TheHumanElement: AddressingHumanAdversariesinSecurityDomains by JamesPita ADissertationPresentedtothe FACULTYOFTHEUSCGRADUATESCHOOL UNIVERSITYOFSOUTHERNCALIFORNIA InPartialFulfillmentofthe RequirementsfortheDegree DOCTOROFPHILOSOPHY (COMPUTERSCIENCE) December2012 Copyright 2012 JamesPita Acknowledgments AnindividualandspecialthankyoubelongstomyadviserMilindTambe. Icannotbegintothank youenoughforyoursteadfasteffort,determination,anddedicationtoeachofyourstudents. Not only are you the exemplar of what an adviser should be, but you are genuinely cherished by anyone who has had the pleasure to work with you. You have made this experience altogether remarkable due to your outstanding guidance and more importantly your sincere friendship. I would also like to thank my committee members for helping to guide my research and think beyond it: Jonathan Gratch, Richard John, Sarit Kraus, Stacy Marsella, and Nicholas Weller. I wouldparticularlyliketothankSaritKrausforherunparalleledinsights,guidance,andassistance throughout my career and Richard John for helping me to expand my understanding of experi- mentalapproaches. Furthermore,Iwouldliketothankmyco-authorsovertheyears: BoAn,Har- ish Bellamane, Shane Cullen, Manish Jain, Richard John, Christopher Kiekintveld, Sarit Kraus, Jun-young Kwak, Reuma Magori-Cohen, Rajiv Maheswaran, Janusz Marecki, Thanh Nguyen, FernandoOrdo´n˜ez,PraveenParuchuri,ChristopherPortway,ShyamsunderRathi,MichaelScott, EricShieh,ErinSteigerwald,MilindTambe,JasonTsai,CraigWestern,RongYang,andZhengyu Yin. Yourdedicatedefforts,assistance,guidance,andhardworkmadethisexperienceexception- allybetter. ii Beyond my mentors and collaborators, I would like to thank CREATE, the Los Angeles WorldAirport(LAWA)police,andtheTransportationSecurityAdministrationforgivingmethe opportunitytoworkonreal-worldproblemsthathaveadirectimpactonthecommunity. Aspecial thank you to Erroll Southers for tirelessly promoting ARMOR as a viable approach for critical securityproblems,ErnestCruzforhiscountlesshoursdevelopingtheoriginalARMORsoftware package, and Shane Cullen and Erin Steigerwald for their efforts in developing the GUARDS system. I also want to thank my colleagues at USC and the greater TEAMCORE community. YouhaveallhelpedmakethesepastyearsaspecialexperienceformeandIwillneverforgetall thetimeswehavesharedandallthehelpandguidanceyouhavegivenme. Aspecialthanksgoes toJanuszMareckiforallthelaughsandadviceovertheyears. IwouldalsoliketothankGodfor thistremendousopportunity. Finally, morethanthankyougoestomymotherDianePita, father Eugene Pita, and brother Michael Pita. Thank you for a lifetime of support in everything and anything that I do. Without your unconditional love and support I would not have been able to get where I am today. Thank you for making me push my limits, explore the world around me, and expand my horizons. Thank you for all the sacrifices you have made to get me here and for yourneverendingguidance,effort,support,andlove. Thankyouforbeingthecornerstoneofmy life. iii Table of Contents Acknowledgments ii ListofFigures vii Abstract ix Chapter1: Introduction 1 1.1 ProblemAddressed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2.1 COBRA/MATCH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2.2 SecurityCircumventionGames . . . . . . . . . . . . . . . . . . . . . . 8 1.3 GuidetoThesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Chapter2: Background 11 2.1 StakelbergGames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2 BayesianStackelbergGames . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.3 StrongStackelbergEquilibrium. . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.4 DOBSSandBaselineAlgorithms . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.4.1 DOBSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.4.2 UNIFORM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.4.3 MAXIMIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.5 BRQR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.6 SecurityStackelbergGames . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 2.7 LosAngelesInternationalAirport . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.8 HumanSubjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Chapter3: RelatedWork 32 3.1 ComputingOptimalStackelbergEquilibria . . . . . . . . . . . . . . . . . . . . 32 3.1.1 EfficientSolutionstogeneralBayesianStackelberggames . . . . . . . . 