Mathematical Problems of Managing the Risks of Complex Systems under Targeted Attacks with Known Structures

Abstract

This paper deals with the problem of managing the risks of complex systems under targeted attacks. It is usually solved by using Defender–Attacker models or similar ones. However, such models do not consider the influence of the defending system structure on the expected attack outcome. Our goal was to study how the structure of an abstract system affects its integral risk. To achieve this, we considered a situation where the Defender knows the structure of the expected attack and can arrange the elements to achieve a minimum of integral risk. In this paper, we consider a particular case of a simple chain attack structure. We generalized the concept of a local risk function to account for structural effects and found an ordering criterion that ensures the optimal placement of the defending system’s elements inside a given simple chain structure. The obtained result is the first step to formulate the principles of optimally placing system elements within an arbitrarily complex network. Knowledge of these principles, in turn, will allow solving the problems of optimal allocation of resources to minimize the risks of a complex system, considering its structure.

1. Introduction

One of the most topical problems in studying complex networks is developing mathematical models of various disruptive effects, including targeted attacks on the nodes or edges of a network. Such models assess the risks and the propagation of failures in complex systems of different natures. This approach is widely used in solving the problems of cyber-physical systems [1,2], computing systems [3,4], epidemiology [5,6], as well as other subject areas.

The classic approach considers such impacts (or attacks) as an accidental (unintentional) occurrence. The corresponding models are the error tolerance model [7]; “forest fire”-based models [8], including the one with immune trees [9]; demon model [10]; cellular automata-based model [11,12]; and random attack percolation models [13,14]. The latter ones, including the targeted attack percolation models [15,16,17,18], localized attack percolation models [19], and k-core percolation [20,21,22,23], are also used to simulate the intentional attacks on a network’s nodes and edges, assuming that the Attacker tries to disrupt the network connectivity as quickly as possible.

In terms of complex network risk management problems, these percolation models naturally belong to a broader class of Defender–Attacker–Defender (D-A-D) models [24,25]. Such models consider the conflict between two actors. One of them is the Attacker, who brings a negative impact on the network. The other one is the Defender, who tries to resist it. D-A-D models generally assume that the Attacker and the Defender have limited resources to undertake their actions. In this case, the problem is the optimization of resources for both actors. However, the Defender can also act differently, e.g., intentionally changing the complex network’s structure to reduce risks. We can mention cascading failure propagation models [26,27] as an example of such models for non-targeted attacks and their implementation in several interconnected networks. For instance, paper [28] describes the model for two interconnected networks.

Models considering the intentional modification (or establishing) of the network structure by the Defender to counter the targeted attacks seem to exist only for interconnected networks [29,30,31].

Networks describing real-world systems mostly have a pre-defined and fixed structure. At the same time, there are practical challenges, e.g., building a layered defense or a multi-level defense, where the Defender can choose the structure of the protected system to restrict the malicious acts. The authors could not find any mathematical models describing this case in the literature.

Table 1. The classification of failure propagation models on complex networks.

		Attack
		Unintentional (Random)	Targeted
Network structure changes	Unintentional or no changes at all	(1) Random attack percolation models [13,14] Error tolerance model [7] “Forest fire” (FF) [8] based models: FF with immune trees [9], Demon model [10], Cellular automata-based model [11,12]	(2) Attacker–Defender, Defender–Attacker, Defender–Attacker–Defender models [24,25] Targeted attack percolation models [15,16,17,18] Localized attack percolation models [19] k-core percolation [20,21,22,23] Interdependent networks robustness under targeted attacks [34]
	Intentional	(3) Cascading failure propagation models [26,27] Regular allocation strategy of bidirectional interconnections [28]	(4) Cascading failure propagation model for networks of networks [29,30,31]

shows the classification of the above-mentioned mathematical models. The models describing the influence of a complex network structure on its risk are in cell (4).

The purpose of this study is to examine how the Defender could lower the integral risk to a network by choosing (or changing) its structure. We consider a simple case of a chain structure. The Defender can place elements with different local risks into its nodes. We formulated the optimal placement criteria for such structures. The Defender will use the obtained results when solving the problem of optimal resources allocation with classic Defender–Attacker and Defender–Attacker–Defender models of countering the attacks in complex systems, or models of effective security monitoring and risk management of complex networks, which we have considered in prior studies [32,33]. The obtained results are the step towards deriving the optimal placement criteria for arbitrary structures.

The structure of the study is as follows. Section 2 describes the general statement of the problem of managing the risks of the complex system under attack with a known structure. We also prove several supplemental statements. Section 3 considers the problem of finding the optimal mapping of the system elements onto a given simple chain attack structure and solving it.

2. General Problem Statement

We use the general risk model described in [34] adopted to consider the influence of a system structure.

Consider a complex system consisting of a finite set of elements (objects, so far of an arbitrary nature): S = {s₁, …, s_i, …, s_n}, i ∈ N = {1, …, n}. We assume that the elements s_i ∈ S, i ∈ N of the system are autonomous so that they cannot influence each other’s states.

Suppose that there are two subjects (also of an arbitrary nature for the time being), which we will call player A (otherwise, the Attacker) and player D (otherwise, the Defender). These two subjects have different intentions towards the state of system S.

We assume that player D has a certain resource quantity X ≥ 0, which he can arbitrarily distribute among the elements of the system S: x = (x₁, …, x_n), x_i ≥ 0, i ∈ N, ${\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{n}}{\mathrm{x}}_{\mathrm{i}} \le \mathrm{X}$.

Similarly, we assume that player A also has a certain quantity of resource Y ≥ 0, which he can arbitrarily distribute among the elements of the system S: y = (y₁, …, y_n), y_i ≥ 0, i ∈ N, ${\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{n}}{\mathrm{y}}_{\mathrm{i}} \le \mathrm{Y}$.

In the framework of the considered model, we will consider the “resource” as any measurable and arbitrarily divisible asset represented by a non-negative real number. It could be financial, labour, time, production, and other resources/costs depending on the context.

We will call the local risk some local characteristic of an element s_i ∈ S, depending on the quantity of resources allocated by players D and A. The local risk characteristic represents possible losses (damage) due to changing the element’s state.

In turn, we will call the integral risk some overall characteristic of the entire system S, depending on the quantity of resources allocated by players D and A to all its elements, and associated with possible losses (damage) because of a state change of each element.

If the system’s elements are autonomous, the local risk of any element will depend on the quantity of resources allocated to it by players D and A. We define the local risk function for each element as ${\rho }_{\mathrm{i}}{ (\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}): {ℝ}_0^{+}\times {ℝ}_0^{+}\to {ℝ}_0^{+}$, where ${ℝ}_0^{+}$ is a set of non-negative real numbers.

