A Quantal Response Analysis of Defender-Attacker Sequential Security Games
- URL: http://arxiv.org/abs/2408.00964v1
- Date: Fri, 2 Aug 2024 00:40:48 GMT
- Title: A Quantal Response Analysis of Defender-Attacker Sequential Security Games
- Authors: Md Reya Shad Azim, Mustafa Abdallah,
- Abstract summary: We explore a scenario involving two sites and a sequential game between a defender and an attacker.
The attacker's objective is to target the site that maximizes the expected loss for the defender, taking into account the defender's security investments.
We consider quantal behavioral bias, where humans make errors in selecting efficient (pure) strategies.
- Score: 1.3022753212679383
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: We explore a scenario involving two sites and a sequential game between a defender and an attacker, where the defender is responsible for securing the sites while the attacker aims to attack them. Each site holds a loss value for the defender when compromised, along with a probability of successful attack. The defender can reduce these probabilities through security investments at each site. The attacker's objective is to target the site that maximizes the expected loss for the defender, taking into account the defender's security investments. While previous studies have examined security investments in such scenarios, our work investigates the impact of bounded rationality exhibited by the defender, as identified in behavioral economics. Specifically, we consider quantal behavioral bias, where humans make errors in selecting efficient (pure) strategies. We demonstrate the existence of a quantal response equilibrium in our sequential game and analyze how this bias affects the defender's choice of optimal security investments. Additionally, we quantify the inefficiency of equilibrium investments under quantal decision-making compared to an optimal solution devoid of behavioral biases. We provide numerical simulations to validate our main findings.
Related papers
- Better Prevent than Tackle: Valuing Defense in Soccer Based on Graph Neural Networks [22.27208191198993]
DEFCON (DEFensive CONtribution evaluator) is a framework that quantifies player-level defensive contributions for every attacking situation in soccer.<n>DEFCON estimates the success probability and expected value of each attacking option, along with each defender's responsibility for stopping it.<n>It assigns positive or negative credits to defenders according to whether they reduced or increased the opponent's Expected Possession Value.
arXiv Detail & Related papers (2025-12-11T07:12:23Z) - The Attacker Moves Second: Stronger Adaptive Attacks Bypass Defenses Against Llm Jailbreaks and Prompt Injections [74.60337113759313]
Current defenses against jailbreaks and prompt injections are typically evaluated against a static set of harmful attack strings.<n>We argue that this evaluation process is flawed. Instead, we should evaluate defenses against adaptive attackers who explicitly modify their attack strategy to counter a defense's design.
arXiv Detail & Related papers (2025-10-10T05:51:04Z) - Optimizing Preventive and Reactive Defense Resource Allocation with Uncertain Sensor Signals [6.243678490046079]
We show that the optimal investment in preventive resources increases, and thus reactive resource investment decreases, with higher sensor quality.<n>We also show that the defender's performance improvement, relative to a baseline of no sensors employed, is maximal when the attacker can only achieve low attack success probabilities.
arXiv Detail & Related papers (2025-08-04T20:21:55Z) - Chasing Moving Targets with Online Self-Play Reinforcement Learning for Safer Language Models [55.28518567702213]
Conventional language model (LM) safety alignment relies on a reactive, disjoint procedure: attackers exploit a static model, followed by defensive fine-tuning to patch exposed vulnerabilities.<n>This sequential approach creates a mismatch -- attackers overfit to obsolete defenses, while defenders perpetually lag behind emerging threats.<n>We propose Self-RedTeam, an online self-play reinforcement learning algorithm where an attacker and defender agent co-evolve through continuous interaction.
arXiv Detail & Related papers (2025-06-09T06:35:12Z) - Less is more? Rewards in RL for Cyber Defence [0.24578723416255752]
We evaluate whether sparse reward functions might enable training more effective cyber defence agents.
Our results show that sparse rewards, particularly positive reinforcement for an uncompromised network state, enable the training of more effective cyber defence agents.
arXiv Detail & Related papers (2025-03-05T07:53:39Z) - Deceptive Sequential Decision-Making via Regularized Policy Optimization [54.38738815697299]
Two regularization strategies for policy synthesis problems that actively deceive an adversary about a system's underlying rewards are presented.
We show how each form of deception can be implemented in policy optimization problems.
We show that diversionary deception can cause the adversary to believe that the most important agent is the least important, while attaining a total accumulated reward that is $98.83%$ of its optimal, non-deceptive value.
arXiv Detail & Related papers (2025-01-30T23:41:40Z) - The Price of Pessimism for Automated Defense [0.06599842398809413]
We demonstrate that preparing for the worst case rather than the most probable case may yield suboptimal outcomes for learning agents.
