The topology of covert conflict
Often an attacker tries to disconnect a network by destroying nodes or edges, while the defender counters using various resilience mechanisms. Examples include a music industry body attempting to close down a peer-to-peer file-sharing network; medics attempting to halt the spread of an infectious disease by selective vaccination; and a police agency trying to decapitate a terrorist organisation. Albert, Jeong and Barabási famously analysed the static case, and showed that vertex-order attacks are effective against scale-free networks. We extend this work to the dynamic case by developing a framework based on evolutionary game theory to explore the interaction of attack and defence strategies. We show, first, that naive defences don’t work against vertex-order attack; second, that defences based on simple redundancy don’t work much better, but that defences based on cliques work well; third, that attacks based on centrality work better against clique defences than vertex-order attacks do; and fourth, that defences based on complex strategies such as delegation plus clique resist centrality attacks better than simple clique defences. Our models thus build a bridge between network analysis and evolutionary game theory, and provide a framework for analysing defence and attack in networks where topology matters. They suggest definitions of efficiency of attack and defence, and may even explain the evolution of insurgent organisations from networks of cells to a more virtual leadership that facilitates operations rather than directing them. Finally, we draw some conclusions and present possible directions for future research.
In this paper, we have built a bridge between network science and evolutionary game theory.
For some years, people have discussed what sort of communications topologies might be ideal for covert communication in the presence of powerful adversaries, and whether network science might be of practical use in covert conflicts – whether to insurgents or to counterinsurgency forces [5, 18]. Our work makes a start on dealing with this question
systematically.Albert, Jeong and Barab´asi showed that although a scalefree network provides better connectivity, this comes at a cost in robustness – an opponent can disconnect a network
quickly by concentrating its firepower on well-connected nodes. In this paper, we have asked the logical next questions. What sort of defence should be planned by operators of such a network? And what sort of framework can be developed in which to test successive refinements of attack, defense, counterattack and so on?
First, we have shown that naive defences don’t work. Simply replacing dead hubs with new recruits does not slow down the attacker much, regardless of whether link replacement follows a random or scale-free pattern.
Moving from a single-shot game to a repeated game provides a useful framework. It enables concepts of evolutionary game theory to be applied to network problems.
Next, we used the framework to explore two more sophisticated defensive strategies. In one, potentially vulnerable high-order nodes are replaced with rings of nodes, inspired by a standard technique in anonymous communications. In the other, they are replaced by cliques, inspired by the cell structure often used in revolutionary warfare. To our surprise
we found that rings were all but useless, while cliques are remarkably effective. This may be part of the reason why cell structures have been widely used by capable insurgent groups.
Next, we searched for attacks that work better against clique defences. We found that the centrality attack of Holme et al does indeed appear to be more powerful, although it can be more difficult to mount as evaluating node centrality involves knowledge of the entire topology of the network. Centrality attacks may reflect the modern reality of counterinsurgency based on pervasive communications intelligence and, in particular,
Now we are searching for defences that work better against centrality attacks. A promising candidate appears to be the delegation defence, combined with cliques. This combination may in some ways reflect the reported ‘virtualisation’ strategies of some modern insurgent networks.
Above all, this work provides a systematic way to evolve and test security concepts relating to the topology of networks.