Deception Equilibrium Analysis for Three-Party Stackelberg Game with Insider

Abstract: This paper investigates strategic interactions within a three party deception security game involving a defender, an insider, and external attackers. We propose a robust deception mechanism where the leader manipulates game parameters perceived by followers to enhance defense performance when followers operate under misperceived and uncertain observation. Specifically, we propose a unified three party leader follower game framework and introduce the concepts of Deception Stackelberg equilibria (DSE) and Hyper Nash equilibria (HNE), which generalize classical two-player Stackelberg and deception games. We develop necessary and sufficient conditions for the consistency between DSE and HNE, ensuring that the defender's utility remains invariant when the hierarchical structure degenerates into a simultaneous-move scenario. Moreover, we propose a scalable hypergradient-based algorithm with established convergence guarantees for seeking DSE, efficiently addressing the computational challenges posed by non-smooth and set-valued best-response mappings. Finally, we apply theoretical analysis to practical scenarios in secure wireless communication and defense against insider-assisted false data injection attacks.

• The paper introduces strategic deception by modeling a three-party Stackelberg game that incorporates an insider affecting the defender’s utility.
• The paper presents a hypergradient-based algorithm for computing Deception Stackelberg Equilibria (DSE) and establishes conditions for consistency with Hyper Nash Equilibrium.
• The paper validates its approach through empirical results in secure wireless communications and microgrid defense, demonstrating improved defender performance.

Deception Equilibrium Analysis in Three-Party Stackelberg Games with Insider: Theory, Algorithms, and Applications

Problem Formulation and Motivation

The paper analyzes strategic deception in a three-party hierarchical security game involving a defender (leader), an insider (middle-level follower), and external attackers (bottom-level followers). Unlike classical two-player Stackelberg frameworks, the model explicitly accounts for an unidentified third-party insider, whose privileged access and possible collusion with attackers significantly affect the defender’s utility. The game is formulated to capture scenarios such as wireless communication security (node-relay-eavesdropper) and power system protection (defender-insider-attacker), where deception is realized via controllable manipulation of follower-perceived parameters.

A key technical advancement is the unification of Stackelberg games with deception and their (hyper)game-theoretic generalizations to account for cognition misalignment. Two equilibrium concepts are central:

• Deception Stackelberg Equilibrium (DSE): The leader manipulates parameter signals perceived by followers. DSE encompasses both the strong (SDSE; optimistic tie-breaking) and weak (WDSE; pessimistic tie-breaking) variants.
• Hyper Nash Equilibrium (HNE): Each agent independently maximizes utility in their potentially distinct, misperceived game, accounting for incomplete or uncertain observations.

In practice, the assumption that followers strictly observe the leader's actions can be unreliable due to information asymmetry, noise, limited capability, or intentional concealment. Thus, establishing the relationship and consistency between DSE and HNE is of theoretical and practical importance.

Existence and Consistency of Equilibrium Solutions

The authors rigorously prove that the SDSE exists under standard compactness and concavity conditions, but the WDSE may not (e.g., due to non-attainment of a pessimistic utility bound over set-valued follower best-responses). Notably, an $\epsilon$-WDSE always exists for any $\epsilon > 0$, with precise conditions under which the WDSE itself exists (e.g., continuity properties at zero-slope leader decisions).

They establish necessary and sufficient conditions under which a DSE (WDSE/SDSE) coincides with a HNE. In particular, the leader's utility is robust to the dissolution of the hierarchical structure if certain monotonicity and boundary conditions (in terms of leader derivatives and piecewise-smooth structure of utility) are satisfied. This result enables a defender to design deception strategies guaranteeing optimality against both sequential and simultaneous-move adversary formations, essential when observability assumptions are violated.

Figure 1: The leader's utility for a specific payoff structure, highlighting the discontinuity in WDSE existence.

