key: cord-0149063-t7migjrr authors: Bagheri, Pegah; Filabadi, Milad Dehghani title: Robust-and-Cheap Framework for Network Resilience: A Novel Mixed-Integer Formulation and Solution Method date: 2021-10-19 journal: nan DOI: nan sha: 3437b3c9b64ff8298bd26d0a6f059810e341bde5 doc_id: 149063 cord_uid: t7migjrr Resilience and robustness are important properties in the reliability and attack-tolerance analysis of networks. In recent decades, various qualitative and heuristic-based quantitative approaches have made significant contributions in addressing network resilience and robustness. However, the lack of exact methods such as mixed-integer programming (MIP) models is sensible in the literature. In this paper, we contribute to the literature on the network resilience and robustness for targeted and random attacks and propose a MIP model considering graph-theoretical aspects of networks. The proposed MIP model consists of two stages where in the first stage the worst-case attack is identified. Then, the second-stage problem maximizes the network resilience under the worst-case attack by adding links considering a link addition financial budget. In addition, we propose a solution method that (i) provides a tight relaxation for the MIP formulation by relaxing some of the integrality restrictions, (ii) exploits the structure of the problem and reduces the second-stage problem to a less complex but equivalent problem, and (iii) identifies underlying knapsack constraints and generates lifted cover inequalities (LCI) for such constraints. We conclude numerical experiments for randomly-generated networks and then extend our results to power system networks. Numerical experiments demonstrate the applicability and computational efficiency of the proposed robust-and-cheap framework for network resilience. R ESILIENCE and robustness are important properties in the vulnerability and attack-tolerance analysis of networks such as the Internet, communication networks, transportation networks, flight networks, power systems, etc. In case of a network failure due to targeted attacks, natural disasters, political unrest, human errors, equipment failures, etc., a network may divide into several components by losing some of its critical nodes and connections. The terms "resilience" and "robustness" are often interchangeably used in the literature as improving one can lead to improving the other [1] . In particular, resilience is the capability of a system to maintain its functions and the ability to return to normal conditions after the occurrence of a disruptive event [2] . Robustness measures the hardiness of a system against serious disruptions and refers to the ability of a system to remain functioning under a range of disturbances [3] . There are several examples of the consequences of cascading failures in non-resilient networks. For example, the Japanese earthquake and tsunami in 2011 led to more than 15,000 deaths and disturbances within global supply chain networks [4] . In October 2012, Hurricane Sandy hit the U.S East Coast led to power outages to over 8 million customers across 21 states for a few weeks [5] . More recently, the COVID-19 pandemic, started in 2019, led to global disruptions in the supply chain network due to the lack of resilience in global supply chains [6] . In particular, at least 94% of Fortune 1000 companies have encountered supply chain disruptions as a result of the COVID-19 pandemic [7] . Such inevitable failures have captured increasing attention among researchers in recent decades. To mitigate the impacts of such consequences, a promising solution is to enhance the network resilience and robustness by modifying the topological structure of networks [8] . Enhancing network resilience and robustness leads to questions about (i) resilience and robustness measures, (ii) topological structure of networks, and (ii) protection/modification methodologies to improve the network resilience and robustness [1] . In terms of definitions, the resilience and robustness measures proposed in the literature vary in different fields, e.g., mathematics, physics, computer science, and biology, to capture the connectedness of a network in some way. In particular, [9] considered the relative size of the largest connected component and the average size of the other components, [10] and [11] considered mean shortest paths, [12] and [13] used efficiency-based measures to quantify the shortest path distances between pairs of stations (nodes) in the network. The fraction of connected node pairs was studied by [14] , and [15] defined a metric based on the available flows between the node pairs. A comprehensive survey on robustness analysis and robustness measures is provided in [1] . From the topological perspective of networks, several studies addressed network resilience and robustness based on graph-theoretical properties. In particular, such studies measured resilience and robustness by considering three important quantities, namely: (1) the number of nodes that are not functioning/attacked, (2) the number of remaining connected subnetworks, and (3) the size of the largest remaining component within which the nodes are still connected. Examples of such measures include toughness [16] , scattering degree [17] , integrity [18] , tenacity [19] , and rupture degree [20] . Among such graph-theoretical measures, only the last two parameters, i.e., tenacity and rupture degree, consider all three important quantities of the network. The rupture degree is the newest and is a more comprehensive measure that represents a trade-off between the amount of required work to damage the network and the severeness of the damage in the network [21] . From the methodological point of view, several protection/modification strategies have been proposed in the literature to improve network resilience and robustness. The existing strategies can be categorized into three main groups: The first group is to protect the critical nodes. For example, [22] showed that cascading failures are mainly due to targeted attacks, rather than random attacks, and proposed a strategy to preserves the critical nodes of a network. [23] proposes a node protection method based on multiple topology features. [24] showed the critical node identification is an NP-hard problem and used a greedy framework to find such nodes. [25] proposed a framework to identify a small subset of nodes that always remain intact, called trusted nodes. [26] proposed a heuristic framework to identify and protect the K most critical nodes in an interdependent network. The second group of network resilience and robustness studies focus on adjusting the properties of the network. In particular, [27] proposed to increase node capacities to improve the robustness, [28] proposed a strategy to change the deployment of independent nodes, and [29] modified a network by re-writing, or swapping, the existing edges while the degree of nodes remains unchanged. Such approaches are mainly practical in networks with no or limited physical infrastructures, such as the Internet, since it requires the existing properties of the network to be changed substantially. The third group of studies focuses on adding new connecting links to improve the robustness of networks. There are several approaches for link addition such as random addition [30] , low-degree addition [31] , low betweenness addition [32] , and algebraic connectivity-based addition [33] . In [34] , the authors studied two link addition methods for improving network robustness for random attacks. In [35] , authors proposed to add links based on receiving capability ratio of nodes. [36] proposed a method to add links based on the degree and betweenness. [37] proposed to add links based on neighbor node priority connection to improve robustness. In [38] , the authors proposed to add a larger number of short links dispersedly rather than adding a smaller number of long links concentratedly. Link addition strategy is the more practical and effective method, among other alternatives, to improve the resilience and robustness of networks [8] . However, the main limitation of the existing link addition strategies is that these studies are mainly based on heuristic approaches. Although such approaches improve the network resilience and robustness by finding a local optimal solution, there is no guarantee to find the best improvement in the resilience and robustness, i.e., global optimal solution. Therefore, the lack of exact optimization models, especially in particular mixed-integer programming (MIP) models, is sensible in the literature. For example, in network analysis, there are many binary decisions such as determining if a node is critical, if a link is impacted by attacking the critical nodes, or if adding a given link to the network improves its resilience and robustness, etc. Such decisions can be incorporated using MIP that allows variables to take integer values, such as 0 and 1 for binary decisions. MIP models can be solved using exhaustive searching through branch-and-bound (B&B) algorithm which is computationally infeasible in large-scale problems due to the