Adaptive Mitigation of Insider Threats via Off-Policy Learning

TL;DR

This paper introduces an off-policy learning-based mitigation strategy for insider threats, enabling decision makers to adaptively counteract covert malicious behaviors without prior knowledge of insider intentions.

Contribution

It proposes a novel game-theoretic framework and a periodic off-policy learning scheme for real-time insider threat mitigation in continuous-time systems.

Findings

Convergence guarantees for the learning process and system stability are established.

The mitigation performance is characterized under different threat levels.

The scheme adapts to various insider behavioral patterns without prior threat knowledge.

Abstract

An insider is a team member who covertly deviates from the team's optimal collaborative strategy to pursue a private objective while still appearing cooperative. Such an insider may initially behave cooperatively but later switch to selfish or malicious actions, thereby degrading collective performance, threatening mission success, and compromising operational safety. In this paper, we study such insider threats within an insider-aware, game-theoretic formulation, where the insider interacts with a decision maker (DM) under a continuous-time switched system, with each time interval characterized by a distinct insider behavioral pattern or threat level. We develop a periodic off-policy mitigation scheme that enables the DM to learn optimal mitigation policies from online data when encountering different insider threats, without requiring a priori knowledge of insider intentions. By designing appropriate conditions on the inter-learning interval time, we establish convergence guarantees for both the learning process and the closed-loop system, and characterize the corresponding mitigation performance achieved by the DM.