Model-Based Explanation For Human-in-the-Loop Security - October 2018
PI(s), Co-PI(s), Researchers: David Garlan, Bradley Schmerl (CMU)
HARD PROBLEM(S) ADDRESSED
Human Behavior
Metrics
Resilient Architectures
PUBLICATIONS
None.
PUBLIC ACCOMPLISHMENT HIGHLIGHTS
Worked on using inverse reinforcement learning (IRL) to learn strategies in an online game. Wrote the game interface to log all states of the game and the action decisions that the player made. Also developed the parsers and feature extractors to pull out the interesting information from the state and make it feasible to use IRL to learn the action policies. We were then able to use, test, and analyze a Python IRL algorithm to demonstrate that it could indeed learn different strategies for different players. We then implemented several explanation algorithms on top of the policies/strategies to be able to summarize the differences in strategies automatically. This work was submitted double blind to a conference.
Advanced persistent threats (APTs) are a particularly troubling threat to software systems. The adversarial nature of the security domain, and APTs in particular, poses unresolved challenges to the design of self-adaptive systems, such as defending against multiple types of attackers with different
goals and capabilities. In this interaction, the observability of each side is an important and under-investigated issue in the self-* domain. We proposed a model of APT defense that elevates observability as a first-class concern. We evaluate this model by showing how an informed approach that uses observability improves the defender's utility compared to a uniform random strategy, as well as demonstrated how the approach can enable robust planning through sensitivity analysis, can inform observability related architectural design decisions, and can scale to realistically long time horizons.
COMMUNITY ENGAGEMENTS (If applicable)
EDUCATIONAL ADVANCES (If applicable)
Work in this past three months included projects carried out by three female undergraduates.