Modeling defensive resource allocation in multilayered systems under probabilistic and strategic risks.

Confronting the continuing risk of an attack, security systems have adopted target-hardening strategies through the allocation of security measures. Most previous work on defensive resource allocation considers the security system as a monolithic architecture. However, systems such as schools are typically characterized by multiple layers, where each layer is interconnected to help prevent single points of failure. In this paper, we study the defensive resource allocation problem in a multilayered system. We develop two new resource allocation models accounting for probabilistic and strategic risks, and provide analytical solutions and illustrative examples. We use real data for school shootings to illustrate the performance of the models, where the optimal investment strategies and sensitivity analysis are presented. We show that the defender would invest more in defending outer layers over inner layers in the face of probabilistic risks. While countering strategic risks, the defender would split resources in each layer to make the attacker feel indifferent between any individual layer. This paper provides new insights on resource allocation in layered systems to better enhance the overall security of the system.