MULTI-ARMED BANDIT MODELS FOR EXPLOITATION OF CYBER NETWORKS

Abstract

Computer networks are often the target of cyber attacks carried out by malevolent agents, to either disable critical system operations or to surreptitiously gain access to sensitive data. The asymmetric and covert nature of cyber attacks has led to their increased prevalence, where high-impact attacks on critical infrastructure can be launched with minimal resources. We consider the setup of a network switch and its connected nodes, and use multi-armed bandit models as a framework to formulate a network attack strategy to maximize expected rewards earned over time. Such models present upper confidence bound–based approaches on the cumulative regret, through optimal choice of possible attacker actions over a finite time horizon and bounded action space. We evaluate relevant multi-armed bandit models and develop our own algorithm. Numerical simulations consistently suggest that low cumulative regret is achieved over time for our algorithm in comparison to the other algorithms evaluated. We thus present a stylized model for strategic network exploitation, with the attacker having no prior knowledge of the rewards of various nodes in a network with a star topology. This enables effective network defenses to be continually developed, based on specific network topologies and reward feedback mechanisms.