NPcompleteness of MIP models [39] , [33] . Alternatively, branchand-cut (B&C) algorithms combine cutting plane algorithms with the B&B algorithm to solve MIPs more time-efficiently [40] . Cutting plane algorithms, such as Gomory's mixedinteger cuts [41] , mixed-integer rounding inequalities [42] , simple and lifted knapsack cover cuts [43] , [44] , intersection cuts [45] , etc., reduce the computational challenges by generating valid linear inequalities that preserve all the integer solutions but potentially eliminate a part of the feasible region with fractional solutions. In particular, [46] empirically showed that when implementing cutting planes in commercial MIP solvers, the computational time significantly speeds up. In addition to cutting plane algorithms, reduction methods are efficient to decrease the complexity of a problem, including MIP problems. Such methods usually exploit the structure of a problem and reduce a given problem into a simpler problem with an equivalent optimal solution. Depending on the optimization model, several reduction methods have been proposed in the literature including [47] , [48] , [49] . More related to our work, relaxation techniques [50] , [51] are among reduction methods where some of the restrictions on the problem, such as integrality constraints, are relaxed. The power of such relaxations depends on how "tight" they are where tighter relaxations correspond to relaxations whose optimal solutions are more close to the optimal solutions of the original problem. In this paper, we contribute to the literature on network resilience and robustness against targeted or random attacks. We propose a framework to optimally increase the network hardiness against attacks, i.e., network robustness, and to increase the network functionality after attacks, i.e., network resilience. To the best of our knowledge, we propose the first MIP formulation for network resilience and robustness considering graph-theoretical aspects of a network by modeling three important topological quantities of a network namely: (i) the number of attacked or failed elements, (ii) the number of remaining connected subnetworks after an attack occurs, and (iii) the size of the largest remaining group within which mutual communication can still occur after an attack. We first propose a two-stage MIP formulation for targeted attacks where in the first stage the worst-case attack leading to the most severe damage in the network is identified, and used for measuring the network robustness. In the second stage, after the worst-case attack is realized, we optimally improve the network resilience by adding links considering a financial budget constraint for link addition. Finally, we show the applicability of our proposed approach to other types of attacks. In addition, we propose a solution method based on cutting planes and relaxation methods to efficiently solve the proposed MIP model. Particularly, we provide a tight relaxation for the firststage problem by relaxing some of the integrality constraints. Then, we exploit the structure of the problem and reduce the second-stage problem into a significantly less complex but equivalent problem. Finally, we identify underlying knapsack constraints in our formulation through a proposed re-indexing procedure and then manually implement knapsack lifted cover inequalities (LCI), which is known as a recent cutting plane algorithm. The main contributions of this paper are as follows: 1) We propose a novel MIP formulation for optimally improving network resilience and robustness. The proposed approach can be applied to targeted attacks through a two-stage problem and also can be used for random or designated attacks through a single-stage problem. 2) We propose a solution method to solve the proposed MIP formulation in a time-efficient manner. Particularly, the proposed solution method (i) provides a tight relaxation by removing some of the integrality restrictions, (ii) exploits the structure of the problem and reduces the second stage problem to a less complex but equivalent problem, and (iii) identifies underlying knapsack constraints through a re-indexing procedure and generates efficient cuts for knapsack constraints. 3) We implement the proposed solution method in several instances and demonstrate that our approach provides a robust-and-cheap framework for network resilience problems due to the resulting computational efficiency and robustness. Moreover, we show how our proposed framework can provide a trade-off for the budget against network resilience and robustness. The rest of this paper is organized as follows: Section II presents the required definitions used in this paper. In Section III, the proposed two-stage optimization model for targeted attacks is presented and discussed in detail. Section IV proposes a solution method to efficiently solve the proposed MIP formulation. In Section IV-E, we show how the proposed framework is extended to other types of attacks. Section V provides numerical results and analyses for random networks and extends the results for power system application in Section V-D. Finally, concluding remarks are provided in Section VI. Throughout this paper, paired terms (edge, link), (vertex, node), and (graph, network) might be interchangeably used. In this section, we first present graph-theoretical definitions used in this paper. In the second part, we define the network resilience and robustness of networks and present metrics to measure such quantities. A. Graph Theory Background Definition II.1. Graph G is the mathematical representation of a network and describes the relationship between vertex set V (G) and edge set E(G). Definition II.2. A set X ⊆ V (G) of graph G is called a cut set if G − X is disconnected or G − X has only one vertex, where term G − X is the remaining graph obtained by removing vertices (and the corresponding edges) of X. Definition II.3. A connected graph is a graph where there exists at least one path between any two vertices of the graph. A graph is said to be disconnected if it is not connected. Definition II.4. Each disconnected graph consists of two or more connected subgraphs that are called components of the graph. The smallest non-empty component in a graph is an isolated vertex. Definition II.5. Graph G + e ij is a graph obtained by adding edge i-j to graph G. Definition II.6. [20] The rupture degree of a connected graph G is defined by where the maximum is taken over all cut sets X ⊆ V (G), and ω(G − X) and m(G − X) denote the number of components and the number of vertices (length) of the largest component of graph G − X, respectively. Definition II.7. The worst cut set X * is the cut set determining to the rupture degree of a graph, i.e., One important factor in resilient networks is to respond to an attack so that the network maintains its functioning after the attack. There are two factors associated with each attack: (i) how hard it is to damage a network, i.e., the network robustness, and (ii) how hard it is to maintain the proper functioning of the remaining parts of the network after an attack occurs, i.e., the network resilience. In the context of network resilience and robustness, we use the definition of the rupture degree and interpret the worst cut set as the attack leading to the most severe damage in the network, i.e., the worst-case attack. We quantify the network robustness by the size of the worst cut set (|X * | from Definition II.7) since it corresponds to the network hardiness against the most severe attacks. Also, we measure the network resilience by the negative of the rupture degree (−r * (G) from Definition II.6) since it determines how badly a network is damaged by the worst-case attack, or equivalently how functioning the network is after the worst-case attack. For example, a network with smaller cut sets can be damaged easier (less robust) because a fewer number of vertices should be disabled to most severely damage the network. Also, a graph with a higher rupture degree is less functioning after the attack (less resilient) because it is more badly damaged and ruptured by the attack. However, as the rupture degree decreases, the network becomes more resilient since the underlying graph has stronger connectivity properties. To address both the resilience and robustness concerns of a network, one can find the worst-case attack by finding the most critical vertices (i.e., the worst cut set) of a network. Then, in the absence of the most critical vertices that are supposedly disabled by the attack, proper actions such as link addition can be carried out to maximize the network, i.e., minimizing the rupture degree, so that the network is resilient (immunized) against the worst-case attack. Optimizing under the worst-case scenario is a widely-used approach to immunize the system not only under the worstcase scenario but also under any other possible scenarios [52] , [53] , [54] . In the context of network resilience and robustness, optimizing the network resilience and robustness is obtained by adding new links under the worst-case attack so that the reconstructed network, i.e., the initial