Graph Security Testing



Similar documents
High degree graphs contain large-star factors

Computer Algorithms. NP-Complete Problems. CISC 4080 Yanjun Li

Approximated Distributed Minimum Vertex Cover Algorithms for Bounded Degree Graphs

CSC2420 Fall 2012: Algorithm Design, Analysis and Theory

Every tree contains a large induced subgraph with all degrees odd

Network Algorithms for Homeland Security

Global secure sets of trees and grid-like graphs. Yiu Yu Ho

A Brief Introduction to Property Testing

Lecture 15 An Arithmetic Circuit Lowerbound and Flows in Graphs

Outline. NP-completeness. When is a problem easy? When is a problem hard? Today. Euler Circuits

On the k-path cover problem for cacti

FUZZY CLUSTERING ANALYSIS OF DATA MINING: APPLICATION TO AN ACCIDENT MINING SYSTEM

1 Definitions. Supplementary Material for: Digraphs. Concept graphs

Near Optimal Solutions

Approximation Algorithms

A simpler and better derandomization of an approximation algorithm for Single Source Rent-or-Buy

The positive minimum degree game on sparse graphs

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

How to Prove a Theorem So No One Else Can Claim It

Exponential time algorithms for graph coloring

All trees contain a large induced subgraph having all degrees 1 (mod k)

Factoring & Primality

On the Unique Games Conjecture

An Empirical Study of Two MIS Algorithms

8.1 Min Degree Spanning Tree

On the Relationship between Classes P and NP

Nan Kong, Andrew J. Schaefer. Department of Industrial Engineering, Univeristy of Pittsburgh, PA 15261, USA

Cycle transversals in bounded degree graphs

Small Maximal Independent Sets and Faster Exact Graph Coloring

Complexity Classes P and NP

Large induced subgraphs with all degrees odd

Lecture 2: Complexity Theory Review and Interactive Proofs

2.1 Complexity Classes

The degree, size and chromatic index of a uniform hypergraph

1. Nondeterministically guess a solution (called a certificate) 2. Check whether the solution solves the problem (called verification)

MapReduce and Distributed Data Analysis. Sergei Vassilvitskii Google Research

Introduction to Algorithms. Part 3: P, NP Hard Problems

A Study of Sufficient Conditions for Hamiltonian Cycles

Why? A central concept in Computer Science. Algorithms are ubiquitous.

A security analysis of the SecLookOn authentication system

On an anti-ramsey type result

ARTICLE IN PRESS. European Journal of Operational Research xxx (2004) xxx xxx. Discrete Optimization. Nan Kong, Andrew J.

Connected Identifying Codes for Sensor Network Monitoring

! Solve problem to optimality. ! Solve problem in poly-time. ! Solve arbitrary instances of the problem. #-approximation algorithm.

Applied Algorithm Design Lecture 5

1 Formulating The Low Degree Testing Problem

Degree Hypergroupoids Associated with Hypergraphs

Chapter Load Balancing. Approximation Algorithms. Load Balancing. Load Balancing on 2 Machines. Load Balancing: Greedy Scheduling

Generating models of a matched formula with a polynomial delay

Victor Shoup Avi Rubin. Abstract

5.1 Bipartite Matching

Short Cycles make W-hard problems hard: FPT algorithms for W-hard Problems in Graphs with no short Cycles

Problem Set 7 Solutions

Graphical degree sequences and realizations

Guessing Game: NP-Complete?

