Near-Optimal Blacklisting

Many applications involve agents sharing a resource, such as networks or services. When agents are honest, the system functions well and there is a net profit. Unfortunately, some agents may be malicious, but it may be hard to detect them. We consider the intrusion response problem of how to permanently blacklist agents, in order to maximise expected profit. This is not trivial, as blacklisting may erroneously expel honest agents. Conversely, while we gain information by allowing an agent to remain, we may incur a cost due to malicious behaviour. We present an efficient algorithm (HIPER) for making near-optimal decisions for this problem. Additionally, we derive three algorithms by reducing the problem to a Markov decision process (MDP). Theoretically, we show that HIPER is near-optimal. Experimentally, its performance is close to that of the full MDP solution, when the (stronger) requirements of the latter are met.

💡 Research Summary

The paper tackles the problem of permanently blacklisting agents that share a common resource—such as a network or a service—in order to maximize the expected long‑term profit of the system. In a mixed environment, honest agents generate revenue while malicious agents cause losses. The decision to blacklist is therefore a trade‑off: expelling a benign agent incurs opportunity cost, whereas keeping a malicious one incurs damage cost. The authors formalize this “intrusion response” problem as a sequential decision‑making task with two explicit cost components: false‑positive cost (C_fp) for wrongly removing an honest agent, and false‑negative cost (C_fn) for allowing a malicious agent to continue operating.

Each agent i is characterized by an unknown maliciousness probability θ_i. The authors assume a Bayesian prior (typically a Beta distribution) over θ_i and update the posterior as observations (e.g., request logs, behavioral features) accumulate. Observations are modeled by distinct likelihoods for honest and malicious agents, allowing the system to compute a posterior confidence interval for θ_i at any time step.

The core contribution is the HIPER algorithm—High‑Probability Efficient REjection. HIPER computes an upper confidence bound (UCB) on the posterior of θ_i and compares it to a threshold τ. If the UCB exceeds τ, the agent is permanently blacklisted; otherwise, the system continues to observe. The threshold τ is derived by minimizing the expected loss: τ = arg min_τ