Audit Games with Multiple Defender Resources

TL;DR

This paper extends audit game models to include multiple audit resources with subset restrictions, providing an efficient approximation algorithm and demonstrating practical computational improvements.

Contribution

It introduces a generalized audit game model with multiple resources and develops an FPTAS using a novel optimization transformation.

Findings

The FPTAS efficiently computes approximate solutions for complex audit games.

The optimization transformation significantly accelerates solution computation.

Experimental results confirm the method's practical effectiveness.

Abstract

Modern organizations (e.g., hospitals, social networks, government agencies) rely heavily on audit to detect and punish insiders who inappropriately access and disclose confidential information. Recent work on audit games models the strategic interaction between an auditor with a single audit resource and auditees as a Stackelberg game, augmenting associated well-studied security games with a configurable punishment parameter. We significantly generalize this audit game model to account for multiple audit resources where each resource is restricted to audit a subset of all potential violations, thus enabling application to practical auditing scenarios. We provide an FPTAS that computes an approximately optimal solution to the resulting non-convex optimization problem. The main technical novelty is in the design and correctness proof of an optimization transformation that enables the construction of this FPTAS. In addition, we experimentally demonstrate that this transformation significantly speeds up computation of solutions for a class of audit games and security games.