{"id":"https://openalex.org/W3169538914","doi":"https://doi.org/10.23919/cnsm52442.2021.9615542","title":"Learning Intrusion Prevention Policies through Optimal Stopping","display_name":"Learning Intrusion Prevention Policies through Optimal Stopping","publication_year":2021,"publication_date":"2021-10-25","ids":{"openalex":"https://openalex.org/W3169538914","doi":"https://doi.org/10.23919/cnsm52442.2021.9615542","mag":"3169538914"},"language":"en","primary_location":{"id":"doi:10.23919/cnsm52442.2021.9615542","is_oa":false,"landing_page_url":"https://doi.org/10.23919/cnsm52442.2021.9615542","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 17th International Conference on Network and Service Management (CNSM)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2106.07160","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5074576259","display_name":"Kim Hammar","orcid":"https://orcid.org/0000-0003-1773-8354"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Kim Hammar","raw_affiliation_strings":["Division of Network and Systems Engineering, KTH Royal Institute of Technology, Sweden","KTH Center for Cyber Defense and Information Security, Sweden"],"affiliations":[{"raw_affiliation_string":"Division of Network and Systems Engineering, KTH Royal Institute of Technology, Sweden","institution_ids":["https://openalex.org/I86987016"]},{"raw_affiliation_string":"KTH Center for Cyber Defense and Information Security, Sweden","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5035040105","display_name":"Rolf Stadler","orcid":"https://orcid.org/0000-0001-6039-8493"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Rolf Stadler","raw_affiliation_strings":["Division of Network and Systems Engineering, KTH Royal Institute of Technology, Sweden","KTH Center for Cyber Defense and Information Security, Sweden"],"affiliations":[{"raw_affiliation_string":"Division of Network and Systems Engineering, KTH Royal Institute of Technology, Sweden","institution_ids":["https://openalex.org/I86987016"]},{"raw_affiliation_string":"KTH Center for Cyber Defense and Information Security, Sweden","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5074576259"],"corresponding_institution_ids":["https://openalex.org/I86987016"],"apc_list":null,"apc_paid":null,"fwci":2.8669,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.90870683,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"509","last_page":"517"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10462","display_name":"Reinforcement Learning in Robotics","score":0.9930999875068665,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.8508058190345764},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.747112512588501},{"id":"https://openalex.org/keywords/optimal-stopping","display_name":"Optimal stopping","score":0.6774940490722656},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.6755322217941284},{"id":"https://openalex.org/keywords/dynamic-programming","display_name":"Dynamic programming","score":0.6114639639854431},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5574204325675964},{"id":"https://openalex.org/keywords/computation","display_name":"Computation","score":0.5528367757797241},{"id":"https://openalex.org/keywords/mathematical-optimization","display_name":"Mathematical optimization","score":0.47927042841911316},{"id":"https://openalex.org/keywords/optimal-control","display_name":"Optimal control","score":0.42158135771751404},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.35009127855300903},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.1289106011390686},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.09017336368560791}],"concepts":[{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.8508058190345764},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.747112512588501},{"id":"https://openalex.org/C99414536","wikidata":"https://www.wikidata.org/wiki/Q7098950","display_name":"Optimal stopping","level":2,"score":0.6774940490722656},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.6755322217941284},{"id":"https://openalex.org/C37404715","wikidata":"https://www.wikidata.org/wiki/Q380679","display_name":"Dynamic programming","level":2,"score":0.6114639639854431},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5574204325675964},{"id":"https://openalex.org/C45374587","wikidata":"https://www.wikidata.org/wiki/Q12525525","display_name":"Computation","level":2,"score":0.5528367757797241},{"id":"https://openalex.org/C126255220","wikidata":"https://www.wikidata.org/wiki/Q141495","display_name":"Mathematical optimization","level":1,"score":0.47927042841911316},{"id":"https://openalex.org/C91575142","wikidata":"https://www.wikidata.org/wiki/Q1971426","display_name":"Optimal