When Simple is Near Optimal in Security Games

TL;DR

This paper models fraud policing as a Stackelberg security game where an administrator allocates R resources across L locations and taxes users via fines k to deter fraud. It proves that computing the exact optimal administrator strategy is NP-hard and then offers simple, scalable greedy algorithms that achieve provable guarantees, including a 1/2-approximation and a resource-augmentation guarantee (R+1 resources beat the R-resource optimum). For homogeneous user types, the authors also provide a PTAS for payoff maximization and a polynomial-time revenue-maximization algorithm, while extending the framework to heterogeneous user types with MCUA-based greedy methods that preserve half-approximation guarantees and augmentation benefits. The work validates the approach with a parking-enforcement case study at Stanford, showing substantial revenue gains (over $300,000 per year) and demonstrates contract-based extensions to bridge revenue and payoff outcomes, as well as handling additional allocation constraints via hierarchical structures. Overall, the paper combines game theory, approximation algorithms, and empirical validation to deliver practically effective tools for policing fraud under limited resources.

Abstract

Fraud is ubiquitous across applications and involve users bypassing the rule of law, often with the strategic aim of obtaining some benefit that would otherwise be unattainable within the bounds of lawful conduct. However, user fraud can be detrimental. To mitigate the harms of user fraud, we study the problem of policing fraud as a security game between an administrator and users. In this game, an administrator deploys $R$ security resources (e.g., police officers) across $L$ locations and levies fines against users engaging in fraud at those locations. For this security game, we study both payoff and revenue maximization administrator objectives. In both settings, we show that computing the optimal administrator strategy is NP-hard and develop natural greedy algorithm variants for the respective settings that achieve at least half the payoff or revenue as the payoff-maximizing or revenue-maximizing solutions, respectively. We also establish a resource augmentation guarantee that our proposed greedy algorithms with one extra resource, i.e., $R+1$ resources, achieve at least the same payoff (revenue) as the payoff-maximizing (revenue-maximizing) outcome with $R$ resources. Moreover, in the setting when user types are homogeneous, we develop a near-linear time algorithm for the revenue maximization problem and a polynomial time approximation scheme for the payoff maximization problem. Next, we present numerical experiments based on a case study of parking enforcement at Stanford University's campus, highlighting the efficacy of our algorithms in increasing parking permit earnings at the university by over \$300,000 annually. Finally, we study several model extensions, including incorporating contracts to bridge the gap between the payoff and revenue-maximizing outcomes and generalizing our model to incorporate additional constraints beyond a resource budget constraint.

Figures (10)

• Figure 1: Depiction of the revenue (left) and payoff (right) as a function of the amount of resources allocated to a location $l$. The revenue increases up to a threshold on the resource spending, following which the revenue drops to zero. Analogously, the payoff increases linearly up to the same threshold on the resource spending at which the payoff has a jump discontinuity to the maximum payoff $p_l$ achievable at that location. While users are indifferent between whether or not to engage in fraud at the threshold $\sigma_l = \frac{d_l}{d_l+k}$, revenue is maximized when $y_l(\boldsymbol{\sigma}) = 1$ (Equation \ref{['eq:best-response-users-rev-max']}), while the payoff is maximized when $y_l(\boldsymbol{\sigma}) = 0$ (see Section \ref{['subsec:problem-structure']}), aligning with the filled and open circles for the revenue (left) and payoff (right) maximization settings, respectively.
• Figure 2: Depiction of an example of the revenue from spending on a location $l$ (left), its upper bound (center), and its corresponding MCUA (right) for a setting with five types. The revenue function's MCUA has three segments $s$ for location $l$ with corresponding slopes $c_s$ and widths $x_s$.
• Figure 3: Depiction of the probability of not purchasing a parking permit of type $j$ as a function of the probability of allocating resources to a given location $l$ under counterfactuals one (left) and two (right). In counterfactual one, all strategic users have the same threshold probability $\frac{f_j}{k}$ at which they shift from not purchasing a permit to purchasing one. In counterfactual two, the probability of not purchasing a permit of type $j$ at location $l$ is modeled as an exponential distribution with parameter $\gamma_l^j$. The point $(\sigma_l^{SQ}, c_l^{j, SQ})$ on the exponential distribution corresponds to the fraction of the total parking spots of permit type $j$ at location $l$ that were issued citations, given by $c_l^{j, SQ}$, under the status-quo enforcement probability $\sigma_l^{SQ}$ at location $l$.
• Figure 4: Comparison of the fraction of the total permit earnings achieved by the status quo enforcement mechanism and a uniform random enforcement benchmark to that achieved by Algorithm \ref{['alg:GreedyWelMaxProb']} as the proportion of strategic users is varied in counterfactual one (left) and as the citation multiplier is varied in counterfactual two (right). For counterfactual one, we also depict the permit earnings corresponding to a No Enforcement benchmark, wherein no security resources are allocated to any locations. For counterfactual two, we depict the performance of the enforcement mechanism computed using Algorithm \ref{['alg:GreedyWelMaxProb']} calibrated based on the user behavior model in counterfactual two (Algorithm \ref{['alg:GreedyWelMaxProb']} (C2)) and another calibrated based on the user behavior model in counterfactual one where all users are assumed to be strategic (Algorithm \ref{['alg:GreedyWelMaxProb']} (C1)).
• Figure 5: Variation in the fraction of the payoffs achieved by the strategy $\boldsymbol{\sigma}_{\alpha}^A$ computed using Contract-Greedy to that achieved by the strategy $\boldsymbol{\sigma}_{A}^*$ corresponding to Algorithm \ref{['alg:GreedyFraudminimizationDeterministic']} as the contract level $\alpha$ is varied for different payoff functions $p_l = \Lambda_l (d_l)^x$ (left), number of resources $R$ (center), and fines $k$ (right).

Theorems & Definitions (43)

• Theorem 1: Optimality of Greedy Algorithm for Revenue Maximization Setting
• Proposition 1: Properties of Payoff-Maximizing Strategy
• Theorem 2: NP-Hardness of Payoff Maximization
• proof : Proof (Sketch) of Theorem \ref{['thm:npHardness-swm-fm']}
• Theorem 3: 1/2 Approximation of Greedy Algorithm for Payoff Maximization
• Theorem 4: Resource Augmentation Guarantee for Payoff Maximization
• Theorem 5: PTAS for Homogeneous Payoff Maximization
• Theorem 6: NP-Hardness of Heterogeneous Revenue Maximization
• Theorem 7: 1/2 Approximation for Heterogeneous Revenue Maximization
• Theorem 8: Resource Augmentation Guarantee for Heterogeneous Revenue Maximization