network with new links, is less dependant on the most critical vertices disabled by the worst-case attack. As a result, since the network resilience and robustness are improved under the worst-case attack, the reconstructed network is more robust and functional under any other attacks which are likely to occur. To model the network resilience and robustness, we propose a two-stage optimization model of form where the first stage, called attack problem and denoted by superscript A, consists of the inner minimization problem along with constraint (3b) to find the worst-case attack, i.e., the attack corresponding to the maximum value of the rupture degree f A (or equivalently minimum value of the network resilience). Given the worst-case attack (i.e., is realized, the outer minimization problem, called response problem and denoted by superscript R, aims to minimize the rupture degree f R (or equivalently maximize the network resilience) by adding links under the worst-case attack. Constraint set (3c) corresponds to structural constraints and financial budget constraints for link addition. The proposed problem is inherently a bilevel problem where the lower level problem (attack) problem is embedded in the upper level (response) problem. However, since the decision variable sets E A and E R are distinct and are determined independently in a sequential manner, formulation 3 can be decomposed in two separate problems where we first solve the attack problem 4 and, then given optimal solution E A * , we solve the response problem. The output of the response problem is a reconstructed network consisting of the initial network and additional links. In what follows, we first present the notation used in the optimization model and the two stages of the optimization model separately. Then in later sections, we propose a solution method to solve the optimization problem. The following notations are used in the proposed formulation of this paper, where we use boldface uppercase and lowercase characters to denote matrices and vectors, respectively. This stage aims to find the most critical vertices by finding the worst-case attack that can lead to the most severe damages in a network (maximum value of the rupture degree). Once a vertex is attacked, the vertex and all its connections are removed from the network. Given the set of decision variables E A := {v A , b A , y A , α A }, the objective function of the attack problem is defined in (4a), based on the rupture parameter, and consists of three parts. The first part finds the number of disabled vertices which is the difference of all vertices of the network, i.e., |N |, and the active vertices under the worstcase disruption, i.e., i∈N c∈C v A ic . The last two terms in (4a) correspond to the length of the largest component and the number of components, respectively. Constraints (4b)-(4i) address the operational, physical, and financial limits in the network such as connectivity and budget constraints. Constraint (4b) ensures that each vertex is at most in one component, if active, or it is disabled. Given i∈N v A ic is the length of component c, constraint (4c) enforces the length of the largest component α be equal or greater than the length of all components. Constraint (4d) ensures that if the length of a component is zero, the component is empty. Otherwise, due to the direction of the objective function, b A c = 1 indicating the component is non-empty. Constraint (4e) shows that each vertex i is connected to at most |N | − 1 vertices, if the vertex is active under the worst-case attack. Otherwise, all edges connected to vertex i are eliminated. It is noteworthy that y ii is excluded from the left-hand size expression in (4e) since there does not exist an edge with length 0 in the network. Constraint (4f) is the budget constraint for attacking the most critical vertices. Constraint (4g) shows that the network is undirected. Constraint (4h) ensures that if two vertices i and j are connected in the initial network, i.e. A ij = 1, and they remain in the same component c after attack (i.e., v A ic = v A jc = 1), these vertices remain connected. In other words, this constraint preserves the structure of parts of the network whose connections are not impacted by the worst-case attack. Constraints (4i)-(4j) are complementary constraints that correspond to the connection of two vertices depending on their position. For instance, if two active vertices i and j are in different components, Constraints (4i) and (4j) reduce to y A ij ≤ min{0, 2A ij }, enforcing that the two vertices are not connected. The variable domains are represented in constraint (4k). It is to be mentioned that the number of components is not known in advance since it depends on the structure of the network after removing the most critical vertices. However, the maximum number of components is |C| = |N | which is the number of vertices in the graph since an isolated vertex corresponds to the smallest non-empty component. If for a component c we have i∈N v A ic = 0, it means component c is empty and it is not a part of the remaining network after the attack. If there is enough budget for attacking, the outcome of the attack problem is a disconnected network with the highest value for the rupture degree. This solution can be used in the response problem to optimize network resilience after the attack. The link addition strategy is an effective method to improve the robustness of networks [8] . The response problem in the second stage is carried out after the realization of the worst-case attack where its inputs are the optimal solution of the attack problem, i.e., to proactively construct a resilient network that is immunized against the worst possible attacks. Particularly, after the critical nodes corresponding to the worst-case attack are identified and removed, the response problem aims to maximize the network resilience under the worst-case attack while considering a budget for link addition. Therefore, adding links under the worst-case attack ensures that the reconstructed network is able to maintain its function not only in the absence of the most critical nodes but also in the absence of other sets of nodes. In the response problem, the available vertices are those that remain active (not attacked) after the worst-case attack. The objective function aims to find a reconstructed network corresponding to the minimum rupture degree. This can be obtained by adding links to the initial network that can possibly reduce the number of components and/or increase the length of the largest component α (definition II.6). In what follows, we first show adding some candidate links is ineffective and would not change the rupture degree, or equivalently. Then, we identify only those links that can increase network resilience and provide a MIP formulation for link addition. Given the attacked network is a disconnected network, there are two sets of candidates for link addition: (i) links within each component, called local links, or (ii) links between components, called inter-component links, to connect isolated components.Adding local links within a component does not impact the rupture parameter, and consequently the objective function of the response problem. It is because each component is a connected subgraph with V vertices, and the local links do not connect the current component to any new vertices, implying that the length of the largest component remains unchanged. Also, adding local links does not impact the number of components since adding such links just changes the connectivity structure of each individual component. Therefore, after removing the worst cut set X from graph G, we need to add inter-component links to G−X to decrease the rupture parameter and improve the network resilience. Given the definitions, We first propose a lemma to establish a connection between graph G and the length of its largest component, denoted by m(G). Then we provide a proposition showing the inter-component links will result in a lower value for the rupture parameter. a. for all i ∈ c l , j ∈ c k , and c l = c k . Proof. a. Let G − X be a disconnected graph after removal of cut set X. Also let c l and c k be two distinct and arbitrary components of G − X where m(c l ) = L and m(c k ) = K. Since each component c l and c k are connected subgraphs (from definition II.4), adding edge e ij unifies two components c l and c k and results in a larger component c l +c k +e ij , and reduces the number of components by 1. In addition to the conditions of a, assume L + K > m(G − X). Therefore, adding e ij to graph G − X results in a larger component implying the length of the largest component has increases by L + K − m(G − X). Thus, from this point and also part (a) of the proposition, Proposition III.2 shows how adding inter-component links guarantees improving the network resilience. Since intercomponent links are the only set of links improving the network resilience, we allow only the addition of intra-component links in the response problem. After the optimal solution of the attack problem is obtained, one can easily identify the set of