NIGA: A Novel Method for Investigating the Attacker–Defender Model within Critical Infrastructure Networks

Abstract

The field of infrastructure security has garnered significant research attention. By integrating complex network theory with game theory, researchers have proposed many methods for studying the interactions between the attacker and the defender from a macroscopic viewpoint. We constructed a game model of infrastructure networks to analyze attacker-defender confrontations. To address the challenge of finding the Nash equilibrium, we developed a novel algorithm—node-incremental greedy algorithm (NIGA)—which uses less strategy space to solve the problem. The experiments performed further showed that NIGA has better optimization ability than other traditional algorithms. The optimal defense strategies under different conditions of initial strategy ratios and attacker-defender resources were analyzed in this study. Using intelligent computing to solve the Nash equilibrium is a new approach by which for researchers to analyze attacker-defender confrontations.

1. Introduction

Infrastructure systems, such as water distribution, aviation, and transportation, are important components of our society [1,2]. However, excessive reliance on these systems can lead to significant vulnerabilities within our society. As an example of this, in the September 11 events, attackers targeted the World Trade Center in New York and the Pentagon in Virginia, resulting in significant loss of life and substantial economic and political effects. Additionally, infrastructure systems are often among the first targets of attackers during wars. For attacker–defender confrontations in infrastructure systems, it is necessary to analyze the strategies of potential adversaries and the interconnectedness of systems on a global scale. By using game theory as our analytical framework and viewing infrastructure as an interconnected network, we should investigate the strategic interactions between intelligent adversaries within this network [3]. Studying the network connections within infrastructure is essential, because if key nodes are damaged, this can significantly affect the network’s operation, possibly causing a complete shutdown. Therefore, maintaining network connections by using strategic measures is crucial.

Various methods, including probabilistic risk analysis and data analysis, have been proposed for infrastructure protection [4,5]. However, these methods do not effectively model the behavior of intelligent adversaries [4,5,6]. Intelligent adversaries, in the context of our study, refer to entities or individuals with advanced capabilities to understand, adapt, and exploit vulnerabilities within infrastructure systems. Game theory offers a suitable framework for this challenge, enabling the assessment of optimal strategies and player interactions [7,8]. Game theory provides a theoretical framework for intelligent adversaries. Game models can be chosen to match different attack–defense situations for analyzing opponents’ strategies. These include static games, dynamic games, games of complete information, games of incomplete information, cooperative games, and non-cooperative games. Brown et al. [9] developed a sequential game model to reduce operational costs for attack and defense. Pita et al. [10] applied game theory to analyze airport security complexities. Zhang et al. [11] proposed a game model for factory safety management. Feng et al. [12] integrated game theory with risk assessment to evaluate protective measures for chemical facilities facing attack threats and subsequently further extended their research to consider multiple attackers [13]. Complex networks are used to describe detailed systems in nature, and in real-world applications, they are formed by interconnected infrastructures. By setting strategies and outcomes for both attackers and defenders based on a network’s structure, we can accurately depict an attack–defense game model on a large scale.

Combining game theory with complex network theory has yielded a mathematical model for analyzing attacker–defender interactions. This approach translates various attack and defense scenarios into quantifiable formulas for analysis [14]. Game theory aids in the predictive analysis of adversarial behavior, offering insights into the patterns of participants in attacker–defender confrontations [15] and guides defenders in selecting effective defense strategies, accurately portraying the equilibrium trends of both sides [16]. Complex network theory, in turn, enables a macroscopic examination of the strategies employed by the participants. The application of game theory and complex network theory to analyze attacker–defender behaviors has been proven to be effective. The theoretical framework of this model is depicted in Figure 1.

However, many proposed studies have not integrated game theory with complex networks, making it difficult to analyze problems from a macro perspective. Additionally, they have not considered the complexity of large-scale solutions, resulting in low computational efficiency. The game model and the attacker–defender model are directly correlated. Game theory offers a valuable research methodology for analyzing the attacker–defender model [17]. In the attacker–defender scenario, the wide range of strategies available to both parties complicates the application of traditional methods to find the Nash equilibrium. Therefore, in this study, we employed intelligent computing to address the Nash equilibrium problem.

Greedy algorithms represent a widely applied and effective optimization strategy in the field of artificial intelligence [18,19,20,21,22]. They are designed to make the best immediate choice at each step toward solving a problem. These algorithms are especially suited for problems with optimal substructure, where the aggregation of local optima can result in an overall optimal solution. An example of their use is in graph theory, where they are employed to identify minimum spanning trees, with algorithms such as Prim’s and Kruskal’s being prominent. Greedy algorithms are also extensively applied in resource allocation, scheduling, coding, and network flow optimization.

The key contributions presented in this study are summarized below.

(1)

We introduce a novel algorithm, node-incremental greedy algorithm (NIGA), which was validated with performance trials that indicated it delivers superior outcomes compared with existing methodologies.

(2)

We constructed a comprehensive information static game model. This model is designed to forecast and evaluate the strategic interactions between attackers and defenders within infrastructure networks.

(3)

This study offers a novel approach for the academic community, highlighting the potential of employing NIGA to address Nash equilibrium scenarios.

(4)

We provide an in-depth analysis of attacker–defender game dynamics across a range of parameters.

(5)

Additionally, we examine the attacker–defender game in the context of varying resource availability.

The rest of the paper is organized as follows. Section 2 covers related work. The attacker-defender game model within critical infrastructure networks is established in Section 3. The NIGA is proposed and applied to analyze the Nash equilibrium in Section 4. Section 5 conducts simulation experiments and analysis. Finally, Section 6 concludes the paper.

2. Related Work

2.1. Defense Resource Allocation Strategies for Critical Infrastructure Networks

Though the ultimate goal is to minimize the losses caused by attacks, defense resource allocation strategies for critical infrastructure networks have been widely researched across various fields and can be generally summarized into two major categories.

Methods in the first category focus on modifying the initial network structure to bolster its robustness through the strategic deployment of defense resources. This can include adding nodes such as base stations and edges such as power lines or reconfiguring existing connections. For example, Ke et al. [23] explored the impact of adding a minimal number of edges to uncertain graphs to enhance network reliability, devising a practical and scalable solution with verified effectiveness. Natalino et al. [24] proposed enhancing content accessibility in transportation networks by introducing a few strategic edges, showing through simulations that this approach can notably boost content reach. Yang et al. [25] examined the link between community structure and network robustness, employing an onion model to represent communities and suggesting a three-step strategy to reconfigure edges, and illustrated their proposal with the U.S. airport network. Chan et al. [26] proposed the EdgeRewire framework, which allows for edge reconfiguration under a fixed budget, without altering the node degree, and for maximizing robustness, as demonstrated across AS routing, P2P, and aviation networks. Yuan et al. [27,28] suggested cable swapping in power networks to mitigate post-attack losses, with experiments on the IEEE system indicating a marked improvement in power system recovery.

