A Learning-Based Approach to Reactive Security

TL;DR

This paper demonstrates that reactive security, when combined with learning from past attacks, can be competitive with proactive security and offers robustness advantages, challenging conventional security wisdom.

Contribution

It introduces a game-theoretic model showing reactive security's competitiveness and robustness, using online learning principles to bound performance against proactive strategies.

Findings

Reactive defense can match proactive security under certain conditions.

Reactive strategies are robust to limited attacker information.

The model provides bounds on the performance gap between reactive and proactive defenses.

Abstract

Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker's incentives and knowledge.