Considering the described model, we will further assume that the local risk functions ρ_i (·, ·), i ∈ N, have the following properties:

• Risk non-negativity:

  $$\forall \mathrm{i} \in { \mathrm{N}, \mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}} \ge { 0: \rho }_{\mathrm{i}}\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right) \ge 0.$$

  (1)
• Risk monotonicity:

  $$\forall \mathrm{i} \in \mathrm{N}:\frac{\mathsf{\partial }{\rho }_{\mathrm{i}}\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right)}{\mathsf{\partial }{\mathrm{x}}_{\mathrm{i}}} \le 0, \frac{\mathsf{\partial }{\rho }_{\mathrm{i}}\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right)}{\mathsf{\partial }{\mathrm{y}}_{\mathrm{i}}} \ge 0.$$

  (2)
• Risk finiteness:

  $$\forall \mathrm{i} \in { \mathrm{N}, \mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}} \ge 0 \exists {\rho }_{\mathrm{i}}^{\mathrm{x}}{ =\mathrm{const}, \rho }_{\mathrm{i}}^{\mathrm{y}}{ =\mathrm{const}: 0 < \rho }_{\mathrm{i}}^{\mathrm{x}} \le { \rho }_{\mathrm{i}}\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right) \le { \rho }_{\mathrm{i}}^{\mathrm{y}}.$$

  (3)

The risk non-negativity property means that the potential damage associated with a local risk occurrence for any element s_i ∈ S cannot be negative. We assume that there is always a positive residual risk in the common case, regardless of the measures taken to reduce it. There are only separate, exceptional cases when risk can be lower to zero.

The risk monotony property means that the additional allocation of resources to any element s_i ∈ S by the Defender should not increase the local risk for any element of system S. On the other hand, the additional resource allocation by the Attacker should not decrease the local risk for any element of system S.

The risk finiteness property means that the Defender cannot reduce the residual risk for any element s_i ∈ S to a zero value, and, on the other hand, there is a final positive marginal risk for any element s_i ∈ S (regardless of the quantity of resources spent by the Attacker).

Let the structure W = 〈G (S, E), T〉 be a graph with a set of elements S as its vertices, a set of edges E, and a specific subset of vertices T ⊆ S, which we will call the perimeter of the system S.

We assume that player A attacks the elements of the system for the selected path c = (v, …, w), v, w ∈ S and transits from some vertex s_i ∈ c to an adjacent vertex s_j ∈ c only if his attack on the element s_i was successful. If the element s_i ∈ S is in state e_i = 1, we assume it operates in its normal mode. If e_i = 0, then the element s_i is not operational, which means player A has successfully disabled it.

Let x = (x₁, …, x_n), y = (y₁, …, y_n) be some valid resource distributions among the vertices (elements) of the system S for players D and A, respectively. Consider the local risk functions for each vertex s_i ∈ S as follows:

ρ_i (x, y) = u_i (x, y)p_i (x, y)

(4)

where ${\mathrm{u}}_{\mathrm{i}}\left(\mathrm{x}, \mathrm{y}\right): {ℝ}_{\mathrm{n}}^{+} \times {ℝ}_{\mathrm{n}}^{+} \to {ℝ}_0^{+}$ is a function describing the dependence of the expected damage in the case of a successful attack depending on the resource distributions x and y, and ${\mathrm{p}}_{\mathrm{i}}\left(\mathrm{x}, \mathrm{y}\right): {ℝ}_{\mathrm{n}}^{+} \times {ℝ}_{\mathrm{n}}^{+} \to (0, 1]$ is the probability of a successful attack depending on the distributions x and y.

The following tuple defines the basic risk management model for complex systems with the structure and the perimeter:

$$\langle \mathrm{S}={\left\{{\mathrm{s}}_{\mathrm{i}}\right\}}_{\mathrm{i} \in \mathrm{N}}, \mathrm{T}, \mathrm{E}, \mathrm{D}, \mathrm{A}, \mathrm{x}, \mathrm{y}, {\left\{{\rho }_{\mathrm{i}}\left(·, ·\right)\right\}}_{\mathrm{i} \in \mathrm{N}}, \rho \left(·, ·\right)\rangle$$

(5)

If the structure is W = 〈G (S, E), T〉 is defined, then:

• The Defender’s goal is to allocate the available resource X among the elements of the system S to reduce the value of the integral risk function ρ (x, y) to a minimum.
• On the contrary, the Attacker’s goal is to distribute the available resource Y among the system elements S to increase the value of the integral risk function ρ (x, y) to a maximum.

Let ${\mathrm{p}}_{\mathrm{i}}^0\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right){: \mathrm{R}}_0^{+}{ \times \mathrm{R}}_0^{+} \to \left[{\mathrm{p}}^{\min }, 1\right]{, \mathrm{p}}^{\min }=\underset{\mathrm{i} \in \mathrm{N}}{\min } \underset{{\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}}{\min } {\mathrm{p}}_{\mathrm{i}}^0\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right) > 0$ be a function describing the relationship between of the probability of a successful attack on the vertex s_i and the quantity of resources x_i and y_i allocated to it by players D and A, respectively, in an isolated case, i.e., without considering the structure V. Then, the value ${\rho }_{\mathrm{i}}^0\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right){ =\mathrm{u}}_{\mathrm{i}}\left(\mathrm{x}, \mathrm{y}\right){\mathrm{p}}_{\mathrm{i}}^0\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right)$ will be called the eigen local risk.

For simplicity, we consider a special case when expected damage is independent of x, y, i.e., ${\mathrm{u}}_{\mathrm{i}}\left(\mathrm{x}, \mathrm{y}\right){ =\mathrm{u}}_{\mathrm{i}} > 0$ ∀i ∈ N.

The following propositions are correct.

Proposition 1.

If the graph G (S, E) is connected, then ∀i ∈ N: s_i ∈ S\T, there is a simple path, including vertices $s_i{ = s}_{i_m}{, s}_{i_{m-\mathit{1}}}{, \dots , s}_{i_{\mathit{1}}}{, s}_{i_{\mathit{0}}}{; s}_{i_{\mathit{1}}}{, \dots , s}_{i_m}\in { S\backslash T, s}_{i_{\mathit{0}}}\in T$ that $p_i\left(x, y\right){ =p}_i^{\mathit{0}}\left(x_i{, y}_i\right)\cdot \underset{s_j \in {\tilde{S}}_i}{\mathit{max}}{p}_j\left(x, y\right){ =p}_{i_{\mathit{0}}}^{\mathit{0}}\left(x_{i_{\mathit{0}}}{, y}_{i_{\mathit{0}}}\right)p_{i_{\mathit{1}}}^{\mathit{0}}\left(x_{i_{\mathit{1}}}{, y}_{i_{\mathit{1}}}\right)\cdot \dots \cdot { p}_{i_{m-\mathit{1}}}^{\mathit{0}}\left(x_{i_{m-\mathit{1}}}{, y}_{i_{m-\mathit{1}}}\right){ p}_{i_m}^{\mathit{0}}\left(x_{i_m}{, y}_{i_m}\right),$ where ${\tilde{S}}_i \subseteq S$ is the set of vertices adjacent to s_i.

Proof. 