The second category of methods retains the original structure of the network and includes methods for the rational allocation and scheduling of limited security resources to protect the network. For instance, by leveraging network centrality metrics—such as node degree and betweenness centrality—key nodes can be identified for monitoring, such as closely watching substations, or for immunization to safeguard the network. Additionally, vulnerable edges, such as bridges in transportation networks, and critical infrastructure nodes, such as subway stations, can be reinforced. This ensures the network’s continued functionality even after an attack. In many security fields, how to allocate limited resources is an important issue, such as designing reasonable plans for airport security patrols, air force police assignments, port entry cargo inspections, subway station patrols, and random inspections at customs. Chen and Saxena et al. [29,30] drew inspiration from immunology and proposed methods for calculating “Shield value” and Shapley value for nodes to assess their importance, followed by designing effective immunization strategies based on this. Liu et al. [31] proposed a targeted immunization strategy based on percolation transfer to control the spread of viruses in networks, and the experimental results showed that this method is superior to the degree centrality strategy, the betweenness centrality strategy, and the adaptive degree centrality strategy. Liu et al. [32] proposed a directed immunization strategy by obtaining partial network node information and continuously selecting the most central nodes for immunization. Their findings have contributed to the development of better methods for immunizing large-scale networks.

On the ond hand, the implementation of methods of the first category requires changing the initial structure of the network, which is not applicable in many real-world scenarios. For example, after an attack on a subway track network, it is not possible to quickly build a new track, which requires large amounts of money and resources. On the other hand, the implementation of methods of the second category is mostly based on network centrality indicators, and these methods are pure strategies that do not consider the combination optimization problem of the strategy space.

2.2. Attack–Defense Game Model

Since its initial application in 2003, game theory has been extensively researched in relation to military strikes and homeland defense [33,34,35]. Brown et al. explored dynamic game models, analyzing optimal attack strategies under various defense strategies, such as no defense and protecting key nodes or three-quarters of the nodes. Their analysis of oil reserves and power transportation networks showed that strategic choices under game-theoretic models can differ from intuition, emphasizing the importance of game theory in infrastructure protection. Li et al. [36,37,38] established a two-player static game model of complex networks, using the size of the largest connected component as a measure, and studied the relationships among equilibrium strategies, node degree values, and the impact of the network structure, cost constraints, and cost sensitivity on equilibrium outcomes, which were validated by using an aviation network. Fu et al. [39] proposed a dynamic game model where first the defender protects the network and then the attacker takes measures to destroy it, studying the impact of the defender’s willingness through evolutionary game theory. Zhai et al. [40] developed an attack–defense game model considering different attackers’ utility values, where the defender’s utility function towards the attacker is uncertain. Building on the complete information static model, Feng et al. considered the protection of chemical plants in the presence of multiple types of attackers. Pita et al. studied airport security protection issues with a Bayesian Stackelberg game model. Gu et al. [41] similarly established a Bayesian Stackelberg game model and analyzed the impact of the type of distribution on the equilibrium solution. Jiang et al. [42] also established a Bayesian Stackelberg game model to study water supply network protection issues, including cases of private information. Zeng et al. [43,44] focused on the defense resource allocation problem of critical infrastructure networks under asymmetric information, proposing a pseudo-network construction method and introducing Stackelberg proactive deception games and Bayesian Stackelberg games to establish models. Experiments on actual infrastructure networks showed that this method can effectively protect this type of networks. Zhang et al. [45] studied optimal resource allocation between multiple real/decoy targets with an asynchronous move game, assuming that defenders act first and attackers observe and then act. Thompson et al. [46,47] analyzed the potential impact of intelligent attacks on the U.S. air transportation network and protective measures by establishing and solving a three-level defender–attacker–defender optimization model. Yuan et al. [28] proposed extending the traditional defender–attacker–defender model to post-incident corrective line switching operations as an effective post-incident mitigation method for power infrastructure networks. Hendrickson et al. [48] established and solved an optimized defender–attacker–defender game model for determining the best location for installing relay nodes, ensuring optimal deep-sea network functionality even in the worst-case scenario.

2.3. Discussion and Research Gaps

The extensive body of related work has significantly contributed to the understanding of defense strategies in critical infrastructure networks. However, a critical examination reveals several research gaps that our study aims to address.

Firstly, while many studies have focused on modifying network structures or utilizing network centrality metrics for defense, there is a lack of comprehensive strategies that integrate both approaches. The need for a holistic approach that considers both structural modifications and resource allocation based on network metrics is evident.

Secondly, the scalability of defense strategies to large-scale networks is a concern. Many proposed methods have been tested on small-scale networks, and their effectiveness in larger, more complex networks remains unproven.

Lastly, the integration of advanced computational techniques, such as machine learning and artificial intelligence, into defense strategies is an area that requires further exploration. The potential of these techniques to enhance the predictive capabilities and responsiveness of defense systems is largely untapped.

To provide a clearer overview of these gaps and the contributions of our study, we present a table summarizing the main contributions of previous related works (

Table 1. Summary of contributions of previous related works.

Category	Author(s)	Contribution
Defense Resource Allocation	Ke et al. [23]	Enhanced network reliability by adding edges.
	Natalino et al. [24]	Improved content accessibility by adding strategic edges.
	Yang et al. [25]	Proposed a three-step strategy for edge reconfiguration.
	Chan et al. [26]	Introduced EdgeRewire for edge reconfiguration.
	Yuan et al. [27,28]	Suggested cable swapping for post-attack recovery.
Attack-Defense Game Model	Brown et al. [9]	Explored dynamic game models for infrastructure protection.
	Pita et al. [10]	Studied airport security with a Bayesian Stackelberg game model.
	Li et al. [36,37,38]	Established a two-player static game model.
	Fu et al. [39]	Proposed a dynamic game model considering defender’s willingness.
	Zhai et al. [40]	Developed an attack-defense game model with uncertain defender utility.
	Zeng et al. [43,44]	Focused on defense resource allocation under asymmetric information.
	Zhang et al. [45]	Studied optimal resource allocation between multiple targets.
	Thompson et al. [46,47]	Analyzed intelligent attacks on the air transportation network.
	Hendrickson et al. [48]	Optimized game model for deep-sea network functionality.

).

This table and the discussion highlight the need for a more integrated and scalable approach to defense resource allocation, which our study seeks to provide.

2.4. Greedy Algorithms

Greedy algorithms [49,50] represent a common method for efficiently finding optimal or near-optimal solutions. They simplify the problem-solving process by making a sequence of choices, each selecting the best immediate option, aiming for an overall optimal outcome. While greedy algorithms do not always guarantee a global optimum for every problem, they provide swift and satisfactory solutions that reflect everyday decision-making processes and save considerable time compared with exhaustive methods.

