A Learning-Based Approach to Reactive Security

  • Adam Barth
  • Benjamin I. P. Rubinstein
  • Mukund Sundararajan
  • John C. Mitchell
  • Dawn Song
  • Peter L. Bartlett
Conference paper

DOI: 10.1007/978-3-642-14577-3_16

Volume 6052 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Barth A., Rubinstein B.I.P., Sundararajan M., Mitchell J.C., Song D., Bartlett P.L. (2010) A Learning-Based Approach to Reactive Security. In: Sion R. (eds) Financial Cryptography and Data Security. FC 2010. Lecture Notes in Computer Science, vol 6052. Springer, Berlin, Heidelberg

Abstract

Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender’s strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker’s incentives and knowledge.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Adam Barth
    • 1
  • Benjamin I. P. Rubinstein
    • 1
  • Mukund Sundararajan
    • 3
  • John C. Mitchell
    • 4
  • Dawn Song
    • 1
  • Peter L. Bartlett
    • 1
    • 2
  1. 1.Computer Science Division 
  2. 2.Department of StatisticsUC Berkeley 
  3. 3.Google Inc.Mountain ViewCA
  4. 4.Department of Computer ScienceStanford University