Complexity Theory. IE 661: Scheduling Theory Fall 2003 Satyaki Ghosh Dastidar

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

Determination of the normalization level of database schemas through equivalence classes of attributes

Lecture 7: NP-Complete Problems

MOBILE SOCIAL NETWORKS FOR LIVE MEETINGS

On Integer Additive Set-Indexers of Graphs

ON GALOIS REALIZATIONS OF THE 2-COVERABLE SYMMETRIC AND ALTERNATING GROUPS

A Graph-Theoretic Network Security Game

Offline sorting buffers on Line

Odd induced subgraphs in graphs of maximum degree three

The Online Set Cover Problem

Algorithm Design and Analysis

Why Study NP- hardness. NP Hardness/Completeness Overview. P and NP. Scaling 9/3/13. Ron Parr CPS 570. NP hardness is not an AI topic

CS 598CSC: Combinatorial Optimization Lecture date: 2/4/2010

ON DEGREES IN THE HASSE DIAGRAM OF THE STRONG BRUHAT ORDER

COUNTING INDEPENDENT SETS IN SOME CLASSES OF (ALMOST) REGULAR GRAPHS

Distributed Computing over Communication Networks: Maximal Independent Set

Lecture 11: The Goldreich-Levin Theorem

USE OF EIGENVALUES AND EIGENVECTORS TO ANALYZE BIPARTIVITY OF NETWORK GRAPHS

! Solve problem to optimality. ! Solve problem in poly-time. ! Solve arbitrary instances of the problem. !-approximation algorithm.

FALSE ALARMS IN FAULT-TOLERANT DOMINATING SETS IN GRAPHS. Mateusz Nikodem

Welcome to... Problem Analysis and Complexity Theory , 3 VU

An Approximation Algorithm for Bounded Degree Deletion

Random graphs with a given degree sequence

Page 1. CSCE 310J Data Structures & Algorithms. CSCE 310J Data Structures & Algorithms. P, NP, and NP-Complete. Polynomial-Time Algorithms

NEUROMATHEMATICS: DEVELOPMENT TENDENCIES. 1. Which tasks are adequate of neurocomputers?

Theoretical Computer Science (Bridging Course) Complexity

Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012

INDISTINGUISHABILITY OF ABSOLUTELY CONTINUOUS AND SINGULAR DISTRIBUTIONS

CHAPTER 7 GENERAL PROOF SYSTEMS

Introduction to Logic in Computer Science: Autumn 2006

(67902) Topics in Theory and Complexity Nov 2, Lecture 7

ERDOS PROBLEMS ON IRREGULARITIES OF LINE SIZES AND POINT DEGREES A. GYARFAS*

Integer Factorization using the Quadratic Sieve

Class constrained bin covering

Private Approximation of Clustering and Vertex Cover

Transcription:

JOURNAL OF APPLIED COMPUTER SCIENCE Vol. 23 No. 1 (2015), pp. 29-45 Graph Security Testing Tomasz Gieniusz 1, Robert Lewoń 1, Michał Małafiejski 1 1 Gdańsk University of Technology, Poland Department of Algorithms and System Modeling ul. Gabriela Narutowicza 11/12, 80-233 Gdańsk Wrzeszcz tomasz.gieniusz@gmail.com lewon.robert@gmail.com mima@kaims.pl Abstract. In this paper we consider probabilistic approach to the decision problem of security in graphs. In this purpose we define general model (called property tester) and criteria for approximating answers for decision problems. We constructed two property testers and one heuristics for the problem of security in graphs. Keywords: secure set, property testing. 1. Introduction Set S V is called secure set iff X S N[X] S N(X) \ S [1]. That means that every subset of a secure set has at least as many friends (neighbour vertices in S ) as enemies (neighbour vertices outside S ) and will be defended in case of attack. Problem of determining if given set is secure is co NP-complete, there is no efficient algorithm solving it [1]. Property testers are algorithms that distinguish inputs with a given property from those that are far from satisfying the property [2]. Property testers are allowed to be probabilistic and approximate in exchange for much reduced complexity. In our work we apply the idea of testing to construct probabilistic and approximate algorithms for graph security problems that run in polynomial time. Our goal was to formalize the testing model and propose various approaches for security