To use a greedy algorithm, one must first find a set of candidate objects that make up the solution, which can optimize the objective function. Initially, the set of candidate objects selected by the algorithm is empty. Then, based on the selection function, the most promising object that could potentially form part of the solution is chosen from the remaining candidates. If adding this object to the set is not feasible, the object is discarded and no longer considered; otherwise, it is added to the set. The set is expanded each time, and it is checked whether it constitutes a solution [51,52].

The problem-solving steps are as follows:

(1)

Establish a mathematical model to describe the problem.

(2)

Divide the problem to be solved into several subproblems.

(3)

Solve each subproblem to obtain the local optimal solution for the subproblem.

(4)

Combine the local optimal solutions of the subproblems into a solution for the original problem.

The pseudocode can be seen in Algorithm 1.

Algorithm 1: Greedy Algorithm

3. The Attacker–Defender Game Model

3.1. Symbol Description

We developed an attacker–defender game model for infrastructure networks, modeled as an undirected simple graph $G=(V,E)$. Infrastructure networks are typically characterized by bidirectional connections, allowing for the flow of resources, information, or services in both directions. An undirected graph is a more accurate representation of these bidirectional relationships, as it does not imply a specific direction of interaction between nodes, which is more reflective of the actual dynamics within such networks.

(1)

$V=\{v_1,v_2,\dots ,v_N\}$ is the node set, with $N=\left|V\right|$ indicating the number of nodes.

(2)

$E\subseteq V\times V$ denotes the edge set, representing connections between nodes.

The graph’s adjacency matrix, A, is an $N\times N$ matrix. If nodes $v_i$ and $v_j$ are connected, $a_{ij}=a_{ji}=1$; otherwise, $a_{ij}=a_{ji}=0$.

This static game model assumes simultaneous attacker and defender actions, represented by the tuple $ADG=(N_A, N_D, V_A, R_A, {\mathbb{S}}_A, V_D, R_D, {\mathbb{S}}_D, P_A,P_D, U_A, U_D)$.

(1)

$N_A$ denotes the attacker, who predicts the defender’s strategy to formulate their own.

(2)

$N_D$ denotes the defender, who anticipates the attacker’s strategy to develop countermeasures.

(3)

$V_A$ is the set of attack nodes; if targeting $v_1$ and $v_2$, $V_A=\{v_1,v_2\}$.

(4)

$R_A$ is the attacker’s resource limit, determining the maximum number of nodes that can be attacked ($R_A=\left|V_A\right|$).

(5)

${\mathbb{S}}_A=\{S_A^1,S_A^2,\dots ,S_A^i,\dots ,S_A^m\}$ lists the attack strategies, with $S_A^i=[x_1,x_2,\dots ,x_N]$ indicating the i-th strategy, where $x_i=1$ if node $v_i$ is attacked and $x_i=0$ otherwise.

(6)

$V_D$ is the set of defense nodes; if targeting $v_3$ and $v_4$, $V_D=\{v_3,v_4\}$.

(7)

$R_D$ is the defender’s resource limit, specifying the maximum number of nodes that can be defended ($R_D=\left|V_D\right|$).

(8)

${\mathbb{S}}_D=\{S_D^1,S_D^2,\dots ,S_D^j,\dots ,S_D^n\}$ lists the defense strategies, with $S_D^j=[y_1,y_2,\dots ,y_N]$ indicating the j-th strategy, where $y_i=1$ if node $v_i$ is defended and $y_i=0$ otherwise.

(9)

$P_A=\{P_A^1,P_A^2,\dots ,P_A^i,\dots ,P_A^m\}$ represents the probabilities of the attacker’s strategy adoption, with $P_A^i$ being the probability of strategy $S_A^i$.

(10)

$P_D=\{P_D^1,P_D^2,\dots ,P_D^j,\dots ,P_D^n\}$ represents the probabilities of the defender’s strategy adoption, with $P_D^j$ being the probability of strategy $S_D^j$.

(11)

$U_A=U_A(S_A,S_D)$ is the attacker’s profit function, dependent on both $S_A$ and $S_D$, with different strategies yielding various profits.

(12)

$U_D=U_D(S_A,S_D)$ is the defender’s profit function, also contingent on $S_A$ and $S_D$, with strategies influencing profit outcomes.

The summary of symbols in this model is shown in

Table 2. Symbols in the attacker–defender game model.

Symbol	Description
N	Number of nodes in the network, $N=\left|V\right|$.
V	Node set $V=\{v_1,v_2,\dots ,v_N\}$.
E	Edge set $E\subseteq V\times V$.
A	Adjacency matrix of the graph.
$a_{ij}$	Element of adjacency matrix.
$N_A$	Attacker.
$N_D$	Defender.
$V_A$	Set of attack nodes.
$R_A$	Attacker’s resource limit.
${\mathbb{S}}_A$	Set of attack strategies.
$V_D$	Set of defense nodes.
$R_D$	Defender’s resource limit.
${\mathbb{S}}_D$	Set of defense strategies.
$P_A$	Probabilities of the attacker’s strategy adoption.
$P_D$	Probabilities of the defender’s strategy adoption.
$U_A$	Attacker’s profit function.
$U_D$	Defender’s profit function.

.

3.2. Basic Assumptions

(1)

The game features two rational players: an attacker and a defender. Each player has comprehensive knowledge of the network, including all potential strategies and the outcomes for each strategy combination.

(2)

Attacks and defenses are focused on network nodes. A node is successfully attacked when the attacker targets it and it is not defended. The successful attack results in the removal of the node and its connected edges from the network.

(3)

When a node is successfully attacked, its associated edges will also be removed, but it will not affect the nodes directly connected to it.

(4)

Players independently formulate their strategies at the same time, without prior knowledge of the opponent’s choices. The game is a one-time interaction without subsequent rounds.

3.3. Strategies

The defender aims to protect valuable nodes within a network, while the attacker seeks to disrupt the network’s functionality by targeting nodes for attack. Both players must consider their strategies within the constraints of their available resources. The strategies of defenders and attackers can be mathematically formalized as shown below.

3.3.1. Attacker’s Strategy

The objective of the attacker is to impair network performance by reducing its connectivity. To achieve this, the attacker selects a subset of nodes, $V_A\subseteq V$, to target. When these nodes are attacked, they lose their functionality and are removed from the network, along with their connected edges.

A pure strategy for the attacker is denoted as $S_A^i=\langle x_{A_v}\rangle$, where $x_{A_v}=1$ if node v is targeted, and $x_{A_v}=0$ if node v is not targeted. The attacker has limited resources, denoted as $R_A$, which constrain the number of nodes that can be targeted, ensuring $|V_A| \le R_A$.

