trilevel optimization of homeland-defense problems jerry brown matt carlyle kevin wood operations...
Post on 06-Jan-2018
220 Views
Preview:
DESCRIPTION
TRANSCRIPT
Trilevel Optimization of Trilevel Optimization of Homeland-Defense ProblemsHomeland-Defense Problems
Jerry BrownMatt CarlyleKevin Wood
Operations Research Dept.
4 October 2007
2
Modeling AdversariesModeling Adversaries• How do we account for the actions of
malicious, intelligent adversaries?
• We can try to assess means, motive, opportunity, etc.– Many experts on various groups and cultures
involved– Many models proposed in DoD, DHS, and in
the literature
3
Bioterrorism MotivationBioterrorism Motivation• Original model we saw was an 18 stage Probabilistic Risk
Assessment (PRA) tree
• Branching for terrorist stages (“events”) modeled with probabilities (and conditional probabilities) – derived from an average over several SME inputs... – ...each of which was derived from a stoplight diagram
• Latin hypercube sampling provided scenario (path) probabilities
• Other models yielded “consequences” at each scenario leaf
• Expected(scenario probability X consequence) = risk• Risk analyses yielded a ranking of terrorist options
4
Models of Random BehaviorModels of Random Behavior• Perfectly suited for Mother Nature
– Storm forecasts– Hurricane tracking– Drought durations– Lightning strikes
• Adapted to other highly complex systems– Stock market– Retail demand forecasting– Engineering reliability– Many other successful applications
5
Models of Random BehaviorModels of Random Behavior• Typically driven by a set of key model
parameters– Means– Rates of growth– Drift– Variance
• Models fit from past performance data– What if no past performance exists?– Or we have poor model fits for estimates...
6
Subject Matter ExpertsSubject Matter Experts• SMEs can provide a wealth of
information for complex models• Data frequently must be elicited by the
modelers– Interviews and questionnaires– Stoplight diagrams (!)
• SMEs rarely (never?) use the words “always” or “never”
7
BioterrorismBioterrorism• Where will a terrorist attack take place?• What pathogen?• How will they release it?• When?
• SMEs using stoplight diagrams will end up providing a positive “probability” on almost every possible outcome.
8
(Bio-)Terrorists(Bio-)Terrorists• Probability-based risk models reduce
terrorist events to “acts of nature”
• We know that terrorists observe the current situation and adapt
• Terrorists are intelligent, malicious adversaries, and will not attack randomly.
9
Our (Very Brief) BackgroundOur (Very Brief) Background• Large-Scale Optimization
• Network Models of Logistics and Infrastructure Systems
• Optimal Attack and Defense of Critical Infrastructure
• Bioterrorism: Strategic Investments to Minimize US Vulnerability to Worst-Case Bio Attacks
10
Critical InfrastructureCritical Infrastructure
Subways
Power grids
Pipelines Railroads
Airports
11
Developing Bilevel and Developing Bilevel and Trilevel Optimization Trilevel Optimization
ModelsModels
12
Bilevel (Attacker-Defender) ModelsBilevel (Attacker-Defender) Models
• Two opponents: attacker and defender• Defender operates efficiently (say, at
minimum cost) using existing infrastructure
• Attacker seeks to damage infrastructure to maximize defender’s costs, with limited resources
13
Bilevel ModelBilevel Model• X: Attacker chooses an attack that
damages defender system components
• Y: Defender observes X, and operates resulting system optimally
14
Optimal AttackOptimal Attack
min 'max
' '0
yxy b A
y G g
x
xy
x
The typical attack problem is formulated as follows:(cost interdiction)
We do not have COTS technology to solve these “max-min” problems directly.
