All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Discovering Imperfectly Observable Adversarial Actions Using Anomaly Detection

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F20%3A00347510" target="_blank" >RIV/68407700:21230/20:00347510 - isvavai.cz</a>

  • Result on the web

    <a href="https://arxiv.org/ftp/arxiv/papers/2004/2004.10638.pdf" target="_blank" >https://arxiv.org/ftp/arxiv/papers/2004/2004.10638.pdf</a>

  • DOI - Digital Object Identifier

Alternative languages

  • Result language

    angličtina

  • Original language name

    Discovering Imperfectly Observable Adversarial Actions Using Anomaly Detection

  • Original language description

    Defenders in security problems often use anomaly detection (AD) to examine effects of (adversarial) actions and detect malicious behavior. Attackers seek to accomplish their goal (e.g., exfiltrate data) while avoiding the detection. Game theory can be used to reason about this interaction. While AD has been used in game-theoretic frameworks before, we extend the existing works to more realistic settings by (1) allowing players to have continuous action spaces and (2) assuming that the defender cannot perfectly observe the action of the attacker. We solve our model by (1) extending existing algorithms that discretize the action spaces and use linear programming and (2) by training a neural network using an algorithm based on exploitability descent, termed EDA. While both algorithms are applicable for low feature-space dimensions, EDA produces less exploitable strategies and scales to higher dimensions. In a data exfiltration scenario, EDA outperforms a range of classifiers when facing a targeted exploitative attacker.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/EF16_019%2F0000765" target="_blank" >EF16_019/0000765: Research Center for Informatics</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2020

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Proceedings of the 19th International Conference on Autonomous Agents and Multi-Agent Systems

  • ISBN

    978-1-4503-7518-4

  • ISSN

    1548-8403

  • e-ISSN

  • Number of pages

    3

  • Pages from-to

    1969-1971

  • Publisher name

    IFAAMAS

  • Place of publication

    County of Richland

  • Event location

    Auckland

  • Event date

    May 9, 2020

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

Optimizing Honeypot Strategies Against Dynamic Lateral Movement Using Partially Observable Stochastic GamesGame-theoretic Analysis of Detecting Data ExfiltrationUsing One-Sided Partially Observable Stochastic Games for Solving Zero-Sum Security Games with Sequential Attacks