30 Graph Security Testing testing and general methods of rating them. We take into account possibilities of practical application, algorithm complexity and quality of the approximation. 2. Property testing Definition 1 (Property tester [2][3]) Property testers are algorithms that distinguish inputs with a given property from those that are far from satisfying the property. Far means that significant part of the input must be changed so that property can be satisfied. 2.1. Tester response Classical deterministic algorithm for decision problem answers the question Does the given input satisfy that property? Property tester for decision problem answers the question Does the given input satisfy that property or is it far from satisfying it? 2.2. Tester requirements We require our property testers to satisfy two properties: Accept secure set with probability > 95%. Reject set that is ε-far from being secure with probability > 95%. If input set is close to being secure we don t put any requirements on the given answer. YES ε Far from YES Accept with probability > 95% Don't care Reject with probability > 95% Figure 1. Property tester requirements

T. Gieniusz, R. Lewoń, M. Małafiejski 31 2.3. Meaning of ε-far Meaning of ε-far depends on chosen model and can have impact on: Possibilities of practical application. Algorithm complexity. Fraction of cases we can guarantee the probability of answer correctness. 2.4. Test witness Witness is a fragment of input or structure generated basing on input. For example number from given input sequence.witness testimony is its property, that can be an evidence of some global input property. For example unordered pair of sequence elements proved it s global unsortedness. Remark 2 Testimonies of some witnesses may not entail any informations about global input property. For example ordered pair of sequence elements tells nothing about its global sortedness. Witness testimony is valuable, if it entails some information about global input property. We call witness valuable if its testimony is valuable. Lemma 3 (Witness lemma) If a single test catches a valuable witness with a probability p, than s = 3/p iterations of the test catch a witness with probability > 95%. Proof. Probability of not catching a valuable witness with s tries does not exceed P (1 p) s. Using 1 x e x, we get P e ps = e 3 95%. 3. Formal testing model 3.1. Model definition Proposed testing model contains of:

32 Graph Security Testing Definition of ε-far, Specification of attributes input must have to be ε-far from satisfying given property. Definition of witness and it s evidence, Specification of local and easily verifiable property that can give evidence of given global property. Witness choose algorithm, Specification of witness selection method from the set of every possible witnesses. Witness testimony extraction algorithm, Specification of method to designate if local property is satisfied for chosen witness. Together with witness choose algorithm it specified probability p s of catching valuable witness. 3.2. Model rating criteria For a single problem it is possible to construct many correct testing models. Here is the general model rating schema which fulfilment is required for model usefulness. Practical and intuitive understanding of ε-far. Is information that input is ε-far from satisfying given property is valuable for us. Uniform witness choose. Does every witness have the same probability to be chosen. If, despite of many valuable witnesses, our algorithm somehow ignores them than we can give guarantee on probability of answer correctness. If it is not uniform distribution than we can not use lemma 3. Relationship between ε and p s. How does probability of choosing valuable witness change depending on how far input is far from satisfying given property.

T. Gieniusz, R. Lewoń, M. Małafiejski 33 Choose and check of witness algorithms complexity. What is the complexity of witness choose and witness testimony check algorithms and is it an advantage over deterministic algorithm. Tester complexity can be described us: O(3/p s f (I) g(i)), where 3/p s is number of necessary witness tests to be repeated, f (I) is witness choose algorithm complexity, g(i) is witness check algorithm complexity. Fraction of cases that we can give probability guarantee on. How fraction of cases that we can give probability guarantee on changes depending on ε. Other words, how small ε is required to give this guarantee on at least δ fraction of possible inputs. If for given definition of ε-far significant fraction of input cases is very close to satisfy given property, than we will need very small ε for that cases to be considered as ε-far. That in other hand has impact on algorithm complexity. 3.3. Problem decomposition Here we present a way to construct proper testing model using problem decomposition. Definition 4 (General predicate) Let our decision problem be predicate on set of all possible inputs and call it general. P G : I {true, f alse}, where I is a set of all possible problem inputs. Definition 5 (Special predicate) Let D(I) = {I 1, I 2,..., I k } be a function defining an input decomposition and P S : D(I) {true, f alse} a predicate on the element of that decomposition (part of the input), such that I I P G (I) = true Ii D(I) P S (I i ) = true. P S is called special predicate. 4. Security in graphs In this section we present basic graph security definitions derived from [4][5][1][6] and reworded for better readability.

