^{1}

^{2}

^{1}

^{2}

Coalition games have been recently used for modeling a variety of security problems. From securing the wireless transmissions in decentralized networks to employing effective intrusion detection systems in large organizations, cooperation among interested parties has shown to bring significant benefits. Motivating parties to abide to a solution is,
however, a key problem in bridging the gap between
theoretical models and practical solutions. Benefits
should be distributed among players (wireless nodes
in a network, different divisions of an organization in security risk management, or organizations
cooperating to fight spam), such that no group of
players is motivated to break off and form a new
coalition. This problem, referred to as

In the recent years, there has been a growing interest for modeling defenders in different security problems with coalition games. This is mainly due to results which confirm that many security goals can be better reached through cooperation among the interested parties. Millions of connected computers and networks of them have turned security to a problem characterized by interdependence [

With regard to cyber attacks originated from any particular country, a recent study [

Building suitable models based on cooperation for a variety of security problems has been the subject of some recent studies. Coalition game theory has been used for security risk management [

Cooperative game theory studies the problem of revenue allocation for a set of

The definition of a cooperative game involves an exponential number (in the number of players) of values, one for each subset of players. Moreover, the definitions of many solution concepts, for example, the core [

In this paper, we present bounding-boxed core (BBC), an approximate revenue allocation algorithm for large cooperative security games that are intractable to be solved using traditional algorithms such as linear programming. Previous work in security revenue allocation investigate all coalitions and their corresponding values before computing the core. This is not feasible with large number of players, that is, organizations that attempt to protect security of their assets, because increasing number of players result in exponential growth of the coalition space. Our algorithm, to the best of our knowledge, is the first algorithm to provide an approximate solution to this problem. In addition, we utilize the special characteristics of the core, namely, its convexity, to analyze the approximation error and provide bounds on the worst case errors.

This paper is organized as follows. In Section

We start by describing a simplified security problem and subsequently formally define a cooperative security game. Assume a finite set of organizations denoted by

Given a pair

As an illustrative example, consider a set of online shopping sites which are willing to cooperate against intrusion detection attacks by sharing worm and virus signatures identified by their antivirus systems. The valuable assets in this scenario consists of a database of credit-card information. We consider a dollar value as the security profit associated with an attack. Let us consider two of these shopping sites

Additional requirements for fairness, stability, and rationality lead to different sets of allocations, which are generally referred to as solution concepts. Here, we shall discuss the most important one that is the core.

Sum of the coalitions' separate values.

The concept of the core was first introduced by Gillies [

The core of a game

The constraints imposed on

In the security community, there has been considerable effort in introducing models based on cooperation for defenders of a security attack, see for example [

The above mentioned papers mostly consider the problem of coalition formation. In this paper, we consider another important problem, namely, revenue allocation. Much of cooperative game theory is built around the question of distributing the collective income in fair and rational manners. Different philosophies result in different solution concepts that constitute the bargaining set family, that is, the various bargaining sets [

One of the most important problems regarding the core is

Since the core is usually empty, some related solution concepts arise from the core via relaxing its constraints. Shapley and Shubik [

Later, Tijs and Driesssen [

All of the above mentioned algorithms need to investigate all coalitions and their corresponding values before computing the core; however, this is not feasible in cooperative games with large number of players due to the exponential growth of the coalition space.

The bounding-boxed Core (BBC) algorithm is a practical best-effort approach to distribute the collective security profit in an approximately fair manner among the involved organizations (players) in a given large cooperative security game

More specifically, BBC consists of two main stages: tightening bounding box, and approximate core allocation. The former is an iterative global search algorithm to solve an axis-aligned smallest enclosing box problem. It finds the minimum-hypervolume

In this section, the iterative bounding box tightening algorithm is explained in details. The goal is to find the minimum-hypervolume bounding box enclosing the core

Therefore, we assign as shown in (

The initial bounding box

At each iteration

To determine the optimal breaking point, let us consider an arbitrary parent node which covers a subset of players

Similar conditions hold for children nodes, that is,

The right child also updates her bounds using the same justification. Consequently, the optimal breaking point

Figure

A Sample 3-player game: tightening the initial boundingbox.

In the previous section, we described how a given permutation of players is used in constructing a binary tree for tightening the bounding box. The permutation used, can be chosen at random, or as we describe in this section, it can be produced by an evolutionary algorithm which tends to generated permutations which result in larger reductions of the bounding box volume. During each iteration

Initially,

During each iteration

The next step is to generate the next generation population of permutations

This iterative search process is repeated until a termination condition has been reached. Terminating conditions can be defined regarding various criteria, such as:

Once the bounding box around feasible points in the core is generated (see Section

However,

In other words, the distance between a point and a set is the infimum of the distances between the point and those in the set.

Here, we exploit the convexity of the core in analyzing the worst case error of the the approximate core,

We first obtain

Hence,

As a case in point, let

For higher dimensional spaces, that is, games with more than

In this section, we present the results from our prototype implementation of BBC on a case study large cooperative game. The system we used for implementation was a 2.20 GHz AMD Athlon 64 processor 3700+ with 2.00 GB of memory and Windows XP SP3 operating system. Because of large number of coalitions the bottleneck is usually the memory that caused our first prototype to crash; hence, we reimplemented the whole algorithm in C++ from scratch using more sophisticated data structures to speed up the iterative search and reduce memory consumption.

Here, we present the evaluation results of the BBC algorithm for a cooperative game with 25 players in which there are about 34 million coalitions of players.

Figure

Number of coalitions in each coalition class with particular no. of players.

Maximum characteristic value distribution on coalition classes.

Given the characteristic values for the cooperative game, we start iterative tightening of the 25-dimensional bounding box. Figure

Bounding box tightening result for each dimension in

Finally, bounding box volume reduction, during the iterative tightening algorithm, is shown in Figure

Bounding box volume improvement during iterative search.

In this paper, we present an approximate core allocation algorithm, called the bounding-boxed core (BBC), for cooperative security games with large number of organizations (players). Since the definition of core involves an exponential number of constraints in terms of the number of organizations, it is infeasible to solve this problem for exact solutions. We present an analysis of the maximum approximation error incurred by BBC. We also proposed a heuristic search algorithm based on Genetic algorithms to search the input space. Experimental results show that BBC significantly speeds up core allocation. In modeling cooperation among large number of organizations, this is an important step in achieving a practical solution in limited time.