70,772 research outputs found
Path Planning Problems with Side Observations-When Colonels Play Hide-and-Seek
Resource allocation games such as the famous Colonel Blotto (CB) and
Hide-and-Seek (HS) games are often used to model a large variety of practical
problems, but only in their one-shot versions. Indeed, due to their extremely
large strategy space, it remains an open question how one can efficiently learn
in these games. In this work, we show that the online CB and HS games can be
cast as path planning problems with side-observations (SOPPP): at each stage, a
learner chooses a path on a directed acyclic graph and suffers the sum of
losses that are adversarially assigned to the corresponding edges; and she then
receives semi-bandit feedback with side-observations (i.e., she observes the
losses on the chosen edges plus some others). We propose a novel algorithm,
EXP3-OE, the first-of-its-kind with guaranteed efficient running time for SOPPP
without requiring any auxiliary oracle. We provide an expected-regret bound of
EXP3-OE in SOPPP matching the order of the best benchmark in the literature.
Moreover, we introduce additional assumptions on the observability model under
which we can further improve the regret bounds of EXP3-OE. We illustrate the
benefit of using EXP3-OE in SOPPP by applying it to the online CB and HS games.Comment: Previously, this work appeared as arXiv:1911.09023 which was
mistakenly submitted as a new article (has been submitted to be withdrawn).
This is a preprint of the work published in Proceedings of the 34th AAAI
Conference on Artificial Intelligence (AAAI
On a Generic Security Game Model
To protect the systems exposed to the Internet against attacks, a security
system with the capability to engage with the attacker is needed. There have
been attempts to model the engagement/interactions between users, both benign
and malicious, and network administrators as games. Building on such works, we
present a game model which is generic enough to capture various modes of such
interactions. The model facilitates stochastic games with imperfect
information. The information is imperfect due to erroneous sensors leading to
incorrect perception of the current state by the players. To model this error
in perception distributed over other multiple states, we use Euclidean
distances between the outputs of the sensors. We build a 5-state game to
represent the interaction of the administrator with the user. The states
correspond to 1) the user being out of the system in the Internet, and after
logging in to the system; 2) having low privileges; 3) having high privileges;
4) when he successfully attacks and 5) gets trapped in a honeypot by the
administrator. Each state has its own action set. We present the game with a
distinct perceived action set corresponding to each distinct information set of
these states. The model facilitates stochastic games with imperfect
information. The imperfect information is due to erroneous sensors leading to
incorrect perception of the current state by the players. To model this error
in perception distributed over the states, we use Euclidean distances between
outputs of the sensors. A numerical simulation of an example game is presented
to show the evaluation of rewards to the players and the preferred strategies.
We also present the conditions for formulating the strategies when dealing with
more than one attacker and making collaborations.Comment: 31 page
Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Broadly speaking an individual can invest time and effort to avoid becoming victim to a cyber attack and/or they can invest resource in recovering from any attack. We introduce a new game called the pre-vention and recovery game to study this trade-off. We report results from the experimental lab that allow us to categorize different approaches to risk taking. We show that many individuals appear relatively risk loving in that they invest in recovery rather than prevention. We find little difference in behavior between a gain and loss framing
Pinocchio's Pupil: Using Eyetracking and Pupil Dilation to Understand Truth Telling and Deception in Sender-Receiver Games
We report experiments on sender-receiver games with an incentive for senders to exaggerate. Subjects "overcommunicate" -- messages are more informative of the true state than they should be, in equilibrium. Eyetracking shows that senders look at payoffs in a way that is consistent with a level-k model. A combination of sender messages and lookup patterns predicts the true state about twice as often as predicted by equilibrium. Using these measures to infer the state would enable receiver subjects to hypothetically earn 16-21 percent more than they actually do, an economic value of 60 percent of the maximum increment
Is It Safe to Uplift This Patch? An Empirical Study on Mozilla Firefox
In rapid release development processes, patches that fix critical issues, or
implement high-value features are often promoted directly from the development
channel to a stabilization channel, potentially skipping one or more
stabilization channels. This practice is called patch uplift. Patch uplift is
risky, because patches that are rushed through the stabilization phase can end
up introducing regressions in the code. This paper examines patch uplift
operations at Mozilla, with the aim to identify the characteristics of uplifted
patches that introduce regressions. Through statistical and manual analyses, we
quantitatively and qualitatively investigate the reasons behind patch uplift
decisions and the characteristics of uplifted patches that introduced
regressions. Additionally, we interviewed three Mozilla release managers to
understand organizational factors that affect patch uplift decisions and
outcomes. Results show that most patches are uplifted because of a wrong
functionality or a crash. Uplifted patches that lead to faults tend to have
larger patch size, and most of the faults are due to semantic or memory errors
in the patches. Also, release managers are more inclined to accept patch uplift
requests that concern certain specific components, and-or that are submitted by
certain specific developers.Comment: In proceedings of the 33rd International Conference on Software
Maintenance and Evolution (ICSME 2017
- …