34 Graph Security Testing Nonempty set S V in graph G = (V, E) is called an alliance, if v S N[v] S N(v) V \ S. That means that every member of an alliance (vertex in S ) has at least as many friends (neighbour vertices in S ) as enemies (neighbour vertices outside S ) and will be defended in case of attack. In addition if S is also dominating set of G we call it global alliance. Definition 6 For set X V we define predicate SEC(X) N[X S ] N(X V \ S ). Set S is called k-alliance, if X S X k SEC(X) and again when S is dominating set of G we call it global k-alliance. For nonempty subset S = (v 1, v 2,..., v k ) V in graph G = (V, E), attack on S is every sequence of k mutually disjoint sets A = (A 1, A 2,..., A k ), such that 1 i k a Ai a N(v) \ S. If a A i we say that a attacks v i. Similarly we define defence of S as every sequence of k mutually disjoint sets D = (D 1, D 2,..., D k ), such that 1 i k d Di a N[s i ] S. If d D i we say that d defends v i. Attack A on S can be defended, if there exists defence D such that 1 i k D i A i. Set S is secure iff every attack on S can be defended. Theorem 7 (Secure set as k-alliance) Set S is secure in graph G iff it is global S -alliance. Proof. This theorem was proved in [1]. 5. Security testing 5.1. Attack based model The simplest, natural way for security testing is to take into account all possible maximal attacks and require given fraction of them to be defendable. 5.1.1. Model Definition of ε-far, S is ε-far from being secure iff ε fraction of attacks cannot be defended. For example set is 1/2-far from being secure iff half of the possible attacks cannot be defended.

T. Gieniusz, R. Lewoń, M. Małafiejski 35 Definition of witness and it s evidence, Maximal attack on S is a witness, defence possibility is his testimony. Witness is valuable if there is not defence for him. Witness choose algorithm, For every enemy we choose his target uniformly and independently at random (his neighbour in S ). This way we get a maximal attack, because every enemy is making use of his attack possibility. Witness testimony extraction algorithm, To check if attack is defendable we use security matching algorithm described in [4]. 5.1.2. Model rating Practical and intuitive understanding of ε-far, ε-far is defined that way to be the most intuitive. Enemies usually don t choose their targets at random, so practical application may be narrowed, but it is still valuable information to know that for example half of the attacks cannot be defended. Uniform witness choose, Every maximal attack is chosen with the same probability, because every of them can be constructed in exactly one way and there is no such attack, algorithm couldn t construct. Relationship between ε and p s, Relationship is linear, set is ε-far from being secure iff ε fraction of witnesses (attacks) is undefendable, so they are valuable witnesses.

36 Graph Security Testing ps 1 0.8 0.6 0.4 0.2 0 0 0.2 0.4 0.6 0.8 1 ε Figure 2. Relationship between ε and p s in attack based model. Choose and check of witness algorithms complexity, Witness choose can be done in O( V \ S S ) - for every enemy we choose his neighbour to be the target of the attack. Witness check is determined by security matching algorithm [4] and is O(n 5/2 ). Fraction of cases that we can give probability guarantee on, We have done computer simulations for random graphs with 10 20 nodes. Results are shown on the plot below. YN 1 0.8 0.6 0.4 0.2 0 0 0.2 0.4 0.6 0.8 1 ε Figure 3. Fraction of cases that we can give probability guarantee on attack based model. That means that even for high ε (low algorithm complexity) random graph is either secure or ε-far from being secure (there are many witnesses) and we can give probability guarantee on algorithm answer.