remaining components (C R ), the set of remaining vertices (C R ), and the set of vertices in each components (V (c), c ∈ C R ). Let t R c ∈ {0, 1}, ∀c ∈ C R indicating 1 if component c is the largest component after adding links in the response problem. Thus, given decision variables E R := {v R , b R , y R , α R , t R }, the objective function (7a) aims to maximize the network resilience by minimizing the rupture degree. is the size of the worst cut set which was identified in the attack problem. Parameters and M are pre-defined small and big numbers, respectively. Since the size of the worst cut set is a constant, and known, in the response problem, we have excluded it from the objective function, but it will be considered for evaluating the rupture degree. The first and second terms of the objective function correspond to the length of the largest component and the number of components after adding links, respectively. The third term of the objective function is a small penalty added to the objective function to ensure minimizing the rupture degree is dominating while addressing constraints corresponding to the largest component(s) (i.e., (7b) and (7c)). In particular, Constraint (7b) finds the length of the largest component. If component c is the largest component then t R c = 1 and the constraint is binding. Otherwise, due to the penalty considered in the objective function, t R c = 0 and thus the right-hand side of constraint (7b) is a big number, meaning that component c does not determine the length of the largest component, i.e., α R , as it is not the largest component. Constraint (7c) ensures that at least one component is the largest component. In the response problem, when links are added to the attacked network, the topology of the reconstructed network may change due to changing the set of vertices in each component, the length of the largest component, the number of components, etc. Constraints (7d) to (7m) address the structural and budget constraints of the response problem (Constraints (7i) to (7l) are written for two distinct components Constraints (7d) guarantees that after we add links, each active vertex is exactly in one of the components of the reconstructed network. Constraint (7e) identifies non-empty components so that if the length of a component is greater than 0 after adding links, the component is non-empty (i.e., b R c = 1). Otherwise, due to the direction of the objective function b R c = 0 implying the component is empty. Constraint (7f) is the budget constraint limiting the total link added in the reconstructed network. Constraints (7g) and (7h) correspond to the properties of undirected networks. Constraint (7i) shows that if two components are connected, there is at least one intra-component link between the two components. Constraint (7j) enforces that if two vertices are in the same component, then there is a path between the two vertices, i.e., they are connected. Constraints (7k) and (7l) are complementary and ensure that if two vertices are in different components, they are not connected. Finally, constraint (7m) represents the variable domains for all variables. Once the response problem is solved, the optimal intracomponent links y R are determined to be added to the initial network. Thus, the resulting reconstructed network is the most resilient network against any attacks including the previouslyidentified worst-case attack given the budget. We will elaborate more on this point in the numerical results. In the proposed formulation, both attack and response problems are integer programs (IP) which are difficult to solve when the problem size increases, due to the NP-completeness of integer programming [55] . Therefore, in what follows, we propose a procedure to solve each IP model more efficiently. Particularly, for the attack problem, we identify a knapsack constraint and implement a more recent procedure for generating knapsack cover inequalities (CI) [56] , which has not been implemented in the commercial solvers yet. We also provide a tight relaxation by relaxing some of the integrality constraints of the attack problem. Then, for solving the response problem, we derive an equivalent but smaller problem to the response problem and also identify an underlying knapsack problem for which we can provide CIs. To do so, we first provide preliminary definitions of IP and knapsack CIs that will be used throughout this section. Definition IV.1. A point x in R n is convex combination of points x 1 , . . . , x q ∈ R n , if ∃λ 1 , . . . , λ q ≥ 0 such that Definition IV.2. A set S ∈ R n is a convex set if for any two points x, y ∈ S, the line segment connecting x and y is contained in S. Definition IV.3. Given a set S ∈ R n , the convex hull of S, denoted by conv(S), is the smallest convex set containing S. That is Definition IV.4. Let P be a non-empty polyhedron in R n . A face of a polyhedron P is a set of form F := P ∩ {x ∈ R n : ax = b} where ax = b is a valid inequality for P , meaning that it does not cut off any point of polyhedron P . Definition IV.5. Let P be a non-empty polyhedron in R n . Face f of polyhedron P is called a facet if the following holds: From Definition IV.5, it is implied that a non-empty face whose dimension is equal to the dimension of the polyhedron minus one is a facet. Figure 1 shows a set of integer solutions with their convex hull in R 2 . Let polyhedron P be the convex hull of integer solutions. There are two types of non-empty faces for P . First, corner points A, B, C, D, E, F, G are faces of the polyhedron with dimension zero. Second, line segments AB, BC, CD, DE, EF, FG are faces with dimension 1 and therefore are facets. Thus, in the context of linear integer programming, facets are hyper-planes defining a part of the convex hull of integer solutions. If one obtains all the facets of a convex hull, the IP reduces to linear programming and all integrality constraints can be relaxed. Knapsack constraint is a linear constraint of form is called a knapsack polytope [43] . There are many papers on valid inequalities for knapsack polytopes. In particular, minimal cover inequalities (CI) are from the first group of valid inequalities for knapsack polytope which are constructed based on minimal covers. A minimal cover C is a set of indices such that j∈C a j > b, and if we remove anyone of these indices, the mentioned inequality is violated, i.e., j∈C\{i} a j ≤ b, ∀i ∈ C. For any minimal cover C, its minimal cover inequality (CI) can be written as follows [43] : Knapsack CI can be rather weak. However, they can be strengthened using lifting. Lifting is the process of constructing stronger cuts for an IP (or Mixed IP in general) so that we take a valid inequality and add variables to it such that the generated valid inequality is stronger and even facet-defining in some cases. Balas [44] proposed a sequential up-lifting procedure to generate lifted cover inequalities (LCI). They have shown such inequalities are stronger than CIs and can even provide facet defining inequalities. However, a key step is to find a minimal CI in this approach, and then the LCI is obtained accordingly. Recently, [56] proposed a new lifting procedure that can be applied for cover C even if it is not minimal. The authors shown that the resulting procedure can yield facet-defining inequalities that cannot be obtained by standard lifting procedures, e.g., those of [44] . Let set C be a minimal cover. Also, let a be a positive number such that j∈C min{a j , a} = b where a is a unique number which can be calculated using the algorithm proposed in [56] in O(|C|). Given a, cover C can be divided in (C + , C − ) such that C − = {j ∈ C : a j ≤ a} and C + = C\C − . The LCI for any cover C, not necessarily minimal, is obtained as follows: Theorem IV.1. [56] For all j ∈ C, let a − j = min{a j , a}. For r = 1, . . . , |C|, let S − (r) be the sum of the r largest a − j values. (Note that S − (|C|) = b.) Also let S − (0) = 0. Finally, given any k ∈ N \C − , let γ j be the largest integer such that S − (γ j ) ≤ a k ≤ S − (γ j + 1). Then the inequality is valid for the knapsack polytope, and it is at least as strong as Balas' lifting procedure. In what follows, we first show that some integrality constraints of the attack problem can be relaxed while providing a tight relaxation for the problem, and then we will identify constraints for which we can generate LCIs. Let v A , y A , and b A be variable vectors/matrices with proper dimensions mentioned in (4k). For brevity, we skip re-writing the dimension of such vectors/matrices here. Let (12) be the feasible region for the attack problem. Also, let be a relaxation of F where integrality restrictions of variable α and variable vector b are relaxed. Considering objective function (4a) as max be the attack problems considering feasible regions F and F r , respectively. The following proposition shows the equivalence of the two problems. Proposition IV.2. Problems P A (F ) and P A (F r ) are equivalent. Proof. Consider problem P A (F r ). By contradiction, assume variable α A is not integer and thus α A = n+ξ so that n ∈ Z + and ξ ∈ (0, 1). First, constraint (4c) can be written as where c ∈ C is the index corresponding to the maximum value of i∈N v A ic , ∀c. It is obvious that i∈N v A ic is integer as it is the summation of several binary variables. As a result, (14) is not binding for c , which implies (14) is not binding for other c ∈ C\{c }. On the other hand, given at optimality we have α A * = n * + ξ * , the optimal value for the objective function Due to the direction of the objective function, an arbitrary solution α A k = n * + ξ * k for k ≥ 2 provides a better value for the objective function since . Also, since α A appears only in constraint (4c), α A k is a feasible solution of P A (F r ), and the right-hand side of (4c) becomes n * + ξ * k , implying constraint c is still not binding. Therefore, this is a contradiction implying α A * is not optimal as α A k is a better solution. Also as ξ k converges to zero, constraint (4c) becomes binding for c , and an upper bound for the value of the objective function is obtained since max k {H * − n * − ξ * k } = H * − n * . Therefore, the optimal value of α A * in the attack problem is n * which is integer. A similar argument can be written for constraint (4d) for ∀c ∈ C, implying the optimal value of b is also integer. Therefore, by contradiction it is proved that variables α A and b of the relaxation problem P A (F r ) take integer values at optimality. Thus, P A (F ) and P A (F r ) are equivalent. Proposition IV.2 shows that one can solve problem P A (F r ) in the attack stage, which is an equivalent but an easier problem to solve due to relaxing several integrality constraints. Furthermore, we generate several valid inequalities for the attack problem to reduce to solve time even more. Letting ic , the budget constraint (4f) can be written as a form of knapsack polytope (9) for which we can derive LCIs based on [56] . Further details on the implementation procedure can be found in [56] . We provide further discussions in our numerical results on the efficiency of such LCIs in solving the attack problem. The response problem is an IP whose solve time can grow exponentially when the problem becomes large enough. In this section, we propose a novel procedure to reduce the response problem into a smaller and equivalent problem to find the global optimal solution. In other words, from the network connectivity point of view, adding multiple intra-component links between two given components has the same impact on the rupture degree as adding only one intra-component link between the two components. It is because the purpose of link addition is to connect two individual components so that there exists a path between any vertex of the first component and any vertex of the second component. Thus, even though adding multiple intra-component links provides multiple such paths, it does not change the rupture degree which is mainly measured by the number of vertices in the largest component. Therefore, for every two components, all the candidate intra-component links between them have the same impact on the network rupture degree but may have different financial values and costs. Thus, to find the optimal solution of the response problem, it is sufficient to consider only the most cost-efficient intra-component (MCEIC) links, i.e., the cheapest links between any two components, to be the candidate links in the response problem. In particular, if we choose to connect two components i and j, there is only one candidate MCEIC link between the components which may be added. Doing so, the response problem reduces to a problem determining which MCEIC links should be selected to maximize network resilience given a budget constraint. To set up an equivalent problem to the response problem, let d ij be the cost of adding an intra-component link between vertex i ∈ V (c m ) and vertex j ∈ V (c n ). Letting (15) symmetric matrix d is the min-cost matrix and finds the minimum cost of adding any two components using the MCEIC link between the two components. Also, let x mn ∈ {0, 1} be a vector of binary variables indicating 1 if MCEIC link between two components c m and c n is added in the reconstructed network. The following proposition shows the response problem reduces to an equivalent problem (16) . Proposition IV.3. The response problem 7 is equivalent to where |X| = (|N | − i∈N c∈C v A * ic ) is the size of the worst cut set which was identified in the attack problem. Proof. Constraints (7d), (7h)-(7l) of response problem 7 correspond to the structure of components to ensure only intracomponent links can be added in the reconstructed network. It easily follows that these constraints are all implied in Formulation (16) using the definition of MCEIC links. Also, to find the number of components, we know each MCEIC link unifies two components and thus reduces the number of components by 1. Therefore, (|S| − m∈S n∈S n>m x mn ) corresponds to the number of components after link addition, which is considered in the objective function, and implies that constraint (7e) is not necessary anymore. Furthermore, allowing the MCEIC links to be the only candidate links in the attack problem, constraints (7c), (7b), (7f), (7g) of the response problem correspond to (16b), (16c), (16d), (16e), respectively. In addition, after relaxing restrictions on α (based on Proposition IV.2), constraint (7m) reduces to (16f). Given the optimal solution of (16), one can find the intracomponent links added to the reconstructed network (y R ), the length of the largest component (α R ), the number of components, and thus, the optimal value of network resilience under the worst-case attack. It is to be note Formulation (16) is less complicated than the response problem 7 and has significantly a less number of constraints and integer variables, and thus is expected to be computationally less challenging. Furthermore, we can show that there exists an embedded knapsack constraint in problem 16 for which we can generate LCIs so that solving formulation 16 becomes even more time-efficient. To do so, we first present a simple reindexing procedure to convert two-dimensional matrices into vectors, which can be done in polynomial time. 1) Re-indexing Procedure: In Formulation 16, matrix variable x is a two-dimensional symmetric matrix where x mn = x nm and x nn = 0, ∀m, n ∈ {1, . . . , s}. Let |C R | = s. To identify the underlying knapsack constraint from Formulation 16, it is sufficient to take into consideration the upper triangular matrix x which has s(s − 1)/2 elements, instead of considering s 2 elements in matrix x. Then, we store all elements of upper triangular matrix x in a vectorx. Figure 3 shows the re-indexing and mapping from matrix x to vectorx. Particularly, we place all rows of matrix x in vectorx where row m of matrix x starts at position S I (m) = 1+ m−1 k=1 (s−k) of vectorx. Therefore, considering any element x mn in the upper triangular matrix x (m < n), this element is mapped to the σ(m, n)-th element of vectorx, denoted byx σ(m,n) , where Given this re-indexing, for example n∈C R n =m |V (c n )|x mn , ∀m ∈ C R in (16c) can be re-written as given the re-indexing procedure, the Formulation 16 reduces to Formulation 19 . Formulation 19 is a smaller problem than Formulation 16 due to reducing the number of variables and constraints by the re-indexing procedure. Furthermore, constraint (19d) corresponds to a knapsack constraint for which we derive LCIs based on [56] , to reduce the computational challenges. As a result, instead of the response problem 7, one can solve Formulation 19 which is time-efficient while providing the same global optimal solution. There are several types of attacks studied in the literature of network resilience and robustness. A common approach is to identify the worst-case attack and optimize the network under such attacks as it was shown that cascading failures are mainly due to targeted attacks [22] . However, there are other types of attacks or failures in various networks. For instance, in several networks, such as power system networks or supply chain networks, the random failure of nodes plays an important role in network nonresilience due to the probabilistic age function of equipment, natural disasters, etc. [57] , [34] . We refer to such failures as random attacks. Furthermore, in some cases, the attackers desire to disable a set of certain nodes, not necessarily the most critical nodes, in a network due to geographical location, importance, political reasons, etc. We refer to such attacks as designated attacks. Finally, in some networks, the nodes can be divided into some subgroups where the attacker is interested in attacking certain subgroups based on their properties. For example, the nodes of a power system network can be divided into generation and load nodes, where if the generation nodes are disabled, the load nodes cannot be supplied automatically. Thus, the attacker might be interested in disabling the generation nodes to cut the power supply. We refer to this type of attack as distributed attacks. 