32 3.1.2 EfficientSolutionsforLarge-ScaleSecurityGames . . . . . . . . . . . . 35 3.2 ComputingRobustStrategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.3 AddressingSuboptimalDecisions . . . . . . . . . . . . . . . . . . . . . . . . . 38 iv Chapter4: COBRAAlgorithm 42 4.1 KeyIdeas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 4.1.1 BoundedRationality . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 4.1.2 AnchoringTheory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 4.2 RobustAlgorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 4.2.1 COBRA(0,(cid:15)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 4.2.2 COBRA(α,0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 4.2.3 COBRA(α,(cid:15)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 4.2.4 Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 4.3 EquivalencesBetweenModels . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 4.4 ExperimentPurpose,Design,andResults . . . . . . . . . . . . . . . . . . . . . 56 4.4.1 PurposeofthisStudy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 4.4.2 ExperimentalDesign . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 4.4.2.1 Participants . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 4.4.2.2 RewardStructure . . . . . . . . . . . . . . . . . . . . . . . . 58 4.4.2.3 ObservabilityConditions . . . . . . . . . . . . . . . . . . . . 60 4.4.2.4 AlgorithmsandParameters . . . . . . . . . . . . . . . . . . . 62 4.4.2.5 ExperimentalProcedure . . . . . . . . . . . . . . . . . . . . . 66 4.4.3 ExperimentalResults . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 4.4.3.1 KeyObservations . . . . . . . . . . . . . . . . . . . . . . . . 70 4.4.3.2 StatisticalSignificance. . . . . . . . . . . . . . . . . . . . . . 71 4.4.3.3 AnalysisofResults . . . . . . . . . . . . . . . . . . . . . . . 74 4.4.4 HandlingObservationalUncertainty . . . . . . . . . . . . . . . . . . . . 78 4.4.5 RuntimeResults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Chapter5: MATCHAlgorithm 87 5.1 MATCHAlgorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 5.2 ExperimentPurpose,Design,andResults . . . . . . . . . . . . . . . . . . . . . 95 5.2.1 PurposeofthisStudy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 5.2.2 ExperimentalDesign . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 5.2.2.1 Participants . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 5.2.2.2 RewardStructure . . . . . . . . . . . . . . . . . . . . . . . . 98 5.2.2.3 ExperimentalProcedure . . . . . . . . . . . . . . . . . . . . . 100 5.2.3 ResultsforOriginalStructures . . . . . . . . . . . . . . . . . . . . . . . 103 5.2.4 ResultsforNewRewardStructures . . . . . . . . . . . . . . . . . . . . 104 5.3 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 5.4 λ-Re-estimation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 5.5 RuntimeResults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Chapter6: SecurityCircumventionGames 112 6.1 TSASecurityChallenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 6.1.1 ModelingtheTSAResourceAllocationChallenges . . . . . . . . . . . . 114 6.1.1.1 DefenderStrategies . . . . . . . . . . . . . . . . . . . . . . . 115 6.1.1.2 AttackerActions . . . . . . . . . . . . . . . . . . . . . . . . . 116 6.1.2 CompactRepresentationforEfficiency . . . . . . . . . . . . . . . . . . 117 v 6.1.2.1 ThreatModelingforTSA . . . . . . . . . . . . . . . . . . . . 117 6.1.2.2 CompactRepresentation . . . . . . . . . . . . . . . . . . . . . 119 6.2 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 6.2.1 SecurityPolicyAnalysis . . . . . . . . . . . . . . . . . . . . . . . . . . 122 6.2.2 RuntimeAnalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Chapter7: Conclusions 127 7.1 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 7.2 FutureWork . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Bibliography 133 AppendixA: StatisticalSignificanceTests 139 A.1 StatisticalSignificanceTestsforCOBRA . . . . . . . . . . . . . . . . . . . . . 139 A.2 StatisticalSignificanceTestsforMATCH . . . . . . . . . . . . . . . . . . . . . 140 AppendixB: RewardStructures 141 AppendixC: Strategies 160 AppendixD: ExpectedRewardsforCOBRAExperiments 197 AppendixE: ExpectedResponsePercentagesforCOBRAExperiment 199 AppendixF: StrategiesforvaryingαinCOBRA(α,2.5) 200 AppendixG: ExperimentalInstructions 204 G.1 MaterialforCOBRAExperiments . . . . . . . . . . . . . . . . . . . . . . . . . 