Optimal Welfare in Noncooperative Network Formation under Attack

TL;DR

This work analyzes decentralized network formation under attack with immunization, reframing the attacker–defender interaction in a multi-agent setting. It derives tight, asymptotically optimal bounds on social welfare after attack for three broad attacker types (maximum carnage, random, and SQD), resolving an open problem for the max-disruption case. Despite these robust guarantees, the authors construct a tailored attacker that yields linear welfare, illustrating limits of universal welfare guarantees under adversarial behavior. Overall, the results illuminate the resilience of self-organized networks and identify precise conditions under which robustness holds or fails, with implications for designing secure decentralized infrastructures.

Abstract

Communication networks are essential for our economy and our everyday lives. This makes them lucrative targets for attacks. Today, we see an ongoing battle between criminals that try to disrupt our key communication networks and security professionals that try to mitigate these attacks. However, today's networks, like the Internet or peer-to-peer networks among smart devices, are not controlled by a single authority, but instead consist of many independently administrated entities that are interconnected. Thus, both the decisions of how to interconnect and how to secure against potential attacks are taken in a decentralized way by selfish agents. This strategic setting, with agents that want to interconnect and potential attackers that want to disrupt the network, was captured via an influential game-theoretic model by Goyal, Jabbari, Kearns, Khanna, and Morgenstern (WINE 2016). We revisit this model and show improved tight bounds on the achieved robustness of networks created by selfish agents. As our main result, we show that such networks can resist attacks of a large class of potential attackers, i.e., these networks maintain asymptotically optimal welfare post attack. This improves several bounds and resolves an open problem. Along the way, we show the counter-intuitive result, that attackers that aim at minimizing the social welfare post attack do not actually inflict the greatest possible damage.

Figures (13)

• Figure 1: Strategy profile $\mathbf{s}$ without edge $e = \{i,j\}$ and $\mathbf{s}'$ where $e$ is bought by $i$. Red (blue) nodes are vulnerable (immunized). $A,B$ and $C$ are vulnerable regions. Without edge $e$ the maximum carnage attack randomizes between infecting a node in $A$ or $B$, while the maximum disruption attacker targets node $k$. In $\mathbf{s}'$, the latter targets a node in $A$. Arrows indicate edge ownership, directed away from the owner.
• Figure 2: The block-cut decomposition of $G(\mathbf{s})$ with two vulnerable cut-vertices $c_1$ and $c_2$. The dotted edge $\{x_1,x_r\}$ is bought in both strategy profiles $\mathbf{s}_1'$ and $\mathbf{s}_2'$.
• Figure 3: The layers $H_i$ from the proof of \ref{['theorem:bounds-previous']}.
• Figure 4: The four cases of the proof. The dashed edge is the proposed deviation.
• Figure 5: The Nash equilibrium $\mathbf{s}_{\text{bad}}$ with social welfare in $\Theta(n)$, for our tailored opponent, with $C_E = C_I = 6$.

Theorems & Definitions (83)

• Example 1
• Definition 1
• Lemma 1
• proof : Proof Sketch
• Definition 2
• Lemma 2
• Corollary 1
• Lemma 3
• Theorem 1
• proof : Proof Sketch