15
ReformulationReformulation
m max 'a
0
xx
A
g
b
x
G x
x
However, reformulating the inner problem… (taking the dual…)
16
Crashed PERTShortest Path
Logistics, Fuel DistributionMateriel Flow from N. KoreaBallistic Missile DefenseNaval Base DefenseDelay Iranian Nuclear Weapon
AssignmentPure NetworkMulticommodity FlowLeontief Models Economic WarfareLP and NLP (Convex) Electrical Grid
Bilevel ApplicationsBilevel Applications
Over 100 red-team case studies of various real infrastructure systems, and more
17
Bilevel (Defender-Attacker) ModelsBilevel (Defender-Attacker) Models
• Defender invests in defensive options • Attacker maximizes damage based on
observed defenses
Fast Detection of Biological Fast Detection of Biological Attack in the DC MetroAttack in the DC Metro
19
Pentagon
King Street
Metro
China Gallery
Fort Totten
Stadium - Armory
Shady Grove
GlenmontGreenbelt
Vienna/Fairfax-GMU
New Carrollton
Addison Rd – Seat Pleasant
Branch Ave
Franconia - Springfield Huntington
L’ EnfantPlaza
Rosslyn
Dupont Circle
3 Detectors.Detection Opportunity: 31 min
Detector location
Worst case attack
Results: Three Detectors Results: Three Detectors
20
Results: Detectors vs. Time Results: Detectors vs. Time
21
Trilevel OptimizationTrilevel Optimization• Defender makes a budget-limited
investment in defense option(s)
• Attacker observes defense investment, and chooses an attack
• Defender observes attack, and responds based on prior investment to reduce impact of attack
1: Protecting the US 1: Protecting the US Strategic Petroleum ReserveStrategic Petroleum Reserve
23n108
n103
n102n101
n104
t14
n100
n124
n106
n107
t15
t16
n109n112
n105
n110n111
n116
n119
n121
n122
n115
n114
n118
t21
t19
n120
n117
n125
n133
n141
n136
n123
n1002
n128
n130
n126
n127
n132
n139
n138
n137
n131
n129
n140
n135
n134
t2
t13t12
t5
t6
t7
t18
t1
t17
t4
t3
n1001
t22 t9t8
t10
t11
t20
Scenario 2 – “Sources are Scenario 2 – “Sources are Hardened”Hardened”
t11
n121
n1002 SourcesSourcesPumps/Transfer StationsPumps/Transfer StationsSinksSinks
0%
10%20%
30%
40%50%
60%
70%
80%90%
100%
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Number of Interdictions
Perc
ent o
f Rem
aini
ng F
low
FLOW
24n108
n103
n102n101
n104
t14
n100
n124
n106
n107
t15
t16
n109n112
n105
n110n111
n116
n119
n121
n122
n115
n114
n118
t21
t19
n120
n117
n125
n133
n141
n136
n123
n1002
n128
n130
n126
n127
n132
n139
n138
n137
n131
n129
n140
n135
n134
t2
t13t12
t5
t6
t7
t18
t1
t17
t4
t3
n1001
t22 t9t8
t10
t11
t20
t11
n121
n1002 SourcesSourcesPumps/Transfer StationsPumps/Transfer StationsSinksSinks
FLOW
Scenario 3 – “Backbone Scenario 3 – “Backbone Protection”Protection”
0%
10%20%
30%
40%50%
60%
70%
80%90%
100%
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Number of Interdictions
Perc
ent o
f Rem
aini
ng F
low
Back to the Bioterrorism Back to the Bioterrorism Application...Application...
26
Trilevel Bioterror ModelTrilevel Bioterror Model• W: Defender makes a budget-limited
investment in defense option(s)
• X: Attacker observes W, and chooses a pathogen, location, time, etc.
• Y: Defender observes X, and activates mitigation options, based on prior decision W, to reduce damage of X
27
Trilevel Optimization ModelTrilevel Optimization Model
,
,, , , ,
, , ,
, , , ,,
,
* min max min (D0)
1 (D1)
1 (A1)
(M1)
, (M2)
{0,1}, 0, 0 , ,d a d m
ad d ma ad a d d a m d mw yx d a d a m
dd
aa
k d m d m k d dd m d
d m d d
d
z damage w x mitigate x y
w
x
q y r w k K
y w d D m M
w x y d D a A m M
28
A Three-stage Decision TreeA Three-stage Decision Tree
.