The existence of a simple path directly follows from the connectivity of the graph. Let us prove the equality. Partition S₀, S₁, … of the vertex set S is as follows. We include all the vertices of the perimeter T ⊆ S in the set S₀. All the vertices s_i ∈ S\S₀ adjacent to the vertices of set S₀ are included in the set S₁. We continue this until we distribute all the vertices of S over the sets S₀, S₁, …, S_l, i.e., ∀i ∈ N ∃j ∈ {0, 1, …, l}: s_i ∈ S_j. Note that under n < ∞, this process is finite, and l ≤ n − 1. The equality will have place if the graph G (S, E) is the chain on n vertices.

Let us consider an arbitrary vertex ${\mathrm{s}}_{\mathrm{i}}{ =\mathrm{s}}_{{\mathrm{i}}_{\mathrm{m}}}\in { \mathrm{S}}_1$. If there is only one vertex in the set S₁, then $\exists {\mathrm{s}}_{{\mathrm{i}}_0}\in { \mathrm{S}}_0{: \mathrm{p}}_{\mathrm{i}}\left(\mathrm{x}, \mathrm{y}\right){ =\mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}}}^0\left({\mathrm{x}}_{{\mathrm{i}}_{\mathrm{m}}}{, \mathrm{y}}_{{\mathrm{i}}_{\mathrm{m}}}\right)\cdot \underset{{\mathrm{s}}_{\mathrm{j}} \in {\tilde{\mathrm{S}}}_{\mathrm{i}}}{\max }{\mathrm{p}}_{\mathrm{j}}\left(\mathrm{x}, \mathrm{y}\right){ =\mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}}}^0\left({\mathrm{x}}_{{\mathrm{i}}_{\mathrm{m}}}{, \mathrm{y}}_{{\mathrm{i}}_{\mathrm{m}}}\right){\mathrm{p}}_{{\mathrm{i}}_0}^0\left({\mathrm{x}}_{{\mathrm{i}}_0}{, \mathrm{y}}_{{\mathrm{i}}_0}\right)$, where ${\tilde{\mathrm{S}}}_{\mathrm{i}} \subseteq \mathrm{S}$ is the set of vertices adjacent to s_i. We provide a proof by contradiction when the set S₁ contains more than one vertex.

Suppose that $\forall {\mathrm{s}}_{{\mathrm{i}}_0}\in { \mathrm{S}}_0{ \mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}}}^0\left({\mathrm{x}}_{{\mathrm{i}}_{\mathrm{m}}}{, \mathrm{y}}_{{\mathrm{i}}_{\mathrm{m}}}\right)\cdot \underset{{\mathrm{s}}_{\mathrm{j}} \in {\tilde{\mathrm{S}}}_{\mathrm{i}}}{\max }{\mathrm{p}}_{\mathrm{j}}\left(\mathrm{x}, \mathrm{y}\right){ > \mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}}}^0\left({\mathrm{x}}_{{\mathrm{i}}_{\mathrm{m}}}{, \mathrm{y}}_{{\mathrm{i}}_{\mathrm{m}}}\right){\mathrm{p}}_{{\mathrm{i}}_0}^0\left({\mathrm{x}}_{{\mathrm{i}}_0}{, \mathrm{y}}_{{\mathrm{i}}_0}\right)$. Then, $\exists {\mathrm{s}}_{{\mathrm{i}}_{\mathrm{m}-1}}\in { \mathrm{S}}_1 \cup { \mathrm{S}}_2{: \mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}-1}}\left(\mathrm{x}, \mathrm{y}\right) =\underset{{\mathrm{s}}_{\mathrm{j}} \in {\tilde{\mathrm{S}}}_{\mathrm{i}}}{\max }{\mathrm{p}}_{\mathrm{j}}\left(\mathrm{x}, \mathrm{y}\right)$. Due to the vertex attack order defined above and the definition of the local risk function ${\rho }_{{\mathrm{i}}_{\mathrm{m}-1}}\left(\mathrm{x}, \mathrm{y}\right)$, the notation of the latter necessarily includes the multipliers ${\mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}-1}}^0\left({\mathrm{x}}_{{\mathrm{i}}_{\mathrm{m}-1}}{, \mathrm{y}}_{{\mathrm{i}}_{\mathrm{m}-1}}\right)$ and ${\mathrm{p}}_{{\mathrm{k}}_0}^0\left({\mathrm{x}}_{{\mathrm{k}}_0}{, \mathrm{y}}_{{\mathrm{k}}_0}\right)$, where ${\mathrm{p}}_{{\mathrm{k}}_0}^0\left({\mathrm{x}}_{{\mathrm{k}}_0}{, \mathrm{y}}_{{\mathrm{k}}_0}\right)$ is the probability of a successful attack of some vertex ${\mathrm{s}}_{{\mathrm{k}}_0}\in { \mathrm{S}}_0$, for which there is a chain $\left({\mathrm{s}}_{{\mathrm{i}}_{\mathrm{m}-1}}{, \dots , \mathrm{s}}_{{\mathrm{k}}_0}\right)$ of length m − 1 connecting ${\mathrm{s}}_{{\mathrm{k}}_0}$ with ${\mathrm{s}}_{{\mathrm{i}}_{\mathrm{m}-1}}\in { \mathrm{S}}_1 \cup { \mathrm{S}}_2$.

That is, $\underset{{\mathrm{s}}_{\mathrm{j}} \in {\tilde{\mathrm{S}}}_{\mathrm{i}}}{\max }{\mathrm{p}}_{\mathrm{j}}\left(\mathrm{x}, \mathrm{y}\right) ={ \mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}-1}}\left(\mathrm{x}, \mathrm{y}\right){ =\mathrm{p}}_{{\mathrm{k}}_0}^0\left({\mathrm{x}}_{{\mathrm{k}}_0}{, \mathrm{y}}_{{\mathrm{k}}_0}\right)\cdot \dots \cdot {\mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}-1}}^0\left({\mathrm{x}}_{{\mathrm{k}}_{\mathrm{m}-1}}{, \mathrm{y}}_{{\mathrm{k}}_{\mathrm{m}-1}}\right)$, with all multipliers not exceeding the value of 1. However, then ${\mathrm{p}}_{{\mathrm{k}}_0}^0\left({\mathrm{x}}_{{\mathrm{k}}_0}{, \mathrm{y}}_{{\mathrm{k}}_0}\right)\cdot \dots \cdot {\mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}-1}}^0\left({\mathrm{x}}_{{\mathrm{i}}_{\mathrm{m}-1}}{, \mathrm{y}}_{{\mathrm{i}}_{\mathrm{m}-1}}\right){\mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}}}^0\left({\mathrm{x}}_{{\mathrm{i}}_{\mathrm{m}}}{, \mathrm{y}}_{{\mathrm{i}}_{\mathrm{m}}}\right){ > \mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}}}^0\left({\mathrm{x}}_{{\mathrm{i}}_{\mathrm{m}}}{, \mathrm{y}}_{{\mathrm{i}}_{\mathrm{m}}}\right) \cdot {\mathrm{p}}_{{\mathrm{k}}_0}^0\left({\mathrm{x}}_{{\mathrm{k}}_0}{, \mathrm{y}}_{{\mathrm{k}}_0}\right)$, since (according to the above assumption) this inequality holds for all S₀ vertices, including ${\mathrm{s}}_{{\mathrm{i}}_{\mathrm{m}}}$. Since the values in both sides of the inequality are strictly positive, and all the multipliers in the left side do not exceed 1, our assumption is incorrect. The above-described considerations are valid for any pair of sets S_k, S_k+1 of the S partition. □

Proposition 2.

