Security Risk Analysis of the Shorter-Queue Routing Policy for Two Symmetric Servers

In this article, we study the classical shortest queue problem under the influence of malicious attacks, which is relevant to a variety of engineering system including transportation, manufacturing, and communications. We consider a homogeneous Poisson arrival process of jobs and two parallel exponential servers with symmetric service rates. A system operator route incoming jobs to the shorter queue; if the queues are equal, the job is routed randomly. A malicious attacker is able to intercept the operator's routing instruction and overwrite it with a randomly generated one. The operator is able to defend individual jobs to ensure correct routing. Both attacking and defending induce technological costs. The attacker's (resp. operator's) decision is the probability of attacking (resp. defending) the routing of each job. We first quantify the queuing cost for given strategy profiles by deriving a theoretical upper bound for the cost. Then, we formulate a non-zero-sum attacker-defender game, characterize the equilibria in multiple regimes, and quantify the security risk. We find that the attacker's best strategy is either to attack all jobs or not to attack, and the defender's strategy is strongly influenced by the arrival rate of jobs. Finally, as a benchmark, we compare the security risks of the feedback-controlled system to a corresponding open-loop system with Bernoulli routing. We show that the shorter-queue policy has a higher (resp. lower) security risk than the Bernoulli policy if the demand is lower (resp. higher) than the service rate of one server.