T. Gieniusz, R. Lewoń, M. Małafiejski 37 5.1.3. Algorithm Algorithm 5.1 Attack based tester Repeat 3/ε times Chose maximal attack A independently and uniformly at random A. if A cannot be defended then return S is ε-far from being secure. end if return S is secure. End 5.1.4. Analysis Secure set will always be correctly determined. For the set that is ε-far from being secure, probability of choosing undefendable attack in one test is no less than ε. Using witness lemma 3 3/ε test repetitions chooses undefendable attack in no less than 95% of the cases. 5.1.5. Conclusions Probability of failure to recognize insecure set despite of ε fraction of undefendable attacks is no more than 5%. Algorithm complexity is O(n 5/2 /ε). 5.1.6. Examples Troubling example 1 2 Figure 4. Troubling example for attack based model. k

38 Graph Security Testing In the above graphs family only attacks that are focused on single vertex cannot be defended. There is exactly k of such attacks and in set of all k 3 attacks they are only 1/k 2 fraction. That means that for any ε we can construct a graph, that is close to being secure and our algorithm cannot guarantee the correctness of the given answer. Easy example a d Figure 5. Easy example for attack based model. In the above graphs family exactly half of the attacks cannot be defended. Cycle can be defended independently, every attack in which a chooses d as his target cannot be defended. That means that our algorithm has 50% chance to choose valuable witness in single test and according to witness lemma 3 that gives 95% success rate with only 6 repetitions. 5.2. Subset based model Next model is derived directly from subset secure set definition [7]. In this case we will take into account all possible subsets of S and require given fraction of them to satisfy [6]. 5.2.1. Model Definition of ε-far, S is ε-far from being secure iff ε fraction of subsets doesn t satisfy [6].

T. Gieniusz, R. Lewoń, M. Małafiejski 39 Definition of witness and it s evidence, Subset A S is a witness and value of SEC(A) is his testimony. Witness is valuable if his testimony equals f alse. Witness choose algorithm, For every vertex v S choose one possibility uniformly and independently at random: v is in witness, v is not in witness. Witness testimony extraction algorithm. Compute SEC(A) from definition. 5.2.2. Model rating Lets use 3.2 for such testing model. Practical and intuitive understanding of ε-far, This model derives from security definition, so the definition of ε-far is very intuitive. It has practical applications, because it is a valuable information to know that for example half of the subsets are not secure. Uniform witness choose, From the set of all possible subsets of S every one is chosen with the same probability, because every of them can be constructed in exactly one way and there is no such subset that algorithm could not construct. Relationship between ε and p s, Relationship is linear, set is ε-far from being secure iff exactly ε fraction of witnesses (subsets) doesn t satisfy [6], so they are valuable.

40 Graph Security Testing ps 1 0.8 0.6 0.4 0.2 0 0 0.2 0.4 0.6 0.8 1 ε Figure 6. Relationship between ε and p s for subset based model. Choose and check of witness algorithms complexity, Witness choose complexity is O( S ) - for every ally we choose if it is in the witness. Witness check complexity is determined by SEC definition and is O(n). Fraction of cases that we can give probability guarantee on. We have done computer simulations for random graphs with 10 20 nodes. Results are shown on the plot below. YN 1 0.8 0.6 0.4 0.2 0 0 0.2 0.4 0.6 0.8 1 ε Figure 7. Fraction of cases that we can give probability guarantee on subset based model. That means that even for high ε (low algorithm complexity) random graph is either secure or ε-far from being secure (there are many witnesses) and we can give probability guarantee on algorithm answer.

T. Gieniusz, R. Lewoń, M. Małafiejski 41 5.2.3. Algorithm Algorithm 5.2 Subset based tester Repeat 3/ε times Choose subset X S uniformly and independently at random. if SEC(X) [6] then return S is ε-far fro being secure. end if return S is secure. End 5.2.4. Analysis Secure set will always be correctly determined. For the set that is ε-far from being secure, probability of choosing subset that doesn t satisfy SEC in one test is no less than ε. Using witness lemma 3 3/ε test repetitions chooses such subset in no less than 95% of the cases. 5.2.5. Conclusions Probability of failure to recognize insecure set despite of ε fraction of undefendable attacks is no more than 5%. Algorithm complexity is O(n 2 /ε). 5.2.6. Examples Troubling example

