Intrusion Prevention through Optimal Stopping

Add code
Oct 30, 2021
Kim Hammar, Rolf Stadler
Figure 1 for Intrusion Prevention through Optimal Stopping
Figure 2 for Intrusion Prevention through Optimal Stopping
Figure 3 for Intrusion Prevention through Optimal Stopping
Figure 4 for Intrusion Prevention through Optimal Stopping

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

We study automated intrusion prevention using reinforcement learning. Following a novel approach, we formulate the problem of intrusion prevention as an (optimal) multiple stopping problem. This formulation gives us insight into the structure of optimal policies, which we show to have threshold properties. For most practical cases, it is not feasible to obtain an optimal defender policy using dynamic programming. We therefore develop a reinforcement learning approach to approximate an optimal policy. Our method for learning and validating policies includes two systems: a simulation system where defender policies are incrementally learned and an emulation system where statistics are produced that drive simulation runs and where learned policies are evaluated. We show that our approach can produce effective defender policies for a practical IT infrastructure of limited size. Inspection of the learned policies confirms that they exhibit threshold properties.

* Preprint; Submitted to IEEE for review. arXiv admin note: substantial text overlap with arXiv:2106.07160  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon