Wagner (1975) gives a general goal for any enumeration algorithm as follows: “What we want are techniques that partially enumerate a manageable number of possibilities and implicitly enumerate the rest” (p. 473). The method of systematically discarding provably suboptimal combinations of decision variables is called Implicit Enumeration (IE). Formally, IE refers to “a systematic evaluation of all possible [feasible] solutions without explicitly evaluating all of them” (INFORMS, 2015). We develop an IE algorithm for defender-attacker-defender (DAD) problems that enumerates defense plans in a specific order. We use a bounding argument based on evaluating the resulting attacker-defender (AD) subproblem to significantly reduce the amount of enumeration required.
IE represents an alternative algorithm to obtain solutions for DAD problem instances. IE does not use the traditional nested decomposition algorithm in Chapter 1. Our enumeration algorithm manipulates the defense budget to restrict and relax the feasible region of the defense variables (Ψ) in DAD model (2.1a). Our IE algorithm systematically fixes defense variables (W) and solves a series of bi-level AD models shown in (2.1b). The IE algorithm can also find multiple equivalent solutions to a problem instance when they occur. Similarly, if all solutions within a given percentage of the optimal solution are desired, IE can generate all of possible objective function values and the combinations of variables needed for each solution.
( )
min max min ( , , )
W X YW f W X Y (2.1a) ˆ ( ) ˆ max min ( , , ) X YW f W X Y (2.1b)
The IE algorithm creates a tree of AD subproblems beginning with the restriction of the defense budget to zero units at the root node, followed by incremental relaxations of the defense budget at subsequent nodes. Every node in our enumeration tree represents
an instance of an AD subproblem with a fixed defense plan (Wˆ ) that produces a corresponding worst-case attack (X). The children of this parent node are specified by adding one more fixed defense (Wˆ ) to the defense plan if its corresponding AD subproblem results in either a change to the worst-case attack (X) or an improvement of the objective function value. Enumeration of fixed defenses in child nodes is ended when the relaxed defense budget reaches its original value.
In this chapter, we utilize the DAD minimum cost flow problem formulation and the 16 node fuel transportation network (Alderson et al., 2015) described in Chapter I. In the remainder of this chapter, we assume that there are exactly two defense options for each edge: d0 means no defense (or no construction for an edge that does not have
capacity in the undefended case) and d1 represents the sole defense option for any edge
that can be defended or built. We use the term defended to refer to edges for which we choose option d1 and “undefended” for edges which we choose option d0. In cases where
we want to model more than these two defense options for an edge, our discussion generalizes in a straightforward way.
1. Enumeration of Defenses in the Literature
Scaparra and Church (2008) develop an enumeration algorithm to solve a specific optimization problem called the “R-Interdiction Median with Fortification” (RIMF) problem, which is concerned with the defense of a limited number of facilities against attack. These authors uses duality within (2.1b) to treat a tri-level optimization problem with a bi-level model in (2.1c).
X,, ,
ˆ
max f W X( , , , )
(2.1c)
Scaparra and Church state “In our specific case, the attacker–user problem can be modeled as a single-level mixed-integer [program] (MIP), so that what is in principle a tri-level defender–attacker–user problem can be reduced to a bi-level min–max problem” (2008, p. 1906). Scaparra and Church take advantage of the operator model continuous variables (Y) in order to reduce the bi-level AD model (2.1b) into a single level
optimization model similar to (2.1c). IE has not been successfully implemented on a tri- level DAD optimization problem without using duality. Scaparra and Church state “To the best of the authors’ knowledge, no efficient algorithms have been proposed to deal with three-stage defender-attacker-user problems” (2008, p. 1906).
In the RIMF problem, Scaparra and Church (2008) observe that the optimal defense against a worst-case attack must include at least one of the items that would be attacked if the system was undefended. To prove their point, the authors choose a starting point in IE of an undefended system, where all of the defense variables are fixed to zero, and observe the worst-case attack. Next, the authors observe that the only way to prevent the worst-case attack from occurring again is to defend one of the items that was attacked in the undefended scenario. The authors reason that “this observation can be easily explained by noticing that if none of the facilities in the optimal interdiction set is protected, then it is still possible to interdict all of them and the worst possible case of interdiction is not prevented” (2008, p. 1910).
This observation serves as one of the key concepts for our IE theory. At each node of IE, a subproblem is formed and a worst-case attack is observed. The AD subproblem in RIMF is similar to (2.1c). In the RIMF problem, the next layer of the IE tree is created by enumerating a fixed defense (Wˆ ) for each of the observed attacks in an AD sub problem. The authors realize that any other defense that is not responding to a specific attack is not going to prevent that same attack from occurring again. Therefore, if the next defense chosen in the subsequent round of IE does not specifically prevent the worst attack from occurring again, then the selection of that particular defense at that particular time must be a suboptimal choice.
2. Contributions to IE Theory
To the best of our knowledge, this is the first IE scheme of its type designed for the general DAD model. We provide an enumeration scheme similar to that proposed by Scaparra and Church (2008), but enhanced to handle the more general case. Our research makes two advances in IE theory. First, we expand IE theory to include more general tri- level DAD models. Our algorithm has the ability to use the dual MIP approach (2.1c) and
it can also incorporate solution procedures using (2.1b) for other tri-level DAD models where the dual MIP technique cannot be used. In this case, IE of fixed defenses results in bi-level AD sub problems that can be solved with traditional methods.
Our second contribution to IE theory is that our algorithms include the ability for IE to include network design as a potential defense for a tri-level DAD model. We introduce the ability to add new edges as system defenses. In the RIMF problem, Scaparra and Church (2008) note that defending each of the worst-case attacks one by one will lead to changes in the worst-case attack, and therefore they should be the only candidates for defenses. In the more general DAD setting, however, a defense variable can refer to the creation of new components. If the capacity of an undefended arc is zero, but the capacity of a defended arc is non-zero, then that arc only exists if we defend it. We define new edge transport capacity (u) to be zero when the edge is not added to the network (d0), and greater than zero when it is added to the network as a defense (d1). In this case, our enumeration must allow that new edges can alter the performance of the system, and therefore can reduce the impact of the worst-case attack.
Proposition 2–1: The addition of new edges is a feasible defense strategy against worst- case attack.
In the RIMF problem, prevention of a worst-case attack must include defending at least one of the items in the worst-case attack. We prove that this observation does not hold for a general DAD problem instance where new edges can be used as defenses with a counterexample. We consider the test network with a defense budget of four units and attack budget of two units. The undefended attack plan would be to attack edges (2, 7) and (9, 13) resulting in a system cost of 62. The optimal defense is to build the new edges (3, 8) and (5, 10), which does not involve defending one of the original attacked edges. Furthermore, the optimal system cost has improved to 37 and the attackers new best attack plan is to interdict edges (8, 12) and (11, 12). The resulting best defense of the network no longer involves the original attacked edges, or any existing edge in the original network. The two graphs in Figure 3 show the results, with defended edges in blue and attacked edges with a red “X.”
Undefended Worst-case Attack Optimal Defense and Worst Attack
Figure 3. Optimal Defense with Addition of Edges on Test Network
Our counterexample shows there are other choices in the general DAD problem besides defending existing edges to prevent an observed worst-case attack. The challenge is to determine an efficient algorithm to enumerate defenses when new edges can be added to defend a system.