Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Defense Against Shortest Path Attacks

Benjamin A. Miller, Zohair Shafi, Wheeler Ruml, Yevgeniy Vorobeychik, Tina Eliassi-Rad, Scott Alfeld

TL;DR

The paper tackles adversarial manipulation of shortest-path routing by introducing a defender strategy that perturbs edge weights published to users. Framed as a Stackelberg game, the defender anticipates attacker edge removals intended to force a target path, balancing user experience against increasing attack costs. It proves the zero-sum variant is NP-hard, and offers a practical greedy PATHDEFENSE heuristic plus local LP optimization to produce feasible, cost-effective defenses. Across synthetic and real networks, PATHDEFENSE dramatically reduces attack probability with only modest increases in user travel costs, suggesting meaningful practical protection against shortest-path attacks. The work highlights the role of game-theoretic defense in network routing and points to future work on guarantees and scalable implementations.

Abstract

Identifying shortest paths between nodes in a network is an important task in many applications. Recent work has shown that a malicious actor can manipulate a graph to make traffic between two nodes of interest follow their target path. In this paper, we develop a defense against such attacks by modifying the edge weights that users observe. The defender must balance inhibiting the attacker against any negative effects on benign users. Specifically, the defender's goals are: (a) recommend the shortest paths to users, (b) make the lengths of the shortest paths in the published graph close to those of the same paths in the true graph, and (c) minimize the probability of an attack. We formulate the defense as a Stackelberg game in which the defender is the leader and the attacker is the follower. We also consider a zero-sum version of the game in which the defender's goal is to minimize cost while achieving the minimum possible attack probability. We show that the defense problem is NP-hard and propose heuristic solutions for both the zero-sum and non-zero-sum settings. By relaxing some constraints of the original problem, we formulate a linear program for local optimization around a feasible point. We present defense results with both synthetic and real networks and show that our methods often reach the lower bound of the defender's cost.

Defense Against Shortest Path Attacks

TL;DR

The paper tackles adversarial manipulation of shortest-path routing by introducing a defender strategy that perturbs edge weights published to users. Framed as a Stackelberg game, the defender anticipates attacker edge removals intended to force a target path, balancing user experience against increasing attack costs. It proves the zero-sum variant is NP-hard, and offers a practical greedy PATHDEFENSE heuristic plus local LP optimization to produce feasible, cost-effective defenses. Across synthetic and real networks, PATHDEFENSE dramatically reduces attack probability with only modest increases in user travel costs, suggesting meaningful practical protection against shortest-path attacks. The work highlights the role of game-theoretic defense in network routing and points to future work on guarantees and scalable implementations.

Abstract

Identifying shortest paths between nodes in a network is an important task in many applications. Recent work has shown that a malicious actor can manipulate a graph to make traffic between two nodes of interest follow their target path. In this paper, we develop a defense against such attacks by modifying the edge weights that users observe. The defender must balance inhibiting the attacker against any negative effects on benign users. Specifically, the defender's goals are: (a) recommend the shortest paths to users, (b) make the lengths of the shortest paths in the published graph close to those of the same paths in the true graph, and (c) minimize the probability of an attack. We formulate the defense as a Stackelberg game in which the defender is the leader and the attacker is the follower. We also consider a zero-sum version of the game in which the defender's goal is to minimize cost while achieving the minimum possible attack probability. We show that the defense problem is NP-hard and propose heuristic solutions for both the zero-sum and non-zero-sum settings. By relaxing some constraints of the original problem, we formulate a linear program for local optimization around a feasible point. We present defense results with both synthetic and real networks and show that our methods often reach the lower bound of the defender's cost.
Paper Structure (25 sections, 6 theorems, 15 equations, 7 figures, 4 tables, 5 algorithms)

This paper contains 25 sections, 6 theorems, 15 equations, 7 figures, 4 tables, 5 algorithms.