The set of all possible pure strategies for the attacker is represented as ${\mathbb{S}}_A$. The attacker’s mixed strategy, $P_A=\langle p_A^i\rangle$, is a probability distribution over the pure strategies in ${\mathbb{S}}_A$.

3.3.2. Defender’s Strategy

The defender’s goal is to allocate resources to protect a subset of nodes, $V_D\subseteq V$, ensuring these nodes remain secure from attacks.

A pure strategy for the defender is represented as $S_D^j=\langle x_{D_v}\rangle$, where $x_{D_v}=1$ if node v is protected, and $x_{D_v}=0$ if node v is not protected. The defender has limited resources, denoted as $R_D$, which constrain the number of nodes that can be protected, ensuring ${\sum }_{v\in V}{x}_{D_v}\le R_D$.

The subset of nodes protected by the defender is $V_D=\{v\in V\mid x_{D_v}=1\}$. The set of all possible pure strategies for the defender is represented as ${\mathbb{S}}_D$. The defender’s mixed strategy, $P_D=\langle p_D^i\rangle$, is a probability distribution over the pure strategies in ${\mathbb{S}}_D$.

3.4. Payoffs

As mentioned in Section 3.2, a node $v_i$ is successfully removed only if it is targeted by the attacker and not defended. We denote the sets of removed nodes and edges by $\widehat{V}\subseteq V$ and $\widehat{E}\subseteq E$, respectively. Consequently, network after the game is represented by $\widehat{G}=(V\setminus \widehat{V},E\setminus \widehat{E})$, where ∖ denotes the set difference.

It is clear that $\widehat{V}$ is derived from the set of targeted nodes $V_A$ minus the nodes that are both targeted and defended, $V_A\cap V_D$. Thus, $\widehat{V}=V_A\setminus (V_A\cap V_D)$. This relationship can be calculated based on the following analysis:

$$\begin{array}{cc}\hfill \widehat{V}& =\{V_i\in V\mid V_i\in V_A\mathrm{and}{V}_i\notin V_D\}\hfill \\ \hfill & =\{V_i\in V_A\mid V_i\notin V_D\}\hfill \\ \hfill & =V_A-V_D\hfill \\ \hfill & =V_A-(V_A\cap V_D).\hfill \end{array}$$

(1)

We define the measure of network performance as $\Gamma$, which can be assessed with various metrics, including the size of the largest connected component [53], network efficiency [54], and others. Additionally, the attacker’s payoff is defined as:

$$U_A^{ij}\left(S_A^i,S_D^j\right)={\displaystyle \frac{\Gamma \left(G\right)-\Gamma \left(\widehat{G}\right)}{\Gamma \left(G\right)}}\in [0,1],$$

(2)

and the defender’s payoff is defined as:

$$U_D^{ij}\left(S_A^i,S_D^j\right)={\displaystyle \frac{\Gamma \left(\widehat{G}\right)-\Gamma \left(G\right)}{\Gamma \left(G\right)}}\in [-1,0],$$

(3)

where $\Gamma$ is defined as the metric for assessing network performance.

In this study, $\Gamma \left(G\right)$ represents the size of the largest connected component in the original network $G=(V,E)$, while $\Gamma \left(\widehat{G}\right)$ denotes the size of the largest connected component in the attacked network $\widehat{G}=(V\setminus \widehat{V},E\setminus \widehat{E})$. The measure of network performance, $\Gamma$, is chosen to reflect the network’s resilience. In this study, $\Gamma$ is primarily the size of the largest connected component in the network, a metric justified by its direct correlation with network functionality and robustness [53]. However, we acknowledge that other metrics such as network efficiency [54] could also be considered, each offering a different perspective on network performance. The choice of $\Gamma$ has significant implications for the game’s dynamics, as it directly influences the payoff functions for both players.

The game is a zero-sum game, as the sum of the attacker’s payoff and the defender’s payoff equals zero. When the attacker targets nodes within the network, the performance of the network is diminished. The attacker’s profit is quantified by the size of the largest connected component to which the network’s performance is reduced as a result of the attack. Correspondingly, the defender’s loss is also measured by this same reduction in network performance. In a zero-sum game, the sum of the attacker’s profit and the defender’s loss equals zero, indicating that one party’s gain is exactly balanced by the other party’s loss.

The attacker’s payoff function, $U_A^{ij}$, and the defender’s payoff function, $U_D^{ij}$, are defined within the context of a zero-sum game, where the attacker’s gain is equivalent to the defender’s loss. This zero-sum property simplifies the game by ensuring that the total payoff is constant, focusing the strategic decision making on how to distribute this constant payoff between the two players.

The zero-sum nature of the game has profound implications for the strategy space and solution methods. It suggests that any gain in payoff by one player must come at the expense of the other, thereby narrowing the set of potential equilibrium strategies. This property also influences the solution methods, as the search for Nash equilibrium strategies is inherently constrained by the opposing objectives of the two players.

In the context of a two-player zero-sum game, the expected payoffs for both the defender and the attacker can be defined based on their respective strategies. Let us define the expected payoffs for the defender ($U_D$) and the attacker ($U_A$) as follows.

When the defender uses mixed strategy $P_D$ and the attacker uses pure strategy $S_A^i$, the defender’s expected payoff $U_{D1}(S_A^i,P_D)$ is given by:

$$U_{D1}(S_A^i,P_D)=\sum _{j=1}^n(1-z_{D,A})P_D^j{U}_D^{ij},$$

(4)

where $z_{D,A}$ is an indicator variable that marks whether the attacker’s strategy ($S_A$) successfully deletes the target set selected by the defender’s strategy ($S_D$). If $V_D\cap V_A=V_D$, indicating that the attacker fails to remove the defended nodes, then $z_{D,A}=0$; otherwise, if the attacker successfully attacks any of the defended nodes, $z_{D,A}=1$.

When the defender uses pure strategy $S_D^j$ and the attacker uses mixed strategy $P_A$, the defender’s expected payoff $U_{D2}(P_A,S_D^j)$ is given by:

$$U_{D2}(P_A,S_D^j)=\sum _{i=1}^m(1-z_{D,A})P_A^i{U}_D^{ij},$$

(5)

where $P_A^i$ is the probability that the attacker uses pure strategy $S_A^i$.

When both players use mixed strategies $P_A$ and $P_D$, the defender’s expected payoff $U_{D3}(P_A,P_D)$ is given by:

$$U_{D3}(P_A,P_D)=\sum _{i=1}^m{P}_A^i{U}_{D1}(S_A^i,P_D)=\sum _{j=1}^n{P}_D^j{U}_{D2}(P_A,S_D^j),$$

(6)

which represents the defender’s expected payoff when considering the probabilities of each player’s strategies and the interactions among them.