By considering different models of attacker knowledge about the state of the game and a defender's hidden information, we find that there is a cost to the defender for optimizing against the worst case.
arXiv Detail & Related papers (2024-09-28T04:54:23Z) - Criticality and Safety Margins for Reinforcement Learning [53.10194953873209]
We seek to define a criticality framework with both a quantifiable ground truth and a clear significance to users.
We introduce true criticality as the expected drop in reward when an agent deviates from its policy for n consecutive random actions.
We also introduce the concept of proxy criticality, a low-overhead metric that has a statistically monotonic relationship to true criticality.
arXiv Detail & Related papers (2024-09-26T21:00:45Z) - Confidence-driven Sampling for Backdoor Attacks [49.72680157684523]
Backdoor attacks aim to surreptitiously insert malicious triggers into DNN models, granting unauthorized control during testing scenarios.
Existing methods lack robustness against defense strategies and predominantly focus on enhancing trigger stealthiness while randomly selecting poisoned samples.
We introduce a straightforward yet highly effective sampling methodology that leverages confidence scores. Specifically, it selects samples with lower confidence scores, significantly increasing the challenge for defenders in identifying and countering these attacks.
arXiv Detail & Related papers (2023-10-08T18:57:36Z) - Cooperation or Competition: Avoiding Player Domination for Multi-Target
Robustness via Adaptive Budgets [76.20705291443208]
We view adversarial attacks as a bargaining game in which different players negotiate to reach an agreement on a joint direction of parameter updating.
We design a novel framework that adjusts the budgets of different adversaries to avoid any player dominance.
Experiments on standard benchmarks show that employing the proposed framework to the existing approaches significantly advances multi-target robustness.
arXiv Detail & Related papers (2023-06-27T14:02:10Z) - Randomness in ML Defenses Helps Persistent Attackers and Hinders
Evaluators [49.52538232104449]
It is becoming increasingly imperative to design robust ML defenses.
Recent work has found that many defenses that initially resist state-of-the-art attacks can be broken by an adaptive adversary.
We take steps to simplify the design of defenses and argue that white-box defenses should eschew randomness when possible.
arXiv Detail & Related papers (2023-02-27T01:33:31Z) - Adversarial Machine Learning and Defense Game for NextG Signal
Classification with Deep Learning [1.1726528038065764]
NextG systems can employ deep neural networks (DNNs) for various tasks such as user equipment identification, physical layer authentication, and detection of incumbent users.
This paper presents a game-theoretic framework to study the interactions of attack and defense for deep learning-based NextG signal classification.
arXiv Detail & Related papers (2022-12-22T15:13:03Z) - Simulation of Attacker Defender Interaction in a Noisy Security Game [1.967117164081002]
We introduce a security game framework that simulates interplay between attackers and defenders in a noisy environment.
We demonstrate the importance of making the right assumptions about attackers, given significant differences in outcomes.
There is a measurable trade-off between false-positives and true-positives in terms of attacker outcomes.
arXiv Detail & Related papers (2022-12-08T14:18:44Z) - On Almost-Sure Intention Deception Planning that Exploits Imperfect
Observers [24.11353445650682]
Intention deception involves computing a strategy which deceives the opponent into a wrong belief about the agent's intention or objective.
This paper studies a class of probabilistic planning problems with intention deception and investigates how a defender's limited sensing modality can be exploited.
arXiv Detail & Related papers (2022-09-01T16:38:03Z) - Increasing Confidence in Adversarial Robustness Evaluations [53.2174171468716]
We propose a test to identify weak attacks and thus weak defense evaluations.
Our test slightly modifies a neural network to guarantee the existence of an adversarial example for every sample.
For eleven out of thirteen previously-published defenses, the original evaluation of the defense fails our test, while stronger attacks that break these defenses pass it.
arXiv Detail & Related papers (2022-06-28T13:28:13Z) - A Game-Theoretic Approach for AI-based Botnet Attack Defence [5.020067709306813]
New generation of botnets leverage Artificial Intelligent (AI) techniques to conceal the identity of botmasters and the attack intention to avoid detection.
There has not been an existing assessment tool capable of evaluating the effectiveness of existing defense strategies against this kind of AI-based botnet attack.
We propose a sequential game theory model that is capable to analyse the details of the potential strategies botnet attackers and defenders could use to reach Nash Equilibrium (NE)
arXiv Detail & Related papers (2021-12-04T02:53:40Z) - Reliable evaluation of adversarial robustness with an ensemble of
diverse parameter-free attacks [65.20660287833537]
In this paper we propose two extensions of the PGD-attack overcoming failures due to suboptimal step size and problems of the objective function.
We then combine our novel attacks with two complementary existing ones to form a parameter-free, computationally affordable and user-independent ensemble of attacks to test adversarial robustness.
arXiv Detail & Related papers (2020-03-03T18:15:55Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.