1) Random and Designated Attacks: In the case of having random, one needs to determine the set of nodes that are most likely to be attacked before optimizing the network resilience. Such analysis can be done using probabilistic evaluation based on the failure distributions of nodes, Monte Carlo simulation, Markov Chain models, etc. Similarly, in case of having designated attacks, the nodes that are subject to attack are known in advance. Let X n be the cut set corresponding to the random or designated attacks. If G(V − X n ) is a connected graph, there is a path between any two nodes of the attacked network and all the remaining nodes are able to communicate. Thus, the network resilience is maximized. However, if G(V − X n ) is not connected, once can apply the proposed framework to maximize network resilience. Since these cut sets are known or estimated in advance, the network resilience is to be maximized under such cut sets, as opposed to the worst cut set. Thus, the attack problem is not needed to be solved anymore. As a result, our proposed two-stage formulation reduces to only the response stage where the network resilience is aimed to be maximized under a pre-identified cut set. By letting X = X rand or X = X d in the response problem, our proposed approach is able to optimize network resilience for random or designated attacks. 2) Distributed Attacks: In the case of having distributed attacks, one needs to classify each node of a network in subsets of nodes considering a certain property of interest. Without loss of generality, we divide the nodes in two subsets and it can be extended to more subsets. Consider a network with a set of nodes denoted by N . Let N I and N J be two subsets of N such that N I ∩ N J = ∅ and N I ∪ N J = N . Supposing the attacker is interested in only disabling the nodes of subset N I . Thus, Constraint 4b is re-written as follows: where Constraint (21a) allows the possibility of disabling each vertex i ∈ N I by the worst-case attack. Otherwise, the vertex remains active and is at most in one component. Also, Constraint (21b) enforces that all vertices of subset N J remain active after the attack and belong to exactly one component after the worst-case attack. This reformulation can also be used for the type of attacks mentioned in [25] where a subset of nodes always remain intact and cannot be disabled. The rest of the proposed two-stage model remains the same as before and one can use the proposed solution method to address the network resilience and robustness under such distributed attacks. In this section, we first provide a illustrative numerical example to show the benefits of our methodology in terms of network resilience and robustness and the effects of the budget on the link addition strategies. Then, we use larger problems to demonstrate the computational benefits of the proposed solution method. In all numerical examples, we generate random connected graphs and execute the proposed algorithm. For all instances, we let the cost for attacking each node be 1 unit and the total budget for attack be |N |/2 units so that no more than half of the nodes are allowed to be disabled in the attack stage. All instances are performed using the MIP solver of Gurobi Version 9.1 on a 1.5 GHz×86 laptop with 1GB main memory, and the optimality gap is set to 0 for all instances. In this section, we present a network with 9 vertices and 9 edges, shown in Figure 4 .(a), to demonstrate the benefits of the proposed network. Solving the attack problem, the worst cut set is X = {5} corresponding to the lowest network resilience (−r X (G)). This implies the connectivity of this network heavily relies on vertex 5. Therefore, the worst-case attack can occur by disabling vertex 5. Figure 4.(b) shows the structure of the network under the worst-case attack by removing vertex 5. Since there exist 5 components in Figure 4 .(b), one can interpret that the maximum network resilience can be obtained by adding 4 intra-component links, if the link addition budget allows. It is because once all 5 components are connected together using 4 intra-component links, the resulting network consists of only one component. Figure 4 .(c) shows the reconstructed network under the worst-case attack which consists of the original network and the new intra-component links added to the network. For now, we do not consider the budget constraint for link addition. The green links are those added to maximize the network resilience under the worstcase attack to reduce the dependencies on vertex 5 so that the remaining vertices are able to properly communicate in the absence of vertex 5. In Table I , we manually choose a number of cut sets X i s, not necessarily the worst cut set, and measure the network resilience of the initial network, denoted by −r X (G) and that of the reconstructed network, denoted by −r R X (G). As observed, in the initial network, X 1 = {5} is the worst cut set corresponding to the lowest value of the network resilience which shows the network is more vulnerable and can seriously be damaged in the absence of vertex 5. For other cut sets, the network is more resilient as −r X1 (G) = −1 ≤ −r Xi (G), ∀i = 1, implying either the network is less dependent on the vertices of other cut sets or there is more work required to damage the network by disabling more vertices of a cut set. Table I , there are three main observations on the reconstructed network, which are obtained after immunizing the network against the worst-case attack. First, the network resilience for X 1 = {5} significantly improves from −1 to 8 after we add links meaning that the functionality of the reconstructed network does not heavily depend on only vertex 5. Thus, if vertex 5 is damaged, the rest of the network is able to maintain its proper functioning and communication with other parts of the network. Therefore, the reconstructed network is more resilient in the absence of the worst-case attack. Second, after adding links to the initial network, the network dependencies on only vertex 5 decrease. Thus, the new worst cut set in the reconstructed network may consist of other vertices along with vertex 5. We call this dynamic worst cut set since it is obtained after the link addition strategies are known. In particular, the cut set X 8 = {1, 2, 5, 7, 9} becomes the dynamic worst cut set for the reconstructed network. This means that after links are added to the network, the most severe damage to the reconstructed network occurs only when all vertices 1, 2, 5, 7, and 9 are simultaneously disabled. We refer to this as the network robustness measured by the size of the worst cut set. Thus, by adding links, the network robustness increases from |X 1 | = 1 to |X 8 | = 5 implying that disabling all these five vertices simultaneously requires more budget and more work done to damage the network, which might not be a viable option for the attacker due to the budget constraint considered in the attack problem. Third, assuming the attacker can dynamically respond to our link addition actions and has enough budget to disables all vertices of cut set X 8 , we observe that the network resilience for the reconstructed network under the new (dynamic) worst-case attack is more than that of the initial network, i.e., r * = −1 < r R * = 2. This shows that the reconstructed network not only is significantly more resilient against the worst cut set of the initial network, i.e., X 1 , but also it becomes more resilient against the dynamic worst cut set of the reconstructed network, i.e., X 8 , that may be identified if the attackers can dynamically change their decisions based on our link addition strategy. The mentioned observations demonstrate how the proposed approach leads to a reconstructed network that is both more resilient and robust against the initial and dynamic worst-case attacks. In this section, we show the effects of the budget considered for link addition on the network resilience and robustness. To do so, we first find the matrix d obtained from (15) to find all candidate MCEIC links of the attacked network considered in Figure 4 .b. The cost of adding MCEICs link and the two ends of such links, presented in parenthesis, are shown in (21) . After the worst attack X 1 = {5} is identified, one can maximize the network resilience by link addition within a budget so that the network maintains a maximum functionality level in the absence of node 5. However, when the budget is limited, one cannot connect all the remaining components. Thus, the best combination of the intra-component links should be selected to maximize the network resilience within the budget. In addition, as we showed, the link addition reduces the dependencies on the worst cut set X 1 = {5}, and includes more vertices in the new cut set for the reconstructed network. Thus, we expect to have larger cut sets (higher robustness) when more intra-component links are added to the network. Figure 5 demonstrates the effects of link addition budget on the reconstructed network under the initial worst-case attack X 1 = {5}. The network resilience (measured by −r R X1 (G) and shown by the left vertical axis) and the network robustness (measure by |X * | and shown by the right vertical axis) for various values