Audit Games with Multiple Defender Resources
This work addresses the problem of efficient and practical auditing for organizations like hospitals and social networks, though it is incremental as it builds on existing audit game models.
The paper tackles the problem of auditing in organizations by generalizing a single-resource audit game model to multiple resources with subset restrictions, enabling practical applications, and provides an FPTAS for approximately optimal solutions, with experiments showing significant speed improvements in computation.
Modern organizations (e.g., hospitals, social networks, government agencies) rely heavily on audit to detect and punish insiders who inappropriately access and disclose confidential information. Recent work on audit games models the strategic interaction between an auditor with a single audit resource and auditees as a Stackelberg game, augmenting associated well-studied security games with a configurable punishment parameter. We significantly generalize this audit game model to account for multiple audit resources where each resource is restricted to audit a subset of all potential violations, thus enabling application to practical auditing scenarios. We provide an FPTAS that computes an approximately optimal solution to the resulting non-convex optimization problem. The main technical novelty is in the design and correctness proof of an optimization transformation that enables the construction of this FPTAS. In addition, we experimentally demonstrate that this transformation significantly speeds up computation of solutions for a class of audit games and security games.