Deep Reinforcement Learning for Backup Strategies against Adversaries
- URL: http://arxiv.org/abs/2102.06632v1
- Date: Fri, 12 Feb 2021 17:19:44 GMT
- Title: Deep Reinforcement Learning for Backup Strategies against Adversaries
- Authors: Pascal Debus, Nicolas M\"uller, Konstantin B\"ottinger
- Abstract summary: We aim towards mathematically modeling the underlying threat models and decision problems.
By formulating backup strategies in the language of processes, we can translate the challenge of finding optimal defenses into a reinforcement learning problem.
We show that the proposed algorithm can find storage device update schemes which match or exceed existing schemes.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Many defensive measures in cyber security are still dominated by heuristics,
catalogs of standard procedures, and best practices. Considering the case of
data backup strategies, we aim towards mathematically modeling the underlying
threat models and decision problems. By formulating backup strategies in the
language of stochastic processes, we can translate the challenge of finding
optimal defenses into a reinforcement learning problem. This enables us to
train autonomous agents that learn to optimally support planning of defense
processes. In particular, we tackle the problem of finding an optimal backup
scheme in the following adversarial setting: Given $k$ backup devices, the goal
is to defend against an attacker who can infect data at one time but chooses to
destroy or encrypt it at a later time, potentially also corrupting multiple
backups made in between. In this setting, the usual round-robin scheme, which
always replaces the oldest backup, is no longer optimal with respect to
avoidable exposure. Thus, to find a defense strategy, we model the problem as a
hybrid discrete-continuous action space Markov decision process and
subsequently solve it using deep deterministic policy gradients. We show that
the proposed algorithm can find storage device update schemes which match or
exceed existing schemes with respect to various exposure metrics.
Related papers
- Evaluating Selective Encryption Against Gradient Inversion Attacks [15.000605214632243]
Gradient inversion attacks pose significant privacy threats to distributed training frameworks such as federated learning.<n>This paper systematically evaluates selective encryption methods with different significance metrics against state-of-the-art attacks.
arXiv Detail & Related papers (2025-08-06T07:31:43Z) - Reinforcement Learning for Decision-Level Interception Prioritization in Drone Swarm Defense [56.47577824219207]
We present a case study demonstrating the practical advantages of reinforcement learning in addressing this challenge.<n>We introduce a high-fidelity simulation environment that captures realistic operational constraints.<n>Agent learns to coordinate multiple effectors for optimal interception prioritization.<n>We evaluate the learned policy against a handcrafted rule-based baseline across hundreds of simulated attack scenarios.
arXiv Detail & Related papers (2025-08-01T13:55:39Z) - Automatic Selection of Protections to Mitigate Risks Against Software Applications [2.5874041837241304]
This paper introduces a novel approach for the automated selection of software protections to mitigate MATE risks.<n>We formalize the key elements involved in protection decision-making and frame the protection process through a game-theoretic model.<n>We validate our approach through a proof-of-concept implementation and expert evaluations.
arXiv Detail & Related papers (2025-06-23T10:11:23Z) - AutoJailbreak: Exploring Jailbreak Attacks and Defenses through a Dependency Lens [83.08119913279488]
We present a systematic analysis of the dependency relationships in jailbreak attack and defense techniques.
We propose three comprehensive, automated, and logical frameworks.
We show that the proposed ensemble jailbreak attack and defense framework significantly outperforms existing research.
arXiv Detail & Related papers (2024-06-06T07:24:41Z) - A Proactive Decoy Selection Scheme for Cyber Deception using MITRE ATT&CK [0.9831489366502301]
Cyber deception allows compensating the late response of defenders to the ever evolving tactics, techniques, and procedures (TTPs) of attackers.
In this work, we design a decoy selection scheme that is supported by an adversarial modeling based on empirical observation of real-world attackers.
Results reveal that the proposed scheme provides the highest interception rate of attack paths using the lowest amount of decoys.
arXiv Detail & Related papers (2024-04-19T10:45:05Z) - Discriminative Adversarial Unlearning [40.30974185546541]
We introduce a novel machine unlearning framework founded upon the established principles of the min-max optimization paradigm.
We capitalize on the capabilities of strong Membership Inference Attacks (MIA) to facilitate the unlearning of specific samples from a trained model.
Our proposed algorithm closely approximates the ideal benchmark of retraining from scratch for both random sample forgetting and class-wise forgetting schemes.
arXiv Detail & Related papers (2024-02-10T03:04:57Z) - Mutual-modality Adversarial Attack with Semantic Perturbation [81.66172089175346]
We propose a novel approach that generates adversarial attacks in a mutual-modality optimization scheme.
Our approach outperforms state-of-the-art attack methods and can be readily deployed as a plug-and-play solution.
arXiv Detail & Related papers (2023-12-20T05:06:01Z) - Defense Against Model Extraction Attacks on Recommender Systems [53.127820987326295]
We introduce Gradient-based Ranking Optimization (GRO) to defend against model extraction attacks on recommender systems.
GRO aims to minimize the loss of the protected target model while maximizing the loss of the attacker's surrogate model.
Results show GRO's superior effectiveness in defending against model extraction attacks.
arXiv Detail & Related papers (2023-10-25T03:30:42Z) - Deep Reinforcement Learning for Cyber System Defense under Dynamic
Adversarial Uncertainties [5.78419291062552]
We propose a data-driven deep reinforcement learning framework to learn proactive, context-aware defense countermeasures.
A dynamic defense optimization problem is formulated with multiple protective postures against different types of adversaries.
arXiv Detail & Related papers (2023-02-03T08:33:33Z) - A Multi-objective Memetic Algorithm for Auto Adversarial Attack
Optimization Design [1.9100854225243937]
Well-designed adversarial defense strategies can improve the robustness of deep learning models against adversarial examples.
Given the defensed model, the efficient adversarial attack with less computational burden and lower robust accuracy is needed to be further exploited.
We propose a multi-objective memetic algorithm for auto adversarial attack optimization design, which realizes the automatical search for the near-optimal adversarial attack towards defensed models.
arXiv Detail & Related papers (2022-08-15T03:03:05Z) - Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the
Age of AI-NIDS [70.60975663021952]
We study blackbox adversarial attacks on network classifiers.
We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions.
We show that a continual learning approach is required to study attacker-defender dynamics.
arXiv Detail & Related papers (2021-11-23T23:42:16Z) - Model-Agnostic Meta-Attack: Towards Reliable Evaluation of Adversarial
Robustness [53.094682754683255]
We propose a Model-Agnostic Meta-Attack (MAMA) approach to discover stronger attack algorithms automatically.
Our method learns the in adversarial attacks parameterized by a recurrent neural network.
We develop a model-agnostic training algorithm to improve the ability of the learned when attacking unseen defenses.
arXiv Detail & Related papers (2021-10-13T13:54:24Z) - Targeted Attack against Deep Neural Networks via Flipping Limited Weight
Bits [55.740716446995805]
We study a novel attack paradigm, which modifies model parameters in the deployment stage for malicious purposes.
Our goal is to misclassify a specific sample into a target class without any sample modification.
By utilizing the latest technique in integer programming, we equivalently reformulate this BIP problem as a continuous optimization problem.
arXiv Detail & Related papers (2021-02-21T03:13:27Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.