of the budget assigned for the link addition. In the figure, shaded areas correspond to various ranges of the budget within which a constant number of links is added, where the brightest area on the left indicates 0 links are added in the reconstructed network, the darkest area indicates 4 links are added in the reconstructed network, and the increment is 1 link. For example, 2.5 ≤ B R < 3.8 corresponds to the third shaded area where two MCEIC links are added to the reconstructed network. From the figure, it is observed that once the budget is less than 1, no MCEIC link is added in the repair stage since the budget is not enough. Thus, the reconstructed network is equivalent to the initial network with −r R X1 (G) = −1. However, as the budget increases, the best MCEIC link candidates given different levels of the budget are added to the network which corresponds to a higher value for −r R X1 (G), which in turn enhances the network resilience under the initial worst-case attack. For example, when the budget is 1.3 units, the only MCEIC link that can be added is link 7-8, which unifies components c 3 and c 5 (decreases the number of components by 1) without changing the largest component c 1 . Thus, −r R X1 (G) = 0. However, when the budget increases to 1.5, the response problem allows to add MCEIC link 1-4, instead of link 7-8, since the new link connects components c 1 and c 3 (drops the number of components by 1) while increasing the length of the largest component c 1 by 1. Thus, −r R X1 (G) = 1. By further changing the budget assigned for link addition, the optimal topology of the reconstructed network changes with objective to increase the network resilience. Finally, once there is sufficient budget (i.e., any budget greater than 5.3 units), 4 MCEIC links are added to the network to unify all components resulting in maximum resilience, which corresponds to the solution of the previous part where we ignored the budget constraint. The secondary axis of Figure 5 evaluates the network robustness |X * | of the reconstructed network for various levels of the budget. To evaluate the network robustness, we dynamically find the new worst cut sets of the reconstructed network, as the dependencies may change once new links are added. For the initial network, |X * | = 1, meaning that by removing one vertex the network experiences the more severe damage. However, as the budget increases the reconstructed network becomes more robust so that one may need to disable more number of vertices to severely damage the network, which might not be an affordable option for the attacker. Ultimately, once there is a sufficient budget, i.e., B R ≥ 5.3, the dynamic worst cut set includes five vertices implying that damaging the network is more difficult since all five vertices should be simultaneously disabled. The mentioned analyses provide an intuitive picture for the managers to determine the desired level of robustness and resiliency that they would like to consider within a financial budget. In this section, we further evaluate the performance of the proposed framework, mostly focusing on the computational results. We randomly generate 14 instances to execute the proposed framework 1 . In our implementation, we relax the link addition budget constraint (in the response problem) to let the proposed framework maximizes the network resilience without financial limitations. Table II and III, respectively, show the resilience and robustness results as well as computational results for 14 randomlygenerated instances. From Table II , it can be observed that: • For all instances, the network robustness noticeably increases, where |X * | and |X * | measure the robustness of the initial and the reconstructed networks. In particular, for instance #1, |X * | and |X * | are 3 and 6, respectively, implying that the most severe damage in the initial network occurs when 3 vertices are attacked simultaneously, while to most severely attack the reconstructed network, 6 vertices are required to be disabled simultaneously. • In all instances, the reconstructed network is significantly more resilient against the initial worst-case attack (denoted by −r R X * (G)) compared to the initial network (denoted by −r X * (G)). In addition, if the attacker has the ability to change its decisions based on the link addition strategy in the response stage, the new worst-case attack is denoted by X * , which is impacted by the new links added to the initial network. It can be observed that in such a case, the network resilience in the reconstructed network is still significantly higher than that of the initial network, i.e., −r X * (G) < −r R X * (G) for all instances, demonstrating the benefits of the proposed framework both for static and dynamic worst-case attacks. Also, Table III presents the computational results of the mentioned instances. We first solve the proposed two-stage model directly in Gurobi, and then implement our proposed solution method and solve the two-stage model in Gurobi. In Table III , column "solver cut" corresponds to the number of cuts generated in Gurobi, and "add. user cuts" indicated the number of additional LCI cuts [56] that we manually added to the solver cuts to solve the attack problem. Also, "nodes" corresponds to the number of nodes (branches) that are explored in the branch-and-bound (B&B) algorithm to find the optimal solution. For the response problem, we did not add LCI cuts since we relaxed the link addition budget constraint to more clearly demonstrate the performance of the proposed method. From Table III , it can be observed that the proposed solution method significantly reduces the solve time by exploiting the problem structure. For the attack problem, the proposed approach solves the attack problem faster and more efficiently. This is due to the efficient relaxation in the proposed approach as well as the LCIs added to the attack problem. On the other hand, in the response stage, the proposed approach corresponds to a much simpler, but equivalent, problem that can be solved faster than the original response problem. In particular, our proposed solution method requires exploring 1 node in the B&B algorithm to find the optimal solution. However, without implementing the proposed algorithm, the B&B algorithm exhaustively explores a large number of nodes to find the optimal solution. The mentioned observations validate the benefits of the proposed solution method from the resilience and robustness point of view as well as computational aspects. Reliability concerns have been one of the main focuses of researchers in power system networks since 1960s [58] . Depending on the location of generators in a power system, the nodes of a power system network can be categorized into generation nodes, load nodes, and hub nodes, i.e., main substations used to transfer power to various points of the system. From the service reliability point of view, the generation nodes are the most important ones since a failure in generation nodes interrupts the supply and results in a blackout at load points. Also, hub nodes are of special interest since they are larger stations to distribute power in smaller areas. The rest of the nodes are mainly load nodes which are not as important as the other groups from the reliability point of view because the power outage usually occurs due to the failure in generation nodes or hub nodes that are used for power distribution. As result, one may be interested in enhancing the power system reliability while considering distributed attacks, e.g., letting the possibility of failure only for the generation and hub nodes. In this section, we demonstrate the applicability of the proposed approach in the IEEE 14 Bus Test system representing a portion of the American Electric Power System in the Midwestern US [59] . Figures 6 and 7 .a show the actual IEEE 14-Bus system and the underlying graph for the system, where we categorize the buses in 3 groups, namely (i) N g = {1, 2, 3, 6, 8}, corresponding to generator nodes, (ii) N h = {4, 5, 9}, corresponding to hub nodes, and (iii) N i = {7, 10, 11, 12, 13, 14}, corresponding to the rest of nodes that are considered intact in this example. In such power systems, we consider distributed attacks discussed in section IV-E2, where in the attack problem nodes in N i are intact. As a result, Constraint 4b is replaced by the following constraints to ensure that all vertices of subset N i remain intact since they are not of the attacker's interest. Figure 7 .b corresponds to the solution of the attack problem where the worst cut set is |X| = {2, 4, 6.9} corresponding to the minimum resilience of r * (G) = 1. It can be observed that components such as c 1 and c 2 only contains load nodes while some components may contain generation nodes as well as other types of nodes. In the response stage, one may consider the technical characteristics of the power system prior to adding links. In particular, one can argue that even though linking components c 1 and c 2 increases the network resilience due to a higher level of connectivity, this connection might not be beneficial from the service