Preventive strike vs. false targets and protection in defense strategy Gregory Levitin a,b,n , Kjell Hausken c a Collaborative Autonomic Computing Laboratory, School of Computer Science, University of Electronic Science and Technology of China, China b The Israel Electric Corporation Ltd., Israel c Faculty of Social Sciences, University of Stavanger, Norway article info Article history: Received 7 July 2010 Received in revised form 27 February 2011 Accepted 4 March 2011 Available online 10 March 2011 Keywords: Vulnerability Active defense Passive defense Attack Protection Contest intensity abstract A defender allocates its resource between defending an object passively and striking preventively against an attacker seeking to destroy the object. With no preventive strike the defender distributes its entire resource between deploying false targets, which the attacker cannot distinguish from the genuine object, and protecting the object. If the defender strikes preventively, the attacker’s vulner- ability depends on its protection and on the defender’s resource allocated to the strike. If the attacker survives, the object’s vulnerability depends on the attacker’s revenge attack resource allocated to the attacked object. The optimal defense resource distribution between striking preventively, deploying the false targets and protecting the object is analyzed. Two cases of the attacker strategy are considered: when the attacker attacks all of the targets and when it chooses a number of targets to attack. An optimization model is presented for making a decision about the efficiency of the preventive strike based on the estimated attack probability, dependent on a variety of model parameters. & 2011 Elsevier Ltd. All rights reserved. 1. Introduction Defending against external impacts and especially against intentional external impacts has attracted considerable research effort in recent years. One can distinguish between active and passive defense. Some measures aimed at mitigating the effect of external attacks, such as protective shields, are by their nature passive. Other measures can generate active defense, which means exerting offensive effort when certain conditions are met. Earlier research has considered passive defense in the sense of defending against incoming attacks. Azaiez and Bier [1] consider the optimal resource allocation for security in reliability systems. They determine closed-form results for moderately general sys- tems, assuming that the cost of an attack against any given component increases linearly in the amount of defensive investment in that component. Bier et al. [3] and Bier and Abhichandani [2] assume that the defender minimizes the success probability and expected damage of an attack. Bier et al. [3] analyze the protection of series and parallel systems with components of different values. They specify opti- mal defenses against intentional threats to system reliability, focusing on the tradeoff between investment cost and security. The optimal defense allocation depends on the structure of the system, the cost-effectiveness of infrastructure protection invest- ments and the adversary’s goals and constraints. Levitin [9] considers the optimal element separation and protection in a complex multi-state series-parallel system and suggests an algo- rithm for determining the expected damage caused by a strategic attacker. Patterson and Apostolakis [13] introduce importance measures for ranking the system elements in complex systems exposed to terrorist actions. Michaud and Apostolakis [12] analyze such measures of damage caused by the terror as impact on people, impact on environment, impact on public image, etc. Bier et al. [4] assume that a defender allocates defense to a collection of locations while an attacker chooses a location to attack. They show that the defender allocates resources in a centralized, rather than decentralized, manner, that the optimal allocation of resources can be non-monotonic in the value of the attacker’s outside option. Furthermore, the defender prefers its defense to be public rather than secret. Also, the defender some- times leaves a location undefended and sometimes prefers a higher vulnerability at a particular location even if a lower risk could be achieved at zero cost. Dighe et al. [5] consider secrecy in defensive allocations as a strategy for achieving more cost- effective attacker deterrence. Zhuang and Bier [16] consider defender resource allocation for countering terrorism and natural disasters. The preventive strike can be an effective measure of active defense aimed at destroying the potential attacker and, thus, Contents lists available at ScienceDirect journal homepage: www.elsevier.com/locate/ress Reliability Engineering and System Safety 0951-8320/$ - see front matter & 2011 Elsevier Ltd. All rights reserved. doi:10.1016/j.ress.2011.03.008 n Corresponding author at: Collaborative Autonomic Computing Laboratory, School of Computer Science, University of Electronic Science and Technology of China, China. E-mail address: levitin@iec.co.il (G. Levitin). Reliability Engineering and System Safety 96 (2011) 912–924