control","level":2,"score":0.42158135771751404},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35009127855300903},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.1289106011390686},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.09017336368560791},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.23919/cnsm52442.2021.9615542","is_oa":false,"landing_page_url":"https://doi.org/10.23919/cnsm52442.2021.9615542","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 17th International Conference on Network and Service Management (CNSM)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2106.07160","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2106.07160","pdf_url":"https://arxiv.org/pdf/2106.07160","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2106.07160","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2106.07160","pdf_url":"https://arxiv.org/pdf/2106.07160","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.550000011920929}],"awards":[],"funders":[{"id":"https://openalex.org/F4320325664","display_name":"F\u00f6rsvarsmakten","ror":"https://ror.org/04qn5a624"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W604762380","https://openalex.org/W1191599655","https://openalex.org/W1515851193","https://openalex.org/W1522301498","https://openalex.org/W1576452626","https://openalex.org/W1592657892","https://openalex.org/W1763073788","https://openalex.org/W2028145673","https://openalex.org/W2032100464","https://openalex.org/W2034725503","https://openalex.org/W2041099338","https://openalex.org/W2044375425","https://openalex.org/W2076337359","https://openalex.org/W2082330137","https://openalex.org/W2091083310","https://openalex.org/W2098432798","https://openalex.org/W2114847643","https://openalex.org/W2119567691","https://openalex.org/W2122945138","https://openalex.org/W2129429132","https://openalex.org/W2135224574","https://openalex.org/W2145182198","https://openalex.org/W2168359464","https://openalex.org/W2296335794","https://openalex.org/W2334782222","https://openalex.org/W2341171179","https://openalex.org/W2478605617","https://openalex.org/W2570679607","https://openalex.org/W2587683584","https://openalex.org/W2603959005","https://openalex.org/W2736601468","https://openalex.org/W2792721951","https://openalex.org/W2808844959","https://openalex.org/W2890946036","https://openalex.org/W2898374736","https://openalex.org/W2952298682","https://openalex.org/W2981967040","https://openalex.org/W2996383434","https://openalex.org/W3011120880","https://openalex.org/W3030336008","https://openalex.org/W3037267797","https://openalex.org/W3101076092","https://openalex.org/W3106354936","https://openalex.org/W3107852229","https://openalex.org/W3169538914","https://openalex.org/W4239466562","https://openalex.org/W4247910874","https://openalex.org/W4287990848","https://openalex.org/W6627932998","https://openalex.org/W6631190155","https://openalex.org/W6637901119","https://openalex.org/W6697144307","https://openalex.org/W6741002519","https://openalex.org/W6765009397","https://openalex.org/W6771538420","https://openalex.org/W6778735030"],"related_works":["https://openalex.org/W2060950178","https://openalex.org/W1932159282","https://openalex.org/W4285537323","https://openalex.org/W2379312070","https://openalex.org/W2133389611","https://openalex.org/W2136173754","https://openalex.org/W2767258356","https://openalex.org/W2110050003","https://openalex.org/W2953025626","https://openalex.org/W1504795361"],"abstract_inverted_index":{"We":[0],"study":[1],"automated":[2],"intrusion":[3,17],"prevention":[4,18],"using":[5,51,105],"reinforcement":[6,66],"learning.":[7],"In":[8],"a":[9,69],"novel":[10],"approach,":[11],"we":[12,60,79],"formulate":[13],"the":[14,30,33,44,47,62,74,77,81,91],"problem":[15],"of":[16,32,46,76],"as":[19],"an":[20],"optimal":[21,34,48,63,97],"stopping":[22],"problem.":[23],"This":[24],"formulation":[25],"allows":[26],"us":[27],"insight":[28],"into":[29],"structure":[31],"policies,":[35],"which":[36],"turn":[37],"out":[38],"to":[39,96],"be":[40,103],"threshold":[41],"based.":[42],"Since":[43],"computation":[45],"defender":[49],"policy":[50,64],"dynamic":[52],"programming":[53],"is":[54],"not":[55],"feasible":[56],"for":[57],"practical":[58],"cases,":[59],"approximate":[61],"through":[65],"learning":[67],"in":[68],"simulation":[70],"environment.":[71],"To":[72],"define":[73],"dynamics":[75],"simulation,":[78],"emulate":[80],"target":[82],"infrastructure":[83],"and":[84,98],"collect":[85],"measurements.":[86],"Our":[87],"evaluations":[88],"show":[89],"that":[90,99],"learned":[92],"policies":[93],"are":[94],"close":[95],"they":[100],"indeed":[101],"can":[102],"expressed":[104],"thresholds.":[106]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}