reliability point of view. It is because all nodes of components c 1 and c 2 are load nodes, and such load nodes cannot be supplied in the absence of |X| = {2, 4, 6.9}. Therefore, the connection of components c 1 and c 2 in the response stage is reasonable only if other components with generation nodes are also connected to components c 1 or c 2 . Let C l be the set of components whose nodes are all load nodes and C g be the set of components that have at least 1 generator. To impose such technical constraints, we extend the response problem for power system networks by adding the following constraint. x σ(m,n) ≤ i∈Cg x σ(m,i) +x σ(n,i) ∀m, n ∈ C l (22) wherex σ(m,n) is a binary variable indicating if a MCEIC link between components m an n is added. Constraint 22 enforces that if a MCEIC link connects load components m, n ∈ C l , there should also exists at least one MCEIC link connecting a component with generators to one of the load components m or n. As a result, the power system resilience is optimized with respect to power reliability indices as well rather than merely considering the graph topological properties. In addition, in the response stage, various indices can be used to calculate matrix d for MCEIC to be considered in the response problem. For example, one may consider the installation cost of MCEIC links as well as the reduced interrupted cost as a resulting of connecting two components. For example from Figure 7 .b, once load component c 1 is connected to component c 3 with generator, it is expected that generator located at node 1 transfers power to supply nodes of component c 1 . Thus, this link addition is more beneficial, and as a result one can consider a low value in matrix d for the MCEIC link connecting components c 1 and c 3 . We form matrix d as the installation cost minus the potential reduction in the interrupted cost of the load nodes. In other words, matrix d represents the financial benefits of the MCEIC links. For example, link e 1 = 12-1 is more beneficial than e 2 = 1-11 because e 1 can potentially lead to supplying 3 load nodes of c 1 , i.e., nodes 12, 13, 14, and reduce the interruption cost more. However, e 2 can reduce the interruption cost of only two load nodes located in c 2 , i.e., nodes 10, 11. Matrix d used in the second stage is formed as follows: It is observed that two links can be added in the reconstructed network. Table IV summarizes the results for the IEEE 14 Bus test system. It is observed that X 1 = {2, 4, 6, 9} correspond to the lowest resilience, i.e., −r * X1 (G) = 1, in the initial network before link addition. Once, links e 1 and e 2 are added to the network, the network resilience under the same cut 5 (r R * ) NR: Network Resilience *: optimal objective value of the attack problem set X 1 enhances to −r R X1 (G) = 7, implying the system is more resilient under attacks. Furthermore, in the reconstructed network, set X 2 = {1, 2, 6, 9} ⊂ N h ∪ N g becomes the new worst cut set as the dependencies in the reconstructed network change after link addition. Thus, if the attacker has the ability to dynamically respond to our link addition actions, the attacker may choose to disable vertices of X 2 resulting in the lowest resilience in the reconstructed network, i.e., −r R * X2 (G) = 5. However, it is obvious that the reconstructed network is significantly more resilient even under the new (dynamic) worst-case attack, compared to the initial network. The mentioned observations validate the benefits of the proposed solution for enhancing networks resilience and robustness in power system networks. This paper proposed a novel mixed-integer programming (MIP) formulation for network resilience and robustness under targeted, random, and distributed attacks. The proposed model MIP formulation was derived based on graph-theoretical aspects to increase the network hardiness against attacks, i.e., network robustness, and to maximize the network functionality after attacks, i.e., network resilience. The proposed MIP model consists of two stages to first identify the worst-case attack and then to maximize the network resilience and robustness under the worst-case attack. In addition to the novel MIP model, we showed how the proposed solution method can solve the proposed model efficiently. Particularly, we exploited the structure of the model, derived a tight relaxation, and implemented recent lifted cover inequalities (LCI) in the model. The numerical results showed promising results in both the robustness and computational efficiency of the proposed approach. The applicability of the proposed approach was shown in power system networks while considering the technical properties of such networks. A potential research direction is to apply the proposed approach for more applications such as integrated communication and supply chain networks and include their specific problem-related limitations. In addition, it is an interesting future research to derive other cutting plane algorithms for the proposed approach to enhance the computational efficiencies even more. A survey on frameworks used for robustness analysis on interdependent networks A quantitative approach for assessment and improvement of network resilience The meaning of system robustness for flood risk management Measuring changes in international production from a disruption: Case study of the japanese earthquake and tsunami On the impacts of power outages during hurricane sandy-a resilience-based analysis Trends and applications of resilience analytics in supply chain modeling: systematic literature review in the context of the covid-19 pandemic Predicting the impacts of epidemic outbreaks on global supply chains: A simulation-based analysis on the coronavirus outbreak (covid-19/sars-cov-2) case Effectiveness of link-addition strategies for improving the robustness of both multiplex and interdependent networks Error and attack tolerance of complex networks Attack vulnerability of complex networks Improving network robustness by edge modification A measure of centrality based on network efficiency Evaluating temporal robustness of mobile networks On pairwise connectivity of wireless multihop networks Modeling s-t path availability to support disaster vulnerability assessment of network infrastructure Tough graphs and hamiltonian circuits On a class of posets and the corresponding comparability graphs Vulnerability in graphs-a comparative survey The tenacity of a graph Rupture degree of graphs Extremal graphs with given order and the rupture degree Analyzing cascading failures in smart grids under random and targeted attacks Multiple-attribute decision making-based optimization of robustness against cascading failures in interdependent network Detecting critical nodes in interdependent power networks for vulnerability assessment Improving network connectivity and robustness using trusted nodes with application to resilient consensus Identification of k most vulnerable nodes in multi-layered network using a new model of interdependency Cascading failures in interconnected networks with dynamical redistribution of loads Cascade of failures in coupled network systems with multiple support-dependence relations Optimizing network robustness by edge rewiring: a general framework Improving the network robustness against cascading failures by adding links Enhancing the robustness of scale-free networks Routing in scale-free networks based on expanding betweenness centrality Algebraic connectivity optimization via link addition Improving interdependent networks robustness by adding connectivity links Enhance the robustness of cyberphysical systems by adding interdependency Approaches to improve the robustness on interdependent networks against cascading failures with load-based model Improving robustness of interdependent networks by a new coupling strategy Improving the robustness of spatial networks by link addition: more and dispersed links perform better On the computational complexity of integer programming problems Integer and combinatorial optimization An algorithm for the mixed integer problem A recursive procedure to generate all cuts for 0-1 mixed integer programs Faces for a linear inequality in 0-1 variables Facets of the knapsack polytope Intersection cuts-a new type of cutting planes for integer programming Mixed-integer programming: A progress report Logical reduction methods in zeroone programming-minimal preferred variables An implementation of the generalized basis reduction algorithm for integer programming Constraint reduction for linear programs with many inequality constraints Lagrangean relaxation for integer programming Relaxation techniques The price of robustness Robust optimisation framework for SCED problem in mixed AC-HVDC power systems with wind uncertainty Effective budget of uncertainty for classes of robust optimization On the complexity of integer programming On lifted cover inequalities: A new lifting procedure with unusual properties Resilient supply chain under risks: A network and structural perspective Transmission system reliability evaluation using markov processes Power systems test case archive