Near-Optimal Blacklisting
This addresses the problem of resource management in systems with malicious agents for applications like networks or services, but it is incremental as it builds on MDP reductions.
The paper tackles the intrusion response problem of permanently blacklisting agents to maximize expected profit, balancing the risks of expelling honest agents and allowing malicious ones, and presents an efficient algorithm (HIPER) that is theoretically near-optimal and experimentally close to the full MDP solution.
Many applications involve agents sharing a resource, such as networks or services. When agents are honest, the system functions well and there is a net profit. Unfortunately, some agents may be malicious, but it may be hard to detect them. We consider the intrusion response problem of how to permanently blacklist agents, in order to maximise expected profit. This is not trivial, as blacklisting may erroneously expel honest agents. Conversely, while we gain information by allowing an agent to remain, we may incur a cost due to malicious behaviour. We present an efficient algorithm (HIPER) for making near-optimal decisions for this problem. Additionally, we derive three algorithms by reducing the problem to a Markov decision process (MDP). Theoretically, we show that HIPER is near-optimal. Experimentally, its performance is close to that of the full MDP solution, when the (stronger) requirements of the latter are met.