Given the zero-sum nature of the game, the attacker’s expected payoff, $U_A$, is the negative of the defender’s expected payoff, $U_D$:

$$U_A=-U_D.$$

(7)

The defender aims to maximize the expected payoff by choosing the best mixed strategy $P_D$, while the attacker aims to minimize it by choosing the best mixed strategy $P_A$. The game’s solution would typically involve finding the Nash equilibrium, where neither player can improve their expected payoff by changing their strategy given the other player’s strategy.

3.5. Nash Equilibrium

The attacker’s goal is to maximize their payoff within the strategic constraints, while the defender seeks to minimize damage. To address this, we formulated a linear programming model with dual objectives. Let z and $\omega$ represent the expected payoffs of the attacker and defender, respectively. The model is defined as follows:

$$\begin{array}{cc}max\hfill & z\hfill \\ \mathrm{s}.\mathrm{t}.\hfill & \sum _{S_A^i\in S_A}{U}_A(S_A^i,S_D^j)·P_A^i\ge z,\forall S_D^j\in S_D\hfill \\ \\ \hfill & P_A^i\le {\alpha }_A^i,\forall S_A^i\in S_A\hfill \\ \\ \hfill & \sum _{S_A^i\in S_A}{P}_A^i=1\hfill \\ \\ \hfill & P_A^i\ge 0,\forall S_A^i\in S_A,\hfill \end{array}$$

(8)

$$\begin{array}{cc}max\hfill & \omega \hfill \\ \mathrm{s}.\mathrm{t}.\hfill & \sum _{S_D^j\in S_D}{U}_D(S_A^i,S_D^j)·P_D^j\ge \omega ,\forall S_A^i\in S_A\hfill \\ \\ \hfill & P_D^j\le {\alpha }_D^j,\forall S_D^j\in S_D\hfill \\ \\ \hfill & \sum _{S_D^j\in S^D}{P}_D^j=1\hfill \\ \\ \hfill & P_D^j\ge 0,\forall S_D^j\in S_D,\hfill \end{array}$$

(9)

where the payoff of the attacker under strategy profile $(S_A^i,S_D^j)$ is denoted by $U_A(S_A^i,S_D^j)$, and the payoff of the defender is $U_D(S_A^i,S_D^j)$. Equation (8) represents the attacker’s optimization model, while Equation (9) represents the defender’s. Solving these models yields the Nash equilibrium $(P_A^{*},P_D^{*})$. Subsequently, the equilibrium payoff values for the attacker and the defender are defined as follows:

$$z\left(P_A^{*},P_D^{*}\right)=P_A^T{U}_A{P}_D=\left(P_A^1,P_A^2,\cdots ,P_A^{|S_A|}\right)\left(\begin{array}{cccc}{u}_A^{11}& u_A^{12}& \cdots & u_A^{1|S_D|}\\ u_A^{21}& u_A^{22}& \cdots & u_A^{2|S_D|}\\ ⋮& ⋮& & ⋮\\ u_A^{|S_A|1}& u_A^{|S_A|2}& \cdots & u_A^{|S_A\left|\right|S_D|}\end{array}\right)\left(\begin{array}{c}{P}_D^1\\ P_D^2\\ ⋮\\ P_D^{|S_D|}\end{array}\right),$$

(10)

and

$$\omega \left(P_A^{*},P_D^{*}\right)=P_A^T{U}_D{P}_D=\left(P_A^1,P_A^2,\cdots ,P_A^{|S_A|}\right)\left(\begin{array}{cccc}{u}_D^{11}& u_D^{12}& \cdots & u_D^{1|S_D|}\\ u_D^{21}& u_D^{22}& \cdots & u_D^{2|S_D|}\\ ⋮& ⋮& & ⋮\\ u_D^{|S_A|1}& u_D^{|S_A|2}& \cdots & u_D^{|S_A\left|\right|S_D|}\end{array}\right)\left(\begin{array}{c}{P}_D^1\\ P_D^2\\ ⋮\\ P_D^{|S_D|}\end{array}\right).$$

(11)

Equations (2) and (3) establish that this is a zero-sum game, where the attacker’s payoff z is equivalent to the defender’s loss $\omega$; thus, $z=-\omega$.

4. Node-Incremental Greedy Algorithm

4.1. Payoff Optimization Techniques

In the algorithm, the optimization of the attacker’s payoff is primarily achieved through the following steps:

(1)

Initial strategy selection: Randomly initialize the set of attack strategies ${\mathbb{S}}_A^{\prime }$.

(2)

Iterative update: Through iterative optimization, the attacker selects attack strategies that maximize their payoff given the current defense strategy ${\mathbb{S}}_D^{\prime }$. This step utilizes a greedy strategy to select sets of nodes whose attack would result in maximal losses for the defender.

(3)

Nash equilibrium solution: In each iteration, solve for the Nash equilibrium to determine the optimal mixed attack strategy, ensuring that the attacker cannot unilaterally improve their outcome under the current defense strategy.

The optimization process for the defender’s payoff proceeds as follows:

(1)

Initial strategy selection: Randomly initialize the set of defense strategies ${\mathbb{S}}_D^{\prime }$.

(2)

Iterative update: Through iterative optimization, the defender selects defense strategies that maximize their payoff given the current attack strategy ${\mathbb{S}}_A^{\prime }$. In each iteration, the defender employs a greedy strategy to select sets of nodes that minimize the attacker’s potential payoff.

(3)

Nash equilibrium solution: Similar to the attacker, the defender solves for the Nash equilibrium to determine the optimal mixed defense strategy, ensuring that the defender cannot unilaterally improve their outcome under the current attack strategy.

4.2. The Algorithm

As the network size grows, the strategy space expands significantly. This task becomes nearly impractical to execute within a large-scale strategy space.

In this section, we introduce the novel algorithm designed to address the model—node-incremental greedy algorithm (NIGA). The main idea of the algorithm is to gradually approach the global optimum by making locally optimal choices at each iteration. Starting from an initial set of attack and defense strategies, the algorithm begins by randomly selecting strategies to solve the game problem. It then enters the main loop, where it continuously updates the strategies of both the attacker and the defender by iterating through the nodes one by one. In each iteration, the algorithm employs a greedy strategy to select a set of nodes that maximize the payoff for both parties. NIGA consists of a defender module and an attacker module, and its overview is provided in Algorithm 2.

Algorithm 2: Pseudocode for NIGA

The pseudocode describes an iterative strategy improvement process aimed at reaching a Nash equilibrium, where neither the attacker’s nor the defender’s strategies can be improved upon unilaterally. Both players start with a minimal strategy space that allows for the rapid determination of a game equilibrium solution. After several repetitions, based on the outcomes of the game, an initial strategy space that is more suitable, denoted by $〈{\mathbb{S}}_D^{\prime },{\mathbb{S}}_A^{\prime }〉$, is selected. Then, in the iterative phase, the attacker searches for an improved strategy ${\mathbb{S}}_A^{\prime }$ by invoking the attacker module, while the defender searches for an improved strategy ${\mathbb{S}}_D^{\prime }$ by invoking the defender module. This process is continuously repeated until neither party can find a better strategy, at which point the iteration ends. The solution obtained at this point is the final solution to the original attacker–defender game problem.