Table of Contents

  1. Introduction
  2. Problem Definition
  3. Notation
  4. Stackelberg Game
  5. Attacker
  6. Defender
  7. Defender's Cost Function
  8. Optimization
  9. Non-Convex Optimization Formulation
  10. Zero-Sum Formulation
  11. Heuristic Method
  12. Local Optimization Around a Feasible Point
  13. Experiments
  14. Experimental Setup
  15. Results
  16. ...and 10 more sections

Key Result

Theorem 3.1

The optimal $\Delta_{p^*}$ in (eq:minDelta) will not disconnect $G$.

Figures (7)

  • Figure 1: A simple example of the defense method. With no perturbation ($\delta=0$), $p^*$ can become the shortest path from $s$ to $t$ if only 1 edge is cut, whereas for $\delta\geq 2$, 3 edges must be removed. If the attacker has a budget of at least 3, however, the attack would cause more disruption, and the resulting cost to the defender would be higher. For example, if $\{s,v_1\}$, $\{s, v_3\}$, and $\{s,v_7\}$ are cut, all traffic between $s$ and $v_1$ or $v_3$ will take a much longer path than it would have when $\delta=0$.
  • Figure 3: Cost of PATHDEFENSE when all target paths share terminals. Lower cost is better for the defender. Plots include the average cost (solid line) and the cost range across trials (shaded area). (a) Cost broken down by component for BA, WS, and UKMET graphs with 4 target paths. There is a substantial reduction in cost due to the probability of adversary success being reduced, and the cost due to errors in published distances is minimal for BA and WS, whereas $L_e$ increases a substantial amount in the UKMET data, as it is difficult to avoid traversing perturbed edges. (b) Defender costs, normalized by a lower bound, for ER (top), USAIR (middle), and HT (bottom) graphs. Results are shown for the original budget and $\lambda$ (left), when the attacker budget is doubled (center), and when $\lambda$ is reduced by five times (right). The average zero-sum result is also shown (dashed line). As expected, increasing the adversary's budget results in slower convergence, and decreasing the attack success cost reduces the improvement provided by PATHDEFENSE.
  • Figure 4: Results when the attacker targets an extra-community path (left), in comparison to when targets are incrementally longer short paths (right), in SBM (top) and AS (bottom) graphs. Plots include the average cost (solid line) and the cost range across trials (shaded area), as well as the average zero-sum result (dash line). (The zero-sum procedure is only reported for SBM; it did not complete within 24 hours for AS.) PATHDEFENSE yields lower relative cost in the case where the target path is incrementally longer than the true shortest path than in the extra-community case.
  • Figure 5: Cost of PATHDEFENSE for all synthetic datasets under various conditions. Each row plots the results for a different dataset, and results are shown for the original budget and $\lambda$ (left column), when the attacker budget is doubled (center column), and when the cost of attacker success is reduced by five times (right column). All target paths use the same terminal nodes. Plots include the average cost (solid line) and the cost range across trials (shaded area), as well as the average zero-sum result (dash line). All cases follow a similar trajectory: an initial decrease in cost followed by a mild increase.
  • Figure 6: Cost of PATHDEFENSE for all real datasets under various conditions. Each row plots the results for a different dataset, and results are shown for the original budget and $\lambda$ (left column), when the attacker budget is doubled (center column), and when the cost of attacker success is reduced by five times (right column). All target paths use the same terminal nodes. Plots include the average cost (solid line) and the cost range across trials (shaded area), as well as the average zero-sum result (dash line), with the exception of the AS graph, where the zero-sum procedure did not complete in 24 hours and are omitted. Running PATHDEFENSE on both transportation graphs yield a decrease in cost followed by an increase, while the cost with the computer and social networks decrease and become stable when the cost of adversary success $\lambda$ is high. When $\lambda$ is lowered, PATHDEFENSE yields a cost increase after about 100 iterations, with the defender eventually selecting the result of an early iteration.
  • ...and 2 more figures

Theorems & Definitions (6)

  • Theorem 3.1
  • Theorem 3.2
  • Theorem 3.3
  • Lemma E .1
  • Lemma E .2
  • Lemma E .3