If ∀I ∈ N functions $p_i^{\mathit{0}}{ (x}_i{, y}_i)$ monotonically decrease with the first argument and monotonically increase with the second one, then the functions p_i (x, y) = u_ip_i (x, y), satisfy the properties (1)−(3) for all i ∈ N.

Proof. 

First, we prove the boundedness. From the definition of the functions ${\mathrm{p}}_{\mathrm{i}}\left(\mathrm{x}, \mathrm{y}\right)$, ${\mathrm{p}}_{\mathrm{i}}^0\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right)$ and the proposition 1, it follows that ${\rho }_{\mathrm{i}}\left(\mathrm{x}, \mathrm{y}\right){ =\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{\mathrm{i}}\left(\mathrm{x}, \mathrm{y}\right) \le {\mathrm{u}}^{\max }$, and the equality will have place only when p_i (x, y) = 1 and u_i = u^max. We show that ∃ρ^x > 0: ∀x, y ρ_i (x, y) ≥ ρ^x.

According to proposition 1, ρ_i (x, y) could be represented as follows:

$${\rho }_{\mathrm{i}}\left(\mathrm{x}, \mathrm{y}\right){ =\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{{\mathrm{i}}_0}^0\left({\mathrm{x}}_{{\mathrm{i}}_0}{, \mathrm{y}}_{{\mathrm{i}}_0}\right){\mathrm{p}}_{{\mathrm{i}}_1}^0\left({\mathrm{x}}_{{\mathrm{i}}_1}{, \mathrm{y}}_{{\mathrm{i}}_1}\right)\cdot \dots \cdot {\mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}-1}}^0\left({\mathrm{x}}_{{\mathrm{i}}_{\mathrm{m}-1}}{, \mathrm{y}}_{{\mathrm{i}}_{\mathrm{m}-1}}\right){\mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}}}^0\left({\mathrm{x}}_{{\mathrm{i}}_{\mathrm{m}}}{, \mathrm{y}}_{{\mathrm{i}}_{\mathrm{m}}}\right)$$

(6)

where ${\mathrm{s}}_{{\mathrm{i}}_0}\in { \mathrm{T}, \mathrm{s}}_{{\mathrm{i}}_1}{, \dots , \mathrm{s}}_{{\mathrm{i}}_{\mathrm{m}}}{=\mathrm{s}}_{\mathrm{i}}\in { \mathrm{S}\backslash \mathrm{T}, \mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}}}^0\left({\mathrm{x}}_{{\mathrm{i}}_{\mathrm{m}}}{, \mathrm{y}}_{{\mathrm{i}}_{\mathrm{m}}}\right) ={\mathrm{p}}_{\mathrm{i}}^0\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right)$.

By definition, ${\mathrm{p}}_{\mathrm{i}}^0\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right) \in { [\mathrm{p}}^{\min }{, 1], \mathrm{p}}^{\min } > 0$ − hence, the desired ${\rho }^{\mathrm{x}}={\mathrm{u}}^{\min }{\left({\mathrm{p}}^{\min }\right)}^{\mathrm{m}+1}$, where ${\mathrm{u}}^{\min }=\underset{\mathrm{i} \in \mathrm{N}}{\min } {\mathrm{u}}_{\mathrm{i}}$. The equality ρ_i (x, y) = ρ^x will have place when u_i = u^min, and ${\mathrm{p}}_{{\mathrm{i}}_0}^0\left({\mathrm{x}}_{{\mathrm{i}}_0}{, \mathrm{y}}_{{\mathrm{i}}_0}\right) ={\mathrm{p}}_{{\mathrm{i}}_1}^0\left({\mathrm{x}}_{{\mathrm{i}}_1}{, \mathrm{y}}_{{\mathrm{i}}_1}\right) =\dots ={\mathrm{p}}_{{\mathrm{i}}_{\mathrm{m}}}^0\left({\mathrm{x}}_{{\mathrm{i}}_{\mathrm{m}}}{, \mathrm{y}}_{{\mathrm{i}}_{\mathrm{m}}}\right) ={\mathrm{p}}^{\min }$. Note that the boundedness p_i(x, y) also implies that it is positively defined. □

Proposition 3.

Adding structure W = 〈G (S, E), T〉 to the system does not increase the risk, i.e., ∀S = {s₁, …, s_n} ∀V ≠ ∅, T ⊆ S ρ_W (x, y) ≤ ρ (x, y), where ${\rho }_W\left(x, y\right) ={\displaystyle \mathit{\sum }}_{i=\mathit{1}}^n{\rho }_i (x, y),$ and $\rho \left(x, y\right) ={\displaystyle \mathit{\sum }}_{i=\mathit{1}}^n{\rho }_i^{\mathit{0}} (x, y)$.

Proof. 

First, we note that the perimeter T ⊆ S must include vertices from each connected component of the graph G (S, E). Indeed, if it does not, then there is a vertex s_i ∈ S in the graph for which there is no simple path ending with a vertex from the perimeter T ⊆ S. Such a vertex is unattainable for the Attacker, which means p_i (x, y) = 0, and contradicts the property (3).

Consider the case when the set of edges is empty, i.e., G (S, E) = G (S, ∅). Then, T = S and, according to the definition of the local risk functions, ${\rho }_{\langle \mathrm{G} (\mathrm{S}, \varnothing ), \mathrm{S}\rangle }\left(\mathrm{x}, \mathrm{y}\right) ={\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{n}}{\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{\mathrm{i}}\left(\mathrm{x}, \mathrm{y}\right) ={\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{n}}{\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{\mathrm{i}}^0\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right)$.

Now, we assume that E ≠ ∅. If the perimeter T coincides with the set of all vertices S, then ${\rho }_{\langle \mathrm{G} (\mathrm{S}, \mathrm{E}), \mathrm{S}\rangle }\left(\mathrm{x}, \mathrm{y}\right) ={\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{n}}{\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{\mathrm{i}}^0\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right){ =\rho }_{\langle \mathrm{G} (\mathrm{S}, \varnothing ), \mathrm{S}\rangle }\left(\mathrm{x}, \mathrm{y}\right)$. If T ⊂ S, then, according to the proposition 1, for each vertex s_j ∈ S\T, there is the following local risk function:

$${\rho }_{\mathrm{j}}\left(\mathrm{x}, \mathrm{y}\right){ =\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{{\mathrm{j}}_0}^0\left({\mathrm{x}}_{{\mathrm{j}}_0}{, \mathrm{y}}_{{\mathrm{j}}_0}\right){\mathrm{p}}_{{\mathrm{j}}_1}^0\left({\mathrm{x}}_{{\mathrm{j}}_1}{, \mathrm{y}}_{{\mathrm{j}}_1}\right)\cdot \dots \cdot {\mathrm{p}}_{{\mathrm{j}}_{\mathrm{m}-1}}^0\left({\mathrm{x}}_{{\mathrm{j}}_{\mathrm{m}-1}}{, \mathrm{y}}_{{\mathrm{j}}_{\mathrm{m}-1}}\right){\mathrm{p}}_{{\mathrm{j}}_{\mathrm{m}}}^0\left({\mathrm{x}}_{{\mathrm{j}}_{\mathrm{m}}}{, \mathrm{y}}_{{\mathrm{j}}_{\mathrm{m}}}\right)$$

(7)

where ${\mathrm{s}}_{{\mathrm{j}}_0}\in { \mathrm{T}, \mathrm{s}}_{{\mathrm{j}}_1}{, \dots , \mathrm{s}}_{{\mathrm{j}}_{\mathrm{m}}}={\mathrm{s}}_{\mathrm{j}} \in { \mathrm{S}\backslash \mathrm{T}, \mathrm{p}}_{{\mathrm{j}}_{\mathrm{m}}}^0\left({\mathrm{x}}_{{\mathrm{j}}_{\mathrm{m}}}{, \mathrm{y}}_{{\mathrm{j}}_{\mathrm{m}}}\right) ={\mathrm{p}}_{\mathrm{j}}^0\left({\mathrm{x}}_{\mathrm{j}}{, \mathrm{y}}_{\mathrm{j}}\right)$. Since all the multipliers in the right part of the expression, except the first one, do not exceed 1, then ${\rho }_{\mathrm{j}}\left(\mathrm{x}, \mathrm{y}\right) \le { \mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{\mathrm{j}}^0\left({\mathrm{x}}_{\mathrm{j}}{, \mathrm{y}}_{\mathrm{j}}\right) \forall \mathrm{j} \in { \mathrm{N}: \mathrm{s}}_{\mathrm{j}} \in \mathrm{S}\backslash \mathrm{T}$, and therefore,

$${\rho }_{\langle \mathrm{G} (\mathrm{S}, \mathrm{E}), \mathrm{T}\rangle }\left(\mathrm{x}, \mathrm{y}\right) ={\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{n}}{\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{\mathrm{i}} (\mathrm{x}, \mathrm{y}) \le {\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{n}}{\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{\mathrm{i}}^0\left(\mathrm{x}, \mathrm{y}\right){ =\rho }_{\langle \mathrm{G} (\mathrm{S}, \varnothing ), \mathrm{S}\rangle }\left(\mathrm{x}, \mathrm{y}\right)$$

(8)

The proof is complete. □

3. The Problem of the Optimal Placement of System Elements within a Given Structure

Consider a complex system consisting of a finite set of elements S = {s₁, …, s_i, …, s_n}, i ∈ N = {1, …, n}. Let us introduce some unilaterally connected graph G (V, E), where V is a set of n vertices, and a subset of k ≤ n vertices T ⊆ V, which we will consider as a perimeter. The problem is to construct such a mapping S → T that the integral risk ρ (x, y) is minimal. Note that such mapping will be one-to-one.

Let us consider the solution for the simplest chain structure.

Definition 1.

Given the graph $G\left(V= \left\{v_{\mathit{1}}{, \dots , v}_m\right\}, E= {\left\{{ (v}_i{, v}_{i+\mathit{1}})\right\}}_{i=\mathit{1}}^{m-\mathit{1}}\right), m \in \mathbb{N}$, and the perimeter T = {v₁}. Then, we say that the tuple W_m = 〈G (V, E), T〉 sets a simple chain structure of length m.

Definition 2.

Consider the one-to-one mapping M⁻¹: S → V\{v_n+1, …, v_m}, S = {s₁, …, s_n}, n ≤ m: ∀i ≤ n ∃j ≤ n: v_j = M⁻¹ (s_i) as the placement of elements S in the structure W_m. The corresponding inverse map M: V → S will be called the projection of the structure W onto the set of elements S.

In the future, if n and m are equal, we will omit the lower index of the structure’s notation, except in cases when we need to emphasize the length of the specified structure.

For an arbitrary given placement M⁻¹: S → V\{v_n+1, …, v_m}, we can calculate the value of the integral risk:

$$\rho \left({\mathrm{S}, \mathrm{W}, \mathrm{M}}^{-1}\right) ={\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{n}}{\rho }_{{\mathrm{M} (\mathrm{v}}_{\mathrm{i}})}$$

(9)

where ${\rho }_{\mathrm{M} \left({\mathrm{v}}_{\mathrm{i}}\right)}$ is the local risk value for the element M (v_i). Now, let us state the problem of minimizing the integral risk. The problem consists in finding a set of placements that achieve the integral risk minimum value ρ_min:

$${\mathsf{M}}_{\min }=\underset{{\mathrm{M}}^{-1}}{\mathrm{argmin}} \rho \left({\mathrm{S}, \mathrm{W}, \mathrm{M}}^{-1}\right){: \rho }_{\min }={\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{n}}{\rho }_{{\mathrm{M} (\mathrm{v}}_{\mathrm{i}})} \forall {\mathrm{M}}^{-1}\in { \mathsf{M}}_{\min }$$

(10)

Definition 3.

Given simple chain structure W. Suppose that for any placements M⁻¹, K⁻¹ and any such indices p, q, k, l, p < q, k > l, that s_i = M (v_p) = K (v_k), s_j = M (v_q) = K (v_l), there is inequality p (S, W, M⁻¹) ≤ p (S, W, K⁻¹) (p (S, W, M⁻¹) ≥ p (S, W, K⁻¹)). Then, we will say that the nodes s_i, s_j ∈ S, i, j ∈ N, and i ≠ j are non-strictly ordered in the local risk ascending (descending) order and write s_i ≼ s_j (s_i ≽ s_j).

First, let us assume that all elements S = {s₁, s₂, …, s_n} of the considered system are equivalent, i.e., ${\mathrm{u}}_1{ = \mathrm{u}}_2{ =\dots = \mathrm{u}}_{\mathrm{n}}{ = \mathrm{u}}^{\max }$, and their probabilities of a successful attack do not depend on the quantity of resources allocated by the players, i.e., $\forall {\mathrm{i}, \mathrm{p}}_{\mathrm{i}}^0\left({\mathrm{x}}_{\mathrm{i}}{, \mathrm{y}}_{\mathrm{i}}\right){ =\mathrm{p}}_{\mathrm{i}}^0{, 0 < \mathrm{p}}_{\mathrm{i}}^0 \le 1$.

Given a simple chain structure W_n, for an arbitrary given placement M⁻¹: S → V, the value of the integral risk should be calculated as follows:

$${\rho }_{\mathrm{M}}={\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{n}}{\rho }_{{\mathrm{M} (\mathrm{v}}_{\mathrm{i}})}={\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{n}}{\mathrm{u}}^{\max }\cdot {\mathrm{p}}_{{\mathrm{M} (\mathrm{v}}_{\mathrm{i}})}{=\mathrm{u}}^{\max }\cdot {\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{n}}{\mathrm{p}}_{\mathrm{M}\left({\mathrm{v}}_{\mathrm{i}}\right)}$$

(11)

Consider that $\mathrm{n}=2, \mathrm{S}= \left\{{\mathrm{s}}_1{, \mathrm{s}}_2\right\}{, \mathrm{p}}_1^0{ < \mathrm{p}}_2^0$, and a simple chain structure W₂ is given. Note that the local risk function value for the element corresponding to the vertex v₂ will be equal to ${\rho }_2{ =\mathrm{u}}^{\max }\cdot {\mathrm{p}}_1^0{\mathrm{p}}_2^0$, regardless of the selected placement. Thus, it is enough to select a node to map to v₁. Since ${\mathrm{p}}_1^0{ < \mathrm{p}}_2^0$, ${\mathrm{u}}^{\max }\left({\mathrm{p}}_1^0{ + \mathrm{p}}_1^0{\mathrm{p}}_2^0\right){ < \mathrm{u}}^{\max }\left({\mathrm{p}}_2^0{+\mathrm{p}}_1^0{\mathrm{p}}_2^0\right)$, the element s₁ must be mapped at the vertex v₁.

Proposition 4.

Suppose that for $N= \left\{\mathit{1}, \dots , n\right\}, S= \left\{s_{\mathit{1}}{, \dots , s}_n\right\}{, p}_{\mathit{1}}^{\mathit{0}}{ < \dots < p}_n^{\mathit{0}}$, the optimal placement of the system’s elements in a simple chain structure W_n+1 is M⁻¹: S → V: s_i = M (v_i) ∀i ∈ N, i.e., such that the element numbers coincide with the vertex numbers. Then, for any such system of (n + 1) elements $S^{\prime }=S \cup \left\{s_{n+1}\right\}$ that $p_1^0{ < \dots < p}_n^0{ < p}_{n+1}^0$, the placement M⁻¹ is also optimal.

Proof. 

Note that the expressions for the integral risk have the same number of summands, and the first one includes 1 multiplier, the second one has 2 of them, and the n-th has n multipliers. Since all the multipliers are the probabilities of a successful attack, they cannot exceed 1. Note that the summands in the same positions in the expressions should be in ascending order, and under the selected numbering, this ordering sets the lexicographic order.

Choose an arbitrary index value 1 < j ≤ n. We then map the (n + 1)-th element to vertex v_j and show that the value of the integral risk is greater than if we had mapped the above element to vertex v_n+1. Let us write the expression of integral risk ρ_j for the case when (n + 1)-th element is mapped to the j-th vertex:

$${\rho }_{\mathrm{j}}{ =\mathrm{u}}^{\max }\cdot \left({\mathrm{p}}_1^0{ + \mathrm{p}}_1^0{\mathrm{p}}_2^0{ +\dots + \mathrm{p}}_1^0{\mathrm{p}}_2^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{ + \mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{n}+1}^0{ +\dots + \mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{n}+1}^0{\mathrm{p}}_{\mathrm{j}}^0{\mathrm{p}}_{\mathrm{j}+1}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{n}}^0\right)$$

(12)

Now, we write the expression of the integral risk p_n+1 for the case when the (n + 1)-th element is mapped to the (n + 1)-th vertex:

$${\rho }_{\mathrm{n}+1}{ =\mathrm{u}}^{\max }\cdot \left({\mathrm{p}}_1^0{ + \mathrm{p}}_1^0{\mathrm{p}}_2^0{ +\dots + \mathrm{p}}_1^0{\mathrm{p}}_2^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{ + \mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0{ +\dots + \mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0{\mathrm{p}}_{\mathrm{j}+1}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{n}}^0{\mathrm{p}}_{\mathrm{n}+1}^0\right)$$

(13)

Both expressions have the same number of summands. Let us compare them in pairs. The first (j − 1) summands in both expressions are the same. Let us write in general form the expressions for the summands with the number j ≤ i ≤ n for the first and second cases, respectively:

$${\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{n}+1}^0{\mathrm{p}}_{\mathrm{j}}^0{\mathrm{p}}_{\mathrm{j}+1}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0$$

(14)

$${\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0{\mathrm{p}}_{\mathrm{j}+1}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0{\mathrm{p}}_{\mathrm{i}}^0$$

(15)

The number of multipliers in the form of both summands is the same, the multipliers themselves are also the same, except for ${\mathrm{p}}_{\mathrm{n}+1}^0$ and ${\mathrm{p}}_{\mathrm{i}}^0$, which are only in (14) and (15), respectively. However, ${\mathrm{p}}_{\mathrm{i}}^0{ < \mathrm{p}}_{\mathrm{n}+1}^0$, and therefore, each summand in the expression for the integral risk ρ_n+1 with the number i ≥ j will be less than the summand with the same number in the expression for the integral risk ρ_j.

Since we chose N arbitrarily, the statement is proved by mathematical induction. □

Now, let us assume that the expected damage and the probability of a successful attack could be different for the non-matching elements of the considered system but still do not depend on the quantity of resources distributed by the Defender and the Attacker.

Given n = 2, S = {s₁, s₂} and a simple chain structure W₂. The integral risk expressions for two possible placements of system elements at the W₂ vertices are shown in

Table 2. The integral risk expressions for two possible placements of system elements in W₂ structure.

	v1	v2	$\mathbf{\rho }={\displaystyle {\displaystyle \sum }_{\mathbf{i}=1}^{\mathbf{n}}}{\mathbf{u}}_{\mathbf{i}}{\mathbf{p}}_{\mathbf{i}}$
1	s1	s2	${\mathrm{u}}_1{\mathrm{p}}_1^0{ + \mathrm{u}}_2{\mathrm{p}}_1^0{\mathrm{p}}_2^0$
2	s2	s1	${\mathrm{u}}_2{\mathrm{p}}_2^0{ + \mathrm{u}}_1{\mathrm{p}}_1^0{\mathrm{p}}_2^0$

.

Subtract the expression of the integral risk in the second line from the expression in the first line and give similar summands. We then obtain:

$$\begin{gathered} {\mathrm{D}=\mathrm{u}}_1{\mathrm{p}}_1^0{ + \mathrm{u}}_2{\mathrm{p}}_1^0{\mathrm{p}}_2^0 {- \mathrm{u}}_2{\mathrm{p}}_2^0 {- \mathrm{u}}_1{\mathrm{p}}_1^0{\mathrm{p}}_2^0{ =\mathrm{u}}_1{\mathrm{p}}_1^0\left({1 - \mathrm{p}}_2^0\right){ + \mathrm{u}}_2{\mathrm{p}}_2^0\left({\mathrm{p}}_1^0 - 1\right)= \\ {=\mathrm{u}}_1{\mathrm{p}}_1^0\left({1 - \mathrm{p}}_2^0\right) {- \mathrm{u}}_2{\mathrm{p}}_2^0\left({1 - \mathrm{p}}_1^0\right) \end{gathered}$$

(16)

If $\frac{{\mathrm{u}}_1}{{\mathrm{u}}_2}<\frac{{\mathrm{p}}_2^0\left({1 - \mathrm{p}}_1^0\right)}{{\mathrm{p}}_1^0\left({1 - \mathrm{p}}_2^0\right)}$, then D < 0, and the optimal placement is in the first line of the Table 2. If $\frac{{\mathrm{u}}_1}{{\mathrm{u}}_2}>\frac{{\mathrm{p}}_2^0\left({1 - \mathrm{p}}_1^0\right)}{{\mathrm{p}}_1^0\left({1 - \mathrm{p}}_2^0\right)}$, then D > 0, and the optimal placement is specified in the second line of the table. Finally, at $\frac{{\mathrm{u}}_1}{{\mathrm{u}}_2}=\frac{{\mathrm{p}}_2^0\left({1 - \mathrm{p}}_1^0\right)}{{\mathrm{p}}_1^0\left({1 - \mathrm{p}}_2^0\right)}$ both placements give the same integral risk value.