The core aim of the defender module in NIGA is to generate a superior pure strategy for the defender with the algorithm, with detailed steps as shown in Algorithm 3. The NIGA-Defender algorithm iterates by traversing nodes, starting with node 1 in the first iteration, then starting with node 2 in the second iteration, and so on, incrementing sequentially until the number of iterations reaches $N-R_D+1$. Compared with constructing a payoff matrix by enumerating all possible strategies to calculate a global equilibrium, this algorithm significantly improves computational efficiency.

Algorithm 3: Pseudocode for NIGA-Defender

The objective of the greedy algorithm is to identify a pure strategy D that maximizes the defender’s payoff, with specific steps as outlined in Algorithm 4. The first step initializes $D=\varnothing$. In the second step, while adhering to the resource constraint, the algorithm iterates through the nodes to find the optimal node, v, that can enhance the payoff. If node v satisfies the condition $U_{D2}(D\cup \left\{v\right\},y)>U_{D2}(D,y)$, then it is added to strategy D. Similarly, if $U_{D2}(D\cup \left\{v\right\},y)>U_{D3}(x,y)$, then v is added to strategy D. Finally, the process stops when the number of nodes in strategy D reaches the defender’s resource limit, that is, $\left|D\right|=R_D$.

Algorithm 4: Pseudocode for Greedy Algorithm in NIGA

5. Experiments and Mathematical Analysis

This section focuses on evaluating the effectiveness of NIGA within the context of attacker–defender interactions. Initially, NIGA’s efficacy was tested compared with other related algorithms. Subsequently, to prove NIGA’s optimization ability, its performance was tested across a variety of network sizes. Moving forward, NIGA was utilized to determine the Nash equilibrium at varying initial strategy ratios, denoted by r. To conclude the analysis, the algorithm was used to address the Nash equilibrium problem with different attack ($R_A$) and defense resources ($R_D$). The experiments were based on power-law networks and were characterized by a heavy-tailed degree distribution. The probability that a node had k connections followed a power-law distribution, typically represented as $P\left(k\right)\sim k^{-\alpha }$. This property implies that a few nodes, known as “hubs”, possess a disproportionately large number of connections compared with the majority of nodes, which have only a few links. The structure of power-law networks has significant implications for various phenomena observed in real-world networks, such as robustness to random failures and the potential for the rapid spread of information or diseases.

Our analysis was conducted on a system equipped with a 12th Gen Intel Core i7-12700H processor, 32.0 GB of RAM, and a 64-bit operating system running on an x64-based processor. The data originated from randomly generated scale-free networks.

5.1. Performance Test of NIGA

In this part, we report on two series of performance evaluation experiments. The first set was based on different initial strategies, with 30 runs recorded for each algorithm’s results. The second set was based on varying network sizes, specifically networks with 100, 200, and 300 nodes. We examined the effectiveness of each algorithm under these conditions. For NIGA, performance was gauged according to the attainment of the lowest possible value, signifying the smallest possible loss for the defender. Optimally, an algorithm’s performance is indicated by the smallest loss it can identify.

For analysis, we conduct an analysis that encompasses the worst case, average case, and best case scenarios.

We have defined the worst case scenario as the situation where the attacker is most successful in causing damage to the network, resulting in the maximum possible loss for the defender. This scenario tests the resilience and robustness of the model under the most adverse conditions.

The average case represents a typical interaction between the attacker and defender, where the outcomes are neither the best nor the worst but fall within a range of expected results. This scenario provides insight into the model’s performance under normal operating conditions.

The best case scenario is characterized by the optimal performance of the model, where the defender’s strategies are most effective in minimizing the impact of the attacker’s actions, resulting in the lowest possible loss.

The performance of NIGA was compared with that of other traditional algorithms within the attacker–defender game model, including random strategy (RS), degree strategy (DS), betweenness strategy (BS), closeness strategy (CS), and eigenvalue strategy (ES). In RS, the defender randomly updates strategies at each iteration, and in DS, they update strategies based on the degree of nodes, favoring strategies with the highest degree. In BS, the defender favors strategies with the highest betweenness centrality of nodes; in CS, those with the highest closeness centrality of nodes; and in ES, those with the highest eigenvalue of nodes.

Firstly, the performance of NIGA was assessed relative to the conventional methods of random strategy (RS), degree strategy (DS), betweenness strategy (BS), closeness strategy (CS), and eigenvalue strategy (ES). This comparison was based on their respective optimization capabilities when utilizing various initial strategies. The experimental data can be found in

Table 3. The results of the performance test for NIGA, RS, DS, BS, CS, and ES for different randomized initial strategies.

Number	NIGA	RS	DS	BS	CS	ES
1	1.8000	1.8182	1.8462	1.8462	1.8462	1.8462
2	1.7778	1.7778	1.8000	1.8000	1.8000	1.8000
3	1.7895	1.8000	1.8571	1.8571	1.8571	1.8333
4	1.8182	1.8261	1.8571	1.8571	1.8571	1.8462
5	1.8333	1.8400	1.8824	1.8824	1.8824	1.8824
6	1.7778	1.8333	1.8500	1.8537	1.8537	1.8537
7	1.8182	1.8333	1.8333	1.8333	1.8333	1.8333
8	1.7500	1.8000	1.8000	1.8000	1.8000	1.8000
9	1.7888	1.8000	1.8462	1.8462	1.8462	1.8462
10	1.7500	1.8000	1.8333	1.8333	1.8333	1.8333
11	1.8000	1.8333	1.8333	1.8333	1.8333	1.8333
12	1.7500	1.7647	1.8065	1.8065	1.7895	1.7895
13	1.8000	1.8182	1.8621	1.8621	1.8621	1.8621
14	1.7778	1.7949	1.8000	1.8000	1.8000	1.8000
15	1.8095	1.8182	1.8571	1.8571	1.8571	1.8462
16	1.7778	1.8095	1.8182	1.8182	1.8182	1.8182
17	1.8000	1.8095	1.8571	1.8571	1.8571	1.8571
18	1.8000	1.8250	1.8462	1.8462	1.8462	1.8462
19	1.8182	1.8235	1.8333	1.8462	1.8462	1.8333
20	1.8000	1.8033	1.8462	1.8462	1.8462	1.8462
21	1.7931	1.8235	1.8571	1.8571	1.8571	1.8571
22	1.7895	1.8333	1.8333	1.8333	1.8333	1.8333
23	1.8182	1.8333	1.8500	1.8537	1.8537	1.8571
24	1.8333	1.8421	1.8667	1.8667	1.8667	1.8571
25	1.7778	1.7895	1.8333	1.8333	1.8333	1.8333
26	1.8095	1.8333	1.8462	1.8571	1.8571	1.8462
27	1.7500	1.8000	1.8261	1.8261	1.8261	1.8261
28	1.8000	1.8261	1.8333	1.8333	1.8333	1.8333
29	1.7895	1.8235	1.8462	1.8462	1.8462	1.8462
30	1.7778	1.8571	1.8571	1.8571	1.8571	1.8571

, revealing that NIGA was capable of identifying superior solution paths in comparison with the other algorithms across a series of 30 trials with randomized initial strategies. To further elucidate the comparative optimization effectiveness among RS, DS, BS, CS, ES, and NIGA, Figure 2 presents nine diagrams that depict their optimization processes, highlighting their notable performance aspects.

