Learning-Based Cost-Aware Defense of Parallel Server Systems against Malicious Attacks

TL;DR

This paper introduces a learning algorithm for cost-aware defense strategies in parallel server systems, effectively balancing security costs and system performance against malicious cyber attacks.

Contribution

It develops an approximate minimax-Q learning algorithm with interpretable linear approximation for efficient, convergent security strategy computation in cyber-physical systems.

Findings

Algorithm converges 50 times faster than neural network methods.

Achieves an optimality gap of 4-8%.

Demonstrates effectiveness in simulation scenarios.

Abstract

We consider the cyber-physical security of parallel server systems, which is relevant for a variety of engineering applications such as networking, manufacturing, and transportation. These systems rely on feedback control and may thus be vulnerable to malicious attacks such as denial-of-service, data falsification, and instruction manipulations. In this paper, we develop a learning algorithm that computes a defensive strategy to balance technological cost for defensive actions and performance degradation due to cyber attacks as mentioned above. We consider a zero-sum Markov security game. We develop an approximate minimax-Q learning algorithm that efficiently computes the equilibrium of the game, and thus a cost-aware defensive strategy. The algorithm uses interpretable linear function approximation tailored to the system structure. We show that, under mild assumptions, the algorithm converges with probability one to an approximate Markov perfect equilibrium. We first use a Lyapunov method to address the unbounded temporal-difference error due to the unbounded state space. We then use an ordinary differential equation-based argument to establish convergence. Simulation results demonstrate that our algorithm converges about 50 times faster than a representative neural network-based method, with an insignificant optimality gap between 4\%--8\%, depending on the complexity of the linear approximator and the number of parallel servers.