Hypergradient-Based Algorithmic Framework

Three-level Stackelberg games with set-valued and non-smooth best-response mappings pose computational challenges absent in classical single-valued bilevel programming. The paper introduces a scalable, convergent hypergradient-based algorithm tailored for three-party DSE computation, summarized as follows:

• For each deception parameter $\theta$ in a finite admissible set, partition the feasible leader decision space into intervals where the middle follower’s reaction is single-valued or set-valued.
• Employ projected gradient ascent with hypergradient estimation, where the inner loop computes the fixed-point equilibrium and Jacobian sensitivity of the bottom-level NE (attackers) with respect to the leader’s action using contraction mapping principles.
• At points where the best-response mapping is a set, the algorithm evaluates conservative (infimum) or optimistic (supremum) leader utilities to obtain WDSE or SDSE, respectively.
• The consistency check between DSE and HNE is efficiently performed using derivative-based criteria.

Theoretical analysis proves almost sure convergence to DSE (WDSE/SDSE), even when only $\epsilon$-approximations of zero-level reaction functions are available. The algorithm’s complexity scales polynomially with the number of bottom-level followers under block-structured interactions.

Figure 2: Convergence performance of Algorithm 1 toward the WDSE shows efficient and stable optimization dynamics.

Empirical Results in Security Applications

Secure Wireless Communication

The scenario models source-relay-eavesdropper interaction, where the source (defender) can manipulate channel state announcements. The attacker population (eavesdroppers) optimizes jamming intensity against a distorted belief about the true channel environment. The empirical results demonstrate:

• A manipulated channel announcement ($\theta=0.5$) maximizes source utility and aligns DSE with HNE, guaranteeing robustness to uncertainty in follower observation (see Figure 3).
• The impact of model parameters (e.g., cost/gain ratios) on DSE/HNE consistency is visualized; for varied channel/cost coefficients, DSE robustness persists in broad parameter regions (see Figure 4).

  Figure 5: Schematic of the three-party wireless communication security scenario, with the defender, insider, and attackers.

  

  Figure 6: The impact of deception parameter $\theta$ on the leader's utility, illustrating the control afforded by strategic channel manipulation.

  

  Figure 4: The relationship between WDSE and HNE across model parameters, with consistency visualized via utility alignment.

Microgrid Defense under IA-FDI

The defender-insider-attacker structure is instantiated with the defender offering incentives and signaling harsh penalties to an insider, who chooses whether to leak topology information, amplifying attacker effectiveness.

• Numerical experiments validate that modeling the insider and applying deception significantly enhances defender utility (see Figure 7).
• Even when best-response zero points cannot be analytically solved, the hypergradient algorithm finds $\epsilon$-WDSEs, with error bounds tightly controlled by partition interval width (see Figure 8).
• The approach robustly scales as the number of attackers increases, with moderate increases in computation time.

  Figure 9: Defense against IA-FDI attack scenario; the defender’s deception signals reshape insider and attacker incentives.

  

  Figure 7: Utility degradation induced by ignoring the insider; explicit modeling significantly closes the utility gap.

  

  Figure 8: Quantitative relation between $\epsilon$ and the gap interval $I_1$ when computing $\epsilon$-WDSE.

Implications and Theoretical Advancements

This research advances the intersection of game theory, adversarial machine learning, and cyber-physical security by:

• Establishing formal links between hierarchical deception equilibria and robust (hyper-)Nash formulations in multi-agent systems with cognitive heterogeneity.
• Providing a unified framework and efficient algorithm that generalizes classical Stackelberg games to settings with insiders and set-valued best-responses.
• Enabling robust strategy synthesis for defenders operating in adversarial and partially observable environments, with theoretical guarantees for both existence and computational convergence.

The insights are directly applicable to automated defense resource allocation, contract/mechanism design in the presence of internal threats, and information structure design in adversarial networks.

Conclusion

This work constructs a comprehensive theoretical and algorithmic pipeline for three-party security games with strategic deception. Sufficient and necessary conditions guarantee when a hierarchical optimal deception strategy remains robust under follower autonomy. The hypergradient-based algorithm addresses both theoretical computability and practical tractability in high-dimensional settings. Extensive application results in wireless and power grid security validate these contributions, highlighting the imperative of modeling insider complexity and information manipulation. Future work may expand to polyhedral feasible sets and continuous deception parameter domains, further broadening applicability to cascading multi-agent security architectures.