.
.
.
.
.
.
.
.
.
.
.
W
X
Y
, , ,d a d a mdamage mitigatedw ax ,d my.
.
.
29
ExtensionsExtensions• What about 18 stages?
– max max max min min max max min min max .....
• In our optimization models, adjacent stages with the same objective can combine into one stage (same decision maker)
• Adjacent stages with continuous decision variables (e.g., probabilities) can be interchanged (a von-Neumann-style min-max theorem)
• This lead us to a three-stage model, hence our trilevel optimization
30
ResultsResults• Our optimization model restricts defender to
making a specific investment (or discrete set of investments)
• Attacker can choose probability distribution over attack options
• Defender responses are specific to each attack
31
Results: Our Key InsightResults: Our Key Insight• We prefer to use the inputs usually provided to
SMES as inputs to our model, with SME guidance
• Our defensive investment is optimal, and any attacker mixed strategy is the worst-case attacker effort
• We have seen instances where it is optimal for the attacker to choose a “mixed strategy”
• These mathematically-derived, mixed-strategy probabilities are a result of our analysis, not an input to it
32
Current Research: SecrecyCurrent Research: Secrecy• What if one side is unaware of some
capabilities of the other?– Example: Terrorists can see investments, but are
unaware of our mitigation capabilities
• Non-zero-sum models. Attacker and defender do not share the same objective.– Bilevel (or multi-level) integer programming– Akin to bimatrix games– Very difficult to solve
33
ExamplesExamples• Electric Power Grid (DoJ, DHS, DoE, funded)
– DAD: harden substations to minimize load shed over time• Counter-proliferation of WMDs (LLNL, unfunded)
– AD: choose project tasks to interdict to cause maximal delay• Ballistic Missile Defense (NWDC, funded)
– DAD: preposition BMD assets to minimize worst-case expected damage• Secure Facility Protection (ONR, funded)
– DAD: install security measures to reduce infiltration risk• Bioterrorism threat reduction (NRC, NAS, unfunded)
– DAD: invest in defensive strategies for future mitigation against array of threats
• (U) Social Network Analysis (DoD, partially funded)– AD: Remove key individuals to maximally retard flow of information,
funds, influence, etc.
34
ContactsContacts
Contact Info: Prof. Gerald Brown gbrown@nps.eduProf. Matthew Carlyle mcarlyle@nps.edu Prof. Kevin Wood kwood@nps.eduOperations Research Dept. Naval Postgraduate School
35
ReferencesReferences• Brown, G., Carlyle, M., Salmerón, J. and Wood, K., 2006a, “
Defending Critical Infrastructure,” Interfaces, 36, pp. 530-544.
• Brown, G., Carlyle, M., Salmerón, J. and Wood, K., 2005a, “Analyzing the Vulnerability of Critical Infrastructure to Attack, and Planning Defenses,” in Tutorials in Operations Research: Emerging Theory, Methods, and Applications, H. Greenberg and J. Smith, eds., Institute for Operations Research and Management Science, Hanover, MD.
• Brown, G., Carlyle M., Harney R., Skroch E., Wood, K., 2006b, “Anatomy of a Project to Produce a First Nuclear Weapon,” Science and Global Security, 14, pp. 163-182.
• Brown, G., Carlyle, M., Diehl, D., Kline, J. and Wood, K., 2005b, “A Two-Sided Optimization for Theater Ballistic Missile Defense,” Operations Research, 53 , pp. 263-275.
• Brown, G., Carlyle, M., Harney, R., Skroch, E. and Wood, K., 2007, “Interdicting a Nuclear Weapons Project,” in review.
• Salmerón, J., Wood, K. and Baldick, R., 2004, “Analysis of Electric Grid Security Under Terrorist Threat,” IEEE Transactions on Power Systems, 19(2), pp. 905-912.
top related