ZETAR: Modeling and Computational Design of Strategic and Adaptive
Compliance Policies
- URL: http://arxiv.org/abs/2204.02294v2
- Date: Sat, 14 Oct 2023 01:37:44 GMT
- Title: ZETAR: Modeling and Computational Design of Strategic and Adaptive
Compliance Policies
- Authors: Linan Huang and Quanyan Zhu
- Abstract summary: We develop ZETAR, a zero-trust audit and recommendation framework, to provide a quantitative approach to model insiders' incentives.
We identify the policy separability principle and the set convexity, which enable finite-step algorithms to efficiently learn the Completely Trustworthy (CT) policy set.
Our results show that ZETAR can well adapt to insiders with different risk and compliance attitudes and significantly improve compliance.
- Score: 19.9521399287127
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Compliance management plays an important role in mitigating insider threats.
Incentive design is a proactive and non-invasive approach to achieving
compliance by aligning an insider's incentive with the defender's security
objective, which motivates (rather than commands) an insider to act in the
organization's interests. Controlling insiders' incentives for population-level
compliance is challenging because they are neither precisely known nor directly
controllable. To this end, we develop ZETAR, a zero-trust audit and
recommendation framework, to provide a quantitative approach to model insiders'
incentives and design customized recommendation policies to improve their
compliance. We formulate primal and dual convex programs to compute the optimal
bespoke recommendation policies. We create the theoretical underpinning for
understanding trust, compliance, and satisfaction, which leads to scoring
mechanisms of how compliant and persuadable an insider is. After classifying
insiders as malicious, self-interested, or amenable based on their incentive
misalignment levels with the defender, we establish bespoke information
disclosure principles for these insiders of different incentive categories. We
identify the policy separability principle and the set convexity, which enable
finite-step algorithms to efficiently learn the Completely Trustworthy (CT)
policy set when insiders' incentives are unknown. Finally, we present a case
study to corroborate the design. Our results show that ZETAR can well adapt to
insiders with different risk and compliance attitudes and significantly improve
compliance. Moreover, trustworthy recommendations can provably promote cyber
hygiene and insiders' satisfaction.
Related papers
- Responsible AI in Open Ecosystems: Reconciling Innovation with Risk Assessment and Disclosure [4.578401882034969]
We focus on how model performance evaluation may inform or inhibit probing of model limitations, biases, and other risks.
Our findings can inform AI providers and legal scholars in designing interventions and policies that preserve open-source innovation while incentivizing ethical uptake.
arXiv Detail & Related papers (2024-09-27T19:09:40Z) - The Pitfalls and Promise of Conformal Inference Under Adversarial Attacks [90.52808174102157]
In safety-critical applications such as medical imaging and autonomous driving, it is imperative to maintain both high adversarial robustness to protect against potential adversarial attacks.
A notable knowledge gap remains concerning the uncertainty inherent in adversarially trained models.
This study investigates the uncertainty of deep learning models by examining the performance of conformal prediction (CP) in the context of standard adversarial attacks.
arXiv Detail & Related papers (2024-05-14T18:05:19Z) - Technocracy, pseudoscience and performative compliance: the risks of
privacy risk assessments. Lessons from NIST's Privacy Risk Assessment
Methodology [0.0]
Privacy risk assessments have been touted as an objective, principled way to encourage organizations to implement privacy-by-design.
Existing guidelines and methods remain vague, and there is little empirical evidence on privacy harms.
We highlight the limitations and pitfalls of what is essentially a utilitarian and technocratic approach.
arXiv Detail & Related papers (2023-08-24T01:32:35Z) - On the Complexity of Adversarial Decision Making [101.14158787665252]
We show that the Decision-Estimation Coefficient is necessary and sufficient to obtain low regret for adversarial decision making.
We provide new structural results that connect the Decision-Estimation Coefficient to variants of other well-known complexity measures.
arXiv Detail & Related papers (2022-06-27T06:20:37Z) - Towards a multi-stakeholder value-based assessment framework for
algorithmic systems [76.79703106646967]
We develop a value-based assessment framework that visualizes closeness and tensions between values.
We give guidelines on how to operationalize them, while opening up the evaluation and deliberation process to a wide range of stakeholders.
arXiv Detail & Related papers (2022-05-09T19:28:32Z) - Bayesian Persuasion for Algorithmic Recourse [28.586165301962485]
In some situations, the underlying predictive model is deliberately kept secret to avoid gaming.
This opacity forces the decision subjects to rely on incomplete information when making strategic feature modifications.
We capture such settings as a game of Bayesian persuasion, in which the decision-maker sends a signal, e.g., an action recommendation, to a decision subject to incentivize them to take desirable actions.
arXiv Detail & Related papers (2021-12-12T17:18:54Z) - Trustworthy Artificial Intelligence and Process Mining: Challenges and
Opportunities [0.8602553195689513]
We show that process mining can provide a useful framework for gaining fact-based visibility to AI compliance process execution.
We provide for an automated approach to analyze, remediate and monitor uncertainty in AI regulatory compliance processes.
arXiv Detail & Related papers (2021-10-06T12:50:47Z) - Policy Gradient Bayesian Robust Optimization for Imitation Learning [49.881386773269746]
We derive a novel policy gradient-style robust optimization approach, PG-BROIL, to balance expected performance and risk.
Results suggest PG-BROIL can produce a family of behaviors ranging from risk-neutral to risk-averse.
arXiv Detail & Related papers (2021-06-11T16:49:15Z) - Training Value-Aligned Reinforcement Learning Agents Using a Normative
Prior [10.421378728492437]
It is increasingly a prospect that an agent trained to perform a task optimally, using only a measure of task performance as feedback, can violate societal norms for acceptable behavior or cause harm.
We introduce an approach to value-aligned reinforcement learning, in which we train an agent with two reward signals: a standard task performance reward, plus a normative behavior reward.
We show how variations on a policy shaping technique can balance these two sources of reward and produce policies that are both effective and perceived as being more normative.
arXiv Detail & Related papers (2021-04-19T17:33:07Z) - Privacy-Constrained Policies via Mutual Information Regularized Policy Gradients [54.98496284653234]
We consider the task of training a policy that maximizes reward while minimizing disclosure of certain sensitive state variables through the actions.
We solve this problem by introducing a regularizer based on the mutual information between the sensitive state and the actions.
We develop a model-based estimator for optimization of privacy-constrained policies.
arXiv Detail & Related papers (2020-12-30T03:22:35Z) - Reliable Off-policy Evaluation for Reinforcement Learning [53.486680020852724]
In a sequential decision-making problem, off-policy evaluation estimates the expected cumulative reward of a target policy.
We propose a novel framework that provides robust and optimistic cumulative reward estimates using one or multiple logged data.
arXiv Detail & Related papers (2020-11-08T23:16:19Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.