaluated by knowing an opponent’s response and with this, patroller and attacker strategies give lower and upper bounds on the optimal value. Moreover, when tight bounds are given by strategies these are optimal strategies. This thesis states known strategies giving these bounds and classes for which patrolling games have been solved. Firstly, this thesis introduces new techniques which can be used to evaluate strategies, by reducing the strategy space for best responses from an opponent. Extensions to known strategies are developed and their respective bounds are given using known results. In addition we develop a patroller improvement program (PIP) which improves current patroller strategies by considering which locations are currently under performing. Secondly, these general techniques and strategies are applied to find solutions to a certain class of patrolling games which are not previously solved. In particular, classes of the patrolling game are solved when the graph is multipartite or is an extension of a star graph. Thirdly, this thesis conjectures that a developed patroller strategy known as the random minimal full-node cycle is optimal for a large class of patrolling games, when the graph is a tree. Intuitive reasoning behind the conjecture is given along with computational evidence, showing the conjecture holds when the number of locations in the graph is less than 9. Finally, this thesis looks at three extensions to the scenario modelled by the patrolling game. One extension models varying distances between locations rather than assuming locations are a unitary distance apart. Another extension allows the time needed for an attacker to complete their malicious act to vary depending on the vulnerability of the location. For the final extension of multiple players we look at four variants depending on how multiple attackers succeed in the extension. In each extension we find some properties of the game and show that it possible to relate # extensions to the classic patrolling game in order to find the value and optimal strategies for certain classes of such games.

Item Type: Thesis (University of Nottingham only) (PhD)
Supervisors: Sirl, David
Ball, Frank
Hodge, David
Keywords: cyber security, computer security, mathematical modelling, algorithms, patrolling game
Subjects: Q Science > QA Mathematics > QA 75 Electronic computers. Computer science
Faculties/Schools: UK Campuses > Faculty of Science > School of Mathematical Sciences
Item ID: 65009
Depositing User: Lowbridge, Thomas
Date Deposited: 04 Aug 2021 04:41
Last Modified: 04 Aug 2021 04:41
URI: https://eprints.nottingham.ac.uk/id/eprint/65009

Actions (Archive Staff Only)

Edit View Edit View