Proposition 5 (ordering criterion).

Let N = {1, …, n}, S = {s₁, …, s_n}. ∀i ∈ N\{n} s_i ≼ s_i+1 ⇔ $\frac{u_i}{u_{i+\mathit{1}}} \le \frac{p_{i+\mathit{1}}^{\mathit{0}}\left({\mathit{1} - p}_i^{\mathit{0}}\right)}{p_i^{\mathit{0}}\left({\mathit{1} - p}_{i+\mathit{1}}^{\mathit{0}}\right)}$; s_i ≽ s_i+1 ⇔ $\frac{u_i}{u_{i+\mathit{1}}} \ge \frac{p_{i+\mathit{1}}^{\mathit{0}}\left({\mathit{1} - p}_i^{\mathit{0}}\right)}{p_i^{\mathit{0}}\left({\mathit{1} - p}_{i+\mathit{1}}^{\mathit{0}}\right)}$.

Proof. 

The criterion validity directly follows from the above example. □

Proposition 6 (ordering criterion transitivity).

Let N = {1, …, n}, S = {s₁, …, s_n}. ∀i, j, k ∈ N: i < j < k s_i ≼ s_j ≼ s_k ⟹ s_i ≼ s_k.

Proof. 

Let us rewrite the proposition in the algebraic form:

$${\mathrm{u}}_{\mathrm{i}} \le \frac{{\mathrm{u}}_{\mathrm{j}}{\mathrm{p}}_{\mathrm{j}}^0\left({1 - \mathrm{p}}_{\mathrm{i}}^0\right)}{{\mathrm{p}}_{\mathrm{i}}^0\left({1 - \mathrm{p}}_{\mathrm{j}}^0\right)}{, \mathrm{u}}_{\mathrm{j}} \le \frac{{\mathrm{u}}_{\mathrm{k}}{\mathrm{p}}_{\mathrm{k}}^0\left({1 - \mathrm{p}}_{\mathrm{j}}^0\right)}{{\mathrm{p}}_{\mathrm{j}}^0\left({1 - \mathrm{p}}_{\mathrm{k}}^0\right)}$$

(17)

We must prove that

$${\mathrm{u}}_{\mathrm{i}} \le \frac{{\mathrm{u}}_{\mathrm{k}}{\mathrm{p}}_{\mathrm{k}}^0\left({1 - \mathrm{p}}_{\mathrm{i}}^0\right)}{{\mathrm{p}}_{\mathrm{i}}^0\left({1 - \mathrm{p}}_{\mathrm{k}}^0\right)}$$

(18)

Note that

$${\mathrm{u}}_{\mathrm{i}} \le \frac{{\mathrm{u}}_{\mathrm{j}}{\mathrm{p}}_{\mathrm{j}}^0\left({1 - \mathrm{p}}_{\mathrm{i}}^0\right)}{{\mathrm{p}}_{\mathrm{i}}^0\left({1 - \mathrm{p}}_{\mathrm{j}}^0\right)} \le \frac{{\mathrm{u}}_{\mathrm{k}}{\mathrm{p}}_{\mathrm{k}}^0\left({1 - \mathrm{p}}_{\mathrm{j}}^0\right){\mathrm{p}}_{\mathrm{j}}^0\left({1 - \mathrm{p}}_{\mathrm{i}}^0\right)}{{\mathrm{p}}_{\mathrm{j}}^0\left({1 - \mathrm{p}}_{\mathrm{k}}^0\right){\mathrm{p}}_{\mathrm{i}}^0\left({1 - \mathrm{p}}_{\mathrm{j}}^0\right)}=\frac{{\mathrm{u}}_{\mathrm{k}}{\mathrm{p}}_{\mathrm{k}}^0\left({1 - \mathrm{p}}_{\mathrm{i}}^0\right)}{{\mathrm{p}}_{\mathrm{i}}^0\left({1 - \mathrm{p}}_{\mathrm{k}}^0\right)}$$

(19)

which was to be proved. □

Proposition 7.

Consider N = {1, …, n}, S = {s₁, …, s_n}, s₁ ≼ s₂ ≼ ⋯ ≼ s_n and a simple chain structure W_n = 〈G (S, E), T〉. Then, the placement M⁻¹: S → V: s_i = M (v_i) ∀i ∈ N minimizes the integral risk, i.e., ρ (S, W, M⁻¹) = ρ_min.

Proof. 

from the opposite. Let us assume that there are such numbers i, j ∈ N, i ≠ j that the integral risk will decrease if the element s_i is placed to the vertex v_j. There are two possible options:

• i > j. Then, when one moves the element s_i from the vertex v_i to v_j, there will be a shift in the range of vertices from v_j to v_i. That is, the element s_j will move to the vertex v_j+1, s_j+1 to v_j+2, and so on, up to the element s_i−1. The last one will occupy the vacated vertex v_i.
• i < j. Then, when one moves the element s_i from the vertex v_i to v_j there will be a shift in the range of vertices from v_i to v_j. That is, the element s_i+1 will move to the vertex v_i, s_i+2 to v_i+1, and so on, until the element s_j, which will take the vacant vertex v_j−1.

