We study automated intrusion prevention using reinforcement learning. In a novel approach, we formulate the problem of intrusion prevention as an optimal stopping problem. This formulation allows us insight into the structure of the optimal policies, which turn out to be threshold based. Since the computation of the optimal defender policy using dynamic programming is not feasible for practical cases, we approximate the optimal policy through reinforcement learning in a simulation environment. To define the dynamics of the simulation, we emulate the target infrastructure and collect measurements. Our evaluations show that the learned policies are close to optimal and that they indeed can be expressed using thresholds.
翻译:我们用强化学习方法研究自动入侵预防。我们用一种新颖的方法将入侵预防问题作为最佳制止问题。这一方法使我们能够深入了解最佳政策的结构,而最佳政策的结构最终以门槛为基础。由于使用动态方案计算最佳防御政策对实际案例不可行,我们通过模拟环境中的强化学习来比较最佳政策。为了界定模拟的动态,我们效仿目标基础设施并收集测量数据。我们的评估表明,所学政策接近最佳,而且确实可以用阈值来表达。