42 Graph Security Testing Figure 8. Troubling example for subset based model. In the above graphs family SEC is not satisfied for only the whole S. In set of every 2 S possible subsets of S it is only fraction of 1/2 S. That means that for any ε we can construct a graph, that is close to being secure and our algorithm cannot guarantee the correctness of the given answer. Easy example Secure subgraph Figure 9. Easy example for subset based model. In the above graphs family SEC is not satisfied for exactly half of the subsets. That means that our algorithm has 50% chance to choose valuable witness in single test and according to witness lemma 3 that gives 95% success rate with only 6 repetitions. 6. Security problem heuristic In this section we will present heuristic algorithms based on simple idea. Idea is to construct subset that is a valuable witness for security problem in subset based model - subset that does not satisfy SEC. Specific versions of this algorithm differs

T. Gieniusz, R. Lewoń, M. Małafiejski 43 in subset construction approach. We will use following naming convention: S V is a subset of vertices to be checked for security c and d are optimization criteria for any subset S S 6.1. Algorithm schema Algorithm 6.1 Security problem heuristic schema Split S into n disjoint clusters S 1, S 2,..., S n repeat For every pair of clusters S i, S j, i j calculate c(s i S j ) Join two clusters optimizing c, in the case of ambiguity use d criteria until There are at least two clusters or one of the clusters does not satisfy SEC if Any of the clusters does not satisfy SEC then return false else return true end if Remark 8 First step of the algorithm can be randomized (and algorithm can be repeated many times). The simplest version is to take one-element clusters, for S = {s 1, s 2,..., s k } take S i = {s i }, i = 1, 2,..., k as initial clusters. In all presented variant of algorithm we take the same c criteria, for every X S : c(x) = N[X] S N(X) \ S We will minimize this criteria, negative value means that X does not satisfy SEC, therefore S is not secure. Algorithm objective is to construct valuable witness, so minimization of c is well founded.

44 Graph Security Testing 6.2. Secondary criteria proposals Second criteria is used in the case of ambiguity of c criteria. In such situation we propose following approaches: Avoid massive clusters creation For any X S : d 1 = X. This will lead to small clusters creation. Support massive and strong clusters creation For any X S : d 2 = N[X] S. This will lead to bigger clusters with greater support from the outside creation. Support neighbourhood-dependent clusters creation For any X S : d 3 = (N[X] \ X) S. This will lead to creation of the clusters that require maximum help from neighbours outside of X. Remark 9 In the simplest version secondary criteria can be omitted. We can also use many criteria by choosing secondary criteria randomly at every iteration. In case of further ambiguity after second criteria usage we can introduce additional resolve phases or choose cluster at random. References [1] Dutton, R., Secure set algorithms and complexity, In: Proceedings of the Thirty-Seventh Southeastern International Conference on Combinatorics, Graph Theory and Computing, Vol. 180, 2006, pp. 115 121. [2] Raskhodnikova, S., Property Testing: Theory and Applications, Ph.D. thesis, Massachusetts Institute of Technology, 2003.

T. Gieniusz, R. Lewoń, M. Małafiejski 45 [3] Goldreich, O., Goldwasser, S., and Ron, D., Property testing and its connection to learning and approximation, Journal of the ACM (JACM), Vol. 45, No. 4, 1998, pp. 653 750. [4] Blukis, T., Zbiory bezpieczne w grafach, Master s thesis, Politechnika Gdańka, 2012. [5] Brigham, R., Dutton, R., and Hedetniemi, S., Security in graphs, Discrete applied mathematics, Vol. 155, No. 13, 2007, pp. 1708 1714. [6] Dutton, R. D., Lee, R., and Brigham, R. C., Bounds on a graph s security number, Discrete Appl. Math., Vol. 156, No. 5, March 2008, pp. 695 704.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information