Consider the first option. Denote the values of the integral risk ρ_j and write an expression for the resulting placement of elements:

$$\begin{gathered} {\rho }_{\mathrm{j}}{ =\mathrm{u}}_1{\mathrm{p}}_1^0{ + \mathrm{u}}_2{\mathrm{p}}_1^0{\mathrm{p}}_2^0{ +\dots + \mathrm{u}}_{\mathrm{j}-1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{ + \mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{i}}^0{ + \mathrm{u}}_{\mathrm{j}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{j}}^0+\dots \\ {\dots +\mathrm{u}}_{\mathrm{i}-1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{j}}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0{ + \mathrm{u}}_{\mathrm{i}+1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{j}}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0{\mathrm{p}}_{\mathrm{i}+1}^0{ +\dots + \mathrm{u}}_{\mathrm{n}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{n}}^0 \end{gathered}$$

(20)

The expression for the integral risk of the original placement in turn is as follows:

$$\begin{gathered} {\rho }_0{ =\mathrm{u}}_1{\mathrm{p}}_1^0{ + \mathrm{u}}_2{\mathrm{p}}_1^0{\mathrm{p}}_2^0{ +\dots + \mathrm{u}}_{\mathrm{j}-1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{ + \mathrm{u}}_{\mathrm{j}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0 +\dots \\ {\dots + \mathrm{u}}_{\mathrm{i}-1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0{ + \mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}}^0{ + \mathrm{u}}_{\mathrm{i}+1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{i}+1}^0{ +\dots + \mathrm{u}}_{\mathrm{n}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{n}}^0 \end{gathered}$$

(21)

Note that the sums ${\mathrm{u}}_1{\mathrm{p}}_1^0{ + \mathrm{u}}_2{\mathrm{p}}_1^0{\mathrm{p}}_2^0{ +\dots + \mathrm{u}}_{\mathrm{j}-1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0$ and ${\mathrm{u}}_{\mathrm{i}+1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{i}+1}^0{ +\dots + \mathrm{u}}_{\mathrm{n}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{n}}^0$ occur in both expressions. According to our assumption of risk decreasing under such a permutation, we must prove that p_j < p₀. To realize this, we compare only the different parts of the expressions of these quantities. Let us write them out separately:

$${\tilde{\rho }}_{\mathrm{j}}^{\mathrm{j}}{ =\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{i}}^0{ + \mathrm{u}}_{\mathrm{j}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{j}}^0{ +\dots + \mathrm{u}}_{\mathrm{i}-1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{j}}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0$$

(22)

$${\tilde{\rho }}_0^{\mathrm{j}}{=\mathrm{u}}_{\mathrm{j}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0{ +\dots + \mathrm{u}}_{\mathrm{i}-1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0{ + \mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}}^0$$

(23)

Let us rewrite ${\tilde{\rho }}_{\mathrm{j}}^{\mathrm{j}}$ in the following form:

$${\tilde{\rho }}_{\mathrm{j}}^{\mathrm{j}}{ =\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0\left({\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{\mathrm{i}}^0{ + \mathrm{u}}_{\mathrm{j}}{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{j}}^0\right){ +\dots + \mathrm{u}}_{\mathrm{i}-1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{j}}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0$$

(24)

Given to the fact that i > j and the transitivity of the risk increase ratio, we obtain s_i ≽ s_j, and therefore, ${\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{\mathrm{i}}^0{ + \mathrm{u}}_{\mathrm{j}}{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{j}}^0 \ge { \mathrm{u}}_{\mathrm{j}}{\mathrm{p}}_{\mathrm{j}}^0{ + \mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{j}}^0$. This means that if one swaps the elements s_i and s_j, that is, maps the element s_i to the vertex v_j+1, and the element s_j back to the vertex v_j (where it was from the beginning), the risk will not increase. Thus:

$${\tilde{\rho }}_{\mathrm{j}}^{\mathrm{j}} \ge { \mathrm{u}}_{\mathrm{j}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0{ + \mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0{\mathrm{p}}_{\mathrm{i}}^0{ +\dots + \mathrm{u}}_{\mathrm{i}-1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0{\mathrm{p}}_{\mathrm{i}}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0$$

(25)

Now, to prove that p_j < p₀, we should compare expressions ${\tilde{\rho }}_{\mathrm{j}}^{\mathrm{j}+1}$ and ${\tilde{\rho }}_0^{\mathrm{j}+1}$ with a smaller number of summands:

$${\tilde{\rho }}_{\mathrm{j}}^{\mathrm{j}+1} = { \mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}}^0{\mathrm{p}}_{\mathrm{i}}^0 + {\mathrm{u}}_{\mathrm{j}+1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}}^0{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{j}+1}^0+\dots + {\mathrm{u}}_{\mathrm{i}-1}^0{\mathrm{p}}_{\mathrm{i}}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}}^0{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{j}+1}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0$$

(26)

$${\tilde{\rho }}_0^{\mathrm{j}+1} = { \mathrm{u}}_{\mathrm{j}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0 +\dots + {\mathrm{u}}_{\mathrm{i}-1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{j}-1}^0{\mathrm{p}}_{\mathrm{j}}^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-1}^0+{\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}}^0$$

(27)

It is easy to see that s_i ≽ s_j+1, s_i ≽ s_j+2, … s_i ≽ s_i−1. Therefore, we can also swap the corresponding pairs of elements without increasing the system’s integral risk. In the final iteration, we compare the following expressions:

$${\tilde{\rho }}_{\mathrm{j}}^{\mathrm{i}-1} = { \mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-2}^0{\mathrm{p}}_{\mathrm{i}}^0 + {\mathrm{u}}_{\mathrm{i}-1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-2}^0{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{i}-1}^0$$

(28)

$${\tilde{\rho }}_0^{\mathrm{i}-1} = {\mathrm{u}}_{\mathrm{i}-1}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-2}^0{\mathrm{p}}_{\mathrm{i}-1}^0 + {\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-2}^0{\mathrm{p}}_{\mathrm{i}-1}^0{\mathrm{p}}_{\mathrm{i}}^0$$

(29)

Since ${\tilde{\rho }}_{\mathrm{j}}^{\mathrm{i}-1}{=\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-2}^0\left({\mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{\mathrm{i}}^0{ + \mathrm{u}}_{\mathrm{i}-1}{\mathrm{p}}_{\mathrm{i}}^0{\mathrm{p}}_{\mathrm{i}-1}^0\right),$ and ${\tilde{\rho }}_0^{\mathrm{i}-1}{=\mathrm{p}}_1^0\cdot \dots \cdot {\mathrm{p}}_{\mathrm{i}-2}^0\left({\mathrm{u}}_{\mathrm{i}-1}{\mathrm{p}}_{\mathrm{i}-1}^0{ + \mathrm{u}}_{\mathrm{i}}{\mathrm{p}}_{\mathrm{i}-1}^0{\mathrm{p}}_{\mathrm{i}}^0\right)$, then, since s_i ≽ s_i−1, ${\tilde{\rho }}_0^{\mathrm{i}-1} \le {\tilde{\rho }}_{\mathrm{j}}^{\mathrm{i}-1}$ and, consequently, p₀ ≤ p_j, our assumption is incorrect.

For the second option, when i < j, the proof is very similar. □

4. Conclusions

This paper considers the problem of optimal placement of elements of the protected system within a given structure of the expected attack. We generalized the concept of a local risk function to account for structural effects and solved the problem for a simple chain attack structure.

The key feature of this approach is that the local risks of the system elements are functionally independent. In other words, when considering each element of the protected system in isolation, its local risk does not depend on the quantity of resources allocated to its elements by the Defender and Attacker. Simultaneously, the integral risk of the system varies with the mapping of its elements to the attack structure.

In real-world tasks, the Defender rarely can choose the placement of elements in the structure. Nevertheless, it can apply the proposed approach to consider the information about the structure of a possible attack when solving the problem of allocating resources within the classic Defender–Attacker and Defender–Attacker–Defender models.

We plan to further expand the proposed approach in order to examine more complex structures, such as trees or cycles.