Table 3 offers a detailed performance comparison among several strategies within an attacker–defender game model. The NIGA stands out as it consistently demonstrates superior performance across all trials, indicating its potential as a robust method for optimizing defense strategies against potential attacks. The uniformity in the performance of strategies such as the RS, DS, BS, CS, and ES suggests that these approaches might be similarly influenced by certain network metrics.

The table also reveals that strategies based on network centrality metrics, such as DS, BS, and CS, do not invariably outperform the RS. This observation might suggest that these metrics alone might not sufficiently capture the intricacies of the interactions within the attacker–defender game. The consistent lower values recorded for NIGA imply that it is more adept at minimizing the defender’s loss.

Figure 2 demonstrates that NIGA can find smaller values than RS, DS, BS, CS, and ES. Moreover, it converges more rapidly. In other words, the proposed algorithm possesses superior optimization capability compared with RS, DS, BS, CS, and ES.

Secondly, NIGA was compared with RS, DS, BS, CS, and ES in terms of optimization capability in different networks. The results of the experiment, shown in

Table 4. The results of the performance test for NIGA, RS, DS, BS, CS, and ES for different numbers of nodes.

Nodes	NIGA	RS	DS	BS	CS	ES
30	1.7500	1.7647	1.8065	1.8065	1.7895	1.7895
50	1.9091	1.9091	1.9091	1.9091	1.9231	1.9167
100	1.9330	1.9333	1.9349	1.9349	1.9349	1.9349
200	1.9408	1.9420	1.9443	1.9443	1.9443	1.9441
300	1.9496	1.9500	1.9500	1.9500	1.9500	1.9504

, show that compared with the other traditional algorithms, NIGA could achieve better results on the networks with 30, 100, 200, and 300 nodes. In the 50-node network, NIGA, RS, DS, and BS had the same optimization effect.

Table 4 provides an insightful comparison of the performance of different strategies across varying network sizes. The results are particularly revealing in terms of how each strategy scales with the increase in the number of nodes in the network. Initially, it is noticeable that NIGA consistently performs well across all node sizes, indicating its robustness and effectiveness in different network conditions. The scores for NIGA are the lowest among the strategies compared, which in this context suggests a more optimal performance as the objective is to minimize the defender’s loss.

As the network size increases from 30 to 300 nodes, the performance of most strategies, except for NIGA, tends to converge. This could imply that as networks grow larger, the strategies based on network centrality metrics such as DS, BS, and CS, which initially show variability, start to perform similarly. This convergence might be due to the increased complexity and interconnectivity in larger networks, which could diminish the impact of individual node characteristics that these strategies focus on.

In order to better show the optimization performance of RS, DS, BS, CS, ES, and NIGA, three optimization process diagrams showing noticeable effects are shown in Figure 3.

Figure 3 illustrates that across various network sizes, NIGA was capable of identifying lower values than those obtained with random strategy (RS), degree strategy (DS), betweenness strategy (BS), closeness strategy (CS), and eigenvalue strategy (ES). This suggests that NIGA generally outperforms these strategies in terms of optimization efficiency.

5.2. Comparison with Smart Methods

While the comparison in Section 5.1 demonstrates NIGA’s superior performance against traditional algorithms such as RS, DS, BS, CS, and ES, it is also essential to evaluate its effectiveness in comparison with more advanced, state-of-the-art methods. These advanced methods often incorporate machine learning, artificial intelligence, or other sophisticated computational techniques to address the complexities of attacker–defender games in large-scale networks.

One such state-of-the-art method is the deep reinforcement learning approach (DRL), which has been applied to security games to learn optimal defense strategies through interaction with the environment. DRL methods have shown promise in dynamic and uncertain conditions but can be computationally intensive and require extensive training periods.

Another advanced method is the multi-agent reinforcement learning (MARL) framework, which models the interactions between multiple defenders and attackers. MARL provides a more realistic representation of real-world scenarios but faces challenges in terms of convergence and the computational complexity of handling multiple agents.

A third approach includes the use of evolutionary algorithms (EA), which simulate the process of natural selection to evolve optimal strategies. EAs are known for their robustness in searching large and complex solution spaces but may suffer from slow convergence and the need for fine-tuning of various parameters.

In our comparison, we found that while these advanced methods offer unique advantages, NIGA demonstrates a better balance between computational efficiency and solution quality, especially for large-scale networks. NIGA’s node-incremental approach allows for a more manageable exploration of the strategy space, reducing the computational burden compared to methods that require simultaneous consideration of all possible strategies.

5.3. Overview of Simulation Setting and Criteria for Performance Assessment

The attacker has the capability to target infrastructures through various means, including the use of explosives, the employment of chemical and biological weapons, and the initiation of cyber attacks. Conversely, the defender can safeguard infrastructures by bolstering physical security measures and taking other protective actions. Furthermore, the model presented in this study is also applicable for the analysis of individual attack instances.

The simulation experiment diagrams of this study are depicted in Figure 4. Figure 4a represents a power-law network with 30 nodes, while Figure 4b illustrates one with 100 nodes. To provide a comprehensive demonstration, simulation experiments were conducted based on these two networks. In Figure 4, the nodes and edges represent the infrastructures and their interconnections within the infrastructure network, respectively. All nodes depicted in Figure 4 are susceptible to attack and can also be defended.

The simulation experiment (Figure 4) utilizes networks of typical sizes. However, the range of strategies for attack and defense is vast. We assume that the cost to attack or defend a single node is one unit.

Table 5. Comparison of number of strategies for different attack–defense resources.

Attack–Defense Resources	2	4	6	8
Number of strategies (N = 30)	$C_{30}^2=435$	$C_{30}^4=27,405$	$C_{30}^6=593,775$	$C_{30}^8=5,852,925$
Number of strategies (N = 100)	$C_{100}^2=4950$	$C_{100}^4=3,921,225$	$C_{100}^6=1.1921\times {10}^9$	$C_{100}^8=1.8609\times {10}^{11}$

shows the number of strategies available given different resource allocations. In a network of 30 nodes, there are 5.8 million possible strategies. This number grows significantly for a 100-node network, reaching 18.609 billion strategies.

