kth.sePublications KTH
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Online Incident Response Planning under Model Misspecification through Bayesian Learning and Belief Quantization
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0003-1773-8354
City University of Hong Kong, Hong Kong, China.
2025 (English)In: Proceedings of the 18th ACM Workshop on Artificial Intelligence and Security, AISec 2025, Association for Computing Machinery (ACM) , 2025, p. 40-51Conference paper, Published paper (Refereed)
Abstract [en]

Effective responses to cyberattacks require fast decisions, even when information about the attack is incomplete or inaccurate. However, most decision-support frameworks for incident response rely on a detailed system model that describes the incident, which restricts their practical utility. In this paper, we address this limitation and present an online method for incident response planning under model misspecification, which we call mobal: Misspecified Online Bayesian Learning. mobal iteratively refines a conjecture about the model through Bayesian learning as new information becomes available, which facilitates model adaptation as the incident unfolds. To determine effective responses online, we quantize the conjectured model into a finite Markov model, which enables efficient response planning through dynamic programming. We prove that Bayesian learning is asymptotically consistent with respect to the information feedback. Additionally, we establish bounds on misspecification and quantization errors. Experiments on the cage-2 benchmark show that mobal outperforms the state of the art in terms of adaptability and robustness to model misspecification.
Place, publisher, year, edition, pages
Association for Computing Machinery (ACM) , 2025. p. 40-51
Keywords [en]
Bayesian learning, Cybersecurity, incident response, misspecification, network security., POMDP, reinforcement learning
National Category
Probability Theory and Statistics Computer Sciences
Identifiers
URN: urn:nbn:se:kth:diva-375955DOI: 10.1145/3733799.3762965Scopus ID: 2-s2.0-105027195480OAI: oai:DiVA.org:kth-375955DiVA, id: diva2:2033389
Conference
18th ACM Workshop on Artificial Intelligence and Security, AISec 2025, Taipei, Taiwan, Oct 13 2025 - Oct 17 2025
Note

Part of ISBN 9798400718953

QC 20260129

Available from: 2026-01-29 Created: 2026-01-29 Last updated: 2026-01-29Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Hammar, Kim

Search in DiVA

By author/editor
Hammar, Kim
By organisation
Network and Systems Engineering
Probability Theory and StatisticsComputer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 4 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub
|
About Open Access