204 G.2 MaterialforMATCHExperiments . . . . . . . . . . . . . . . . . . . . . . . . . 207 G.2.1 ObviousGames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 G.3 ExperimentInstructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 vi List of Figures 2.1 LAXSecurity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.1 GameInterface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 4.2 SingleObservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 4.3 Averageleaderexpectedvalue . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 4.4 Unobservedcondition-Expectedaveragereward . . . . . . . . . . . . . . . . . 80 4.5 Strategyentropyforvaryingαvalues . . . . . . . . . . . . . . . . . . . . . . . . 81 4.6 Averageexpectedvaluesforvaryingαundertheunlimitedobservationcondition 82 4.7 Comparingruntimes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 5.1 GameInterface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 5.2 1-NormScatterPlots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 5.3 Originalrewardstructures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 5.4 ScatterPlotofResults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 5.5 Re-estimatedRewardStructures . . . . . . . . . . . . . . . . . . . . . . . . . . 110 5.6 Runtimeresults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 6.1 PolicyAnalysis: Increasingresourcesfor10areaswith3securityactivitiesperarea123 6.2 X-axis: Areas,Y-axis: Runtime . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 6.3 Runtime: Increasingresourcesfor10areaswith3securityactivitiesperarea . . . 126 vii G.1 GameInterface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 G.2 SingleObservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 viii Abstract Recently, game theory has been shown to be useful for reasoning about real-world security set- tings where security forces must protect critical assets from potential adversaries. In fact, there have been a number of deployed real-world applications of game theory for security (e.g., AR- MORatLosAngelesInternationalAirportandIRISfortheFederalAirMarshalsService). Here, the objective is for the security force to utilize its limited resources to best defend their critical assets. An important factor in these real-world security settings is that the adversaries involved are humans who may not behave according to the standard assumptions of game-theoretic models. There are two key shortcomings of the approaches currently employed in these recent applica- tions. First,humanadversariesmaynotmakethepredictedrationaldecision. Insuchsituations, where the security force has optimized against a perfectly rational opponent, a deviation by the human adversary can lead to adverse affects on the security force’s predicted outcome. Second, humanadversariesarenaturallycreativeandsecuritydomainsarehighlydynamic, makingenu- merationofallpotentialthreatsapracticallyimpossibletaskandsolvingtheresultinggame,with currentleadingapproaches,wouldbeintractable. My thesis contributes to a very new area that combines algorithmic and experimental game- theory. Indeed,itexaminesacriticalprobleminapplyinggame-theoretictechniquestosituations ix where perfectly rational solvers must address human adversaries. In doing so it advances the study and reach of game theory to domains where software agents and humans may interact. More specifically, to address the first shortcoming, my thesis presents two separate algorithms to address potential deviations from the predicted rational decision by human adversaries. Ex- perimental results, from a simulation that is motivated by a real-world security domain at Los AngelesInternationalairport,demonstratedthatbothofmyapproachesoutperformthecurrently deployed optimal algorithms which utilize standard game-theoretic assumptions and additional alternative algorithms against humans. In fact, one of my approaches is currently under evalua- tioninareal-worldapplicationtoaidinresourceallocationdecisionsfortheUnitedStatesCoast Guard. Towards addressing the second shortcoming of enumeration of a large number of potential adversarythreatcapabilities, Iintroduceanewgame-theoreticmodelforefficiency, whichaddi- tionallygeneralizesthepreviouslyacceptedmodelforsecuritydomains. Thisnewgame-theoretic modelforaddressinghumanthreatcapabilitieshasseenreal-worlddeploymentandisundereval- uationtoaidtheUnitedStatesTransportationSecurityAdministrationintheirresourceallocation challenges. x