Next, the influence of different scales of the initial strategies in the attacker–defender game model and the influence of the attack-defense resources on the Nash equilibrium were analyzed.

5.4. The Influence of the Scale of the Initial Strategies on the Nash Equilibrium

In this section, with the attacker’s and defender’s resources fixed, we report the analysis of the impact of the initial strategy scales on the experimental outcomes. In the 30-node network, due to the relatively small total number of strategies, the proportions of the initial strategy count to the total strategy count were set to 0.05, 0.10, and 0.15. In the 100-node network, given the large total number of strategies, the proportions were set to 0.01, 0.02, and 0.03.

Table 6. Optimization results for different ratios of initial strategies ($N=30$).

r	Number of Initial Strategies	Optimization Result	Convergence Iterations
0.05	22	1.8182	6
0.10	44	1.8333	10
0.15	66	1.8519	3

and

Table 7. Optimization results for different ratios of initial strategies ($N=100$).

r	Number of Initial Strategies	Optimization Result	Convergence Iterations
0.01	50	1.9130	9
0.02	99	1.9444	4
0.03	149	1.9545	4

present the results of the two sets of experiments. To provide a more intuitive display of the experimental results, we created the graphs in Figure 5.

In Table 6, for $N=30$, the results vary from 1.8182 to 1.8333 to 1.8519 as r increases from 0.05 to 0.10 to 0.15, respectively. As r increases from 0.05 to 0.15, the number of initial strategies increases, and the optimization result changes. The convergence iterations decrease from six to three, which might suggest that as more strategies are available at higher ratios, the optimization algorithm can find a solution more quickly or it might reach a point of diminishing returns where additional strategies do not significantly improve the result.

In Table 7, for $N=100$, the optimization results are 1.9130 for $r=0.01$, 1.9444 for $r=0.02$, and 1.9545 for $r=0.03$. However, the convergence iterations do not show a clear trend, varying between four and nine. This could mean that the optimization landscape is more complex with more initial strategies, or it could be that the algorithm’s performance is affected by other factors.

5.5. The Influence of Attack-Defense Resources on the Nash Equilibrium

In this subsection, we present further experiments to analyze the defender’s loss where the scale of the initial strategies was fixed. The attack–defense resources were set to two, four, six, and eight. The defender’s losses for different attack–defense resource allocations are reported in

Table 8. The loss of the defender under different attack–defense resource conditions ($N=30$).

		Defense Resources
		2	4	6	8
Attack Resources	2	1.7500	1.5197	1.4175	1.2050
	4	3.5862	3.1111	3.0094	2.5837
	6	5.4138	5.0000	4.3787	4.0641
	8	7.3077	6.6707	5.9709	5.2843

and

Table 9. The loss of the defender under different attack–defense resource conditions ($N=100$).

		Defense Resources
		2	4	6	8
Attack Resources	2	1.9512	1.8933	1.8391	1.5897
	4	3.9024	3.8114	3.6979	3.2000
	6	5.8463	5.7064	5.5071	4.7775
	8	7.6000	7.2000	6.8000	6.4000

. The results in Table 8 are based on a 30-node network, while those in Table 9 are based on a 100-node network. Figure 6 provides a more intuitive representation of the changes in the defender’s profit under varying attack–defense resource conditions across different network sizes.

Table 8 illustrates the defender’s loss for a smaller network with 30 nodes. The data reveal a significant reduction in the defender’s loss as the defense resources increase, regardless of the attacker’s resources. This trend underscores the importance of resource allocation in defense strategies. Notably, when the defender has more resources, the loss decreases, demonstrating the direct relationship between resource availability and the effectiveness of defense. Conversely, as the attacker’s resources increase, the defender’s loss escalates.

Table 9, which pertains to a larger network of 100 nodes, presents a similar pattern. However, the magnitude of the defender’s loss is generally higher in this case, reflecting the increased complexity and potential attack vectors in larger networks. The results here also indicate that as defense resources increase, the defender’s loss decreases, but the rate of decrease is less pronounced than in the smaller network. This could be attributed to the larger network’s greater capacity for potential attack combinations, which might dilute the impact of increased defense resources.

A comparative analysis of Table 8 and Table 9 shows that the defender’s loss is generally lower in the smaller network (N = 30) across all resource conditions. This suggests that smaller, more manageable networks might be easier to defend effectively. However, as network size increases, the defender faces a more challenging task, necessitating more sophisticated defense strategies and potentially more resources.

Figure 6 show that when the attack resources remain unchanged, the more numerous the defense resources, the smaller the loss of the defender, and when the defense resources remain unchanged, the more numerous the attack resources, the greater the loss of the defender.

6. Conclusions

In this study, we developed a strategic game framework to address the complexities of the attacker–defender challenge within infrastructure networks. We established the node-incremental greedy algorithm (NIGA) to determine the game’s Nash equilibrium, enhancing computational efficiency and solution effectiveness. Our experiments demonstrated the superiority of NIGA over traditional algorithms in terms of optimization ability.

Our future work will focus on the practical implementation of our theoretical findings in real network environments. This includes collaborating with industry partners to deploy and test our models and algorithms in actual infrastructure networks, ensuring their robustness and scalability. We will also enhance the algorithm to adapt to dynamic changes in network conditions and threats, making it more resilient to real-world challenges. Furthermore, we aim to explore the applicability of our framework to other types of networks, such as corporate IT networks and public utility networks, to broaden its impact.

One of the primary challenges is dealing with incomplete information. In real-world situations, it is often difficult to have a complete understanding of the network topology or the intentions and capabilities of potential adversaries. We have discussed how NIGA could be adapted to work under conditions of partial information, potentially by incorporating machine learning techniques to predict and respond to unknown variables.

Another significant challenge is the dynamic nature of network environments. Critical infrastructure networks are not static; they evolve with changes in technology, policy, and external threats. We have explored how NIGA could be modified to accommodate such changes, emphasizing the need for algorithms that can quickly adapt to new network configurations and threat landscapes.

The study shows NIGA performs well on networks of up to 300 nodes. It proves efficient and effective. Scalability to larger networks is crucial. Real-world critical infrastructure networks are often expansive. We plan to extend NIGA’s use to networks with thousands of nodes. This move will ensure its feasibility and relevance. Complex and extensive systems will be within NIGA’s scope. Assessing scalability will confirm NIGA as a practical solution. It will meet the needs of modern infrastructure protection.

In conclusion, while our study lays a strong theoretical foundation for addressing attacker–defender challenges in infrastructure networks, the next step is to ensure the practical viability and effectiveness of our strategies in enhancing network security and resilience.