Stackelberg security games have been widely deployed to
protect real-world assets. The main solution concept there
is the Strong Stackelberg Equilibrium (SSE), which optimizes the defender’s random allocation of limited security
resources. However, solely deploying the SSE mixed strategy has limitations. In the extreme case, there are security
games in which the defender is able to defend all the assets
“almost perfectly” at the SSE, but she still sustains significant
loss. In this paper, we propose an approach for improving the
defender’s utility in such scenarios. Perhaps surprisingly, our
approach is to strategically reveal to the attacker information
about the sampled pure strategy.
Specifically, we propose a two-stage security game model,
where in the first stage the defender allocates resources and
the attacker selects a target to attack, and in the second stage
the defender strategically reveals local information about that
target, potentially deterring the attacker’s attack plan. We then
study how the defender can play optimally in both stages.
We show, theoretically and experimentally, that the two-stage
security game model allows the defender to achieve strictly
better utility than SSE.