Reinforcement Learning


Multi-agent reinforcement learning (MARL) algorithms gradually learn good (ideally optimal) strategies with respect to long-term goals through trial-and-error interactions with both the opponent and the unknown dynamic environment. 
The Stochastic Game (SG), together with MARL can address the environmental dynamics in security games in a systematic manner.


[1] A comprehensive survey of multi-agent reinforcement learning, by L. Busoniu, R. Babuska, and B. De Schutter, in IEEE Trans. Syst., Man, Cybern. C, 2008

[2] Improving Learning and Adaptation in Security Games by Exploiting Information Asymmetry, by Xiaofan He. Huaiyu Dai and Peng Ning, in INFOCOM 2015

[Video] Machine Learning and Big Data in Cyber Security

Source: Machine Learning and Big Data in Cyber Security Eyal Kolman Technion lecture
Speaker: by yal Kolman of RSA given at Technion-Israel Institute of Technoloy, Technion Computer Engineering summer school 2014


  • This video discusses about the challenging in applying machine learning to detect attacks. 
  • It also introduces 3 case studies of how to use machine learning in the domain of security.


  • High cost of errors
    • If the detection generates a lot of wrong alerts, then the detection is not useful.
  • Data is not public
    • Most of the security data are private
  • Semantic gam
    • Detection is not enough
  • Evaluation difficulty
    • There are few labels
    • There are few attacks

Case Studies

  • Detect inpersonation 
    • based on users behavior
    • locations
  • Detect fraud in bank account
  • Detect malicious domain
    • Events with cookies
    • Referral