Commit 86acbd5f authored by Martin Řepa's avatar Martin Řepa

Making progress in documentation|report

parent 28ad3739
author = "Ignác Mikina",
title = "Král Rožmberka",
journal = "Respekt",
volume = "322",
number = "10",
pages = "891--921",
year = "1905",
DOI = "",
keywords = "physics, medieval"
author = {P. Mockapetris},
title = {domain names - implementation and specification},
......@@ -16,3 +5,19 @@
url = {},
urldate = {1987-11-1}
author = "Branislav Bosansky, Christopher Kiekintveld2, Viliam Lisy et al.",
title = "Double-oracle Algorithm for Computing an Exact NashEquilibrium in Zero-sum Extensive-form Games",
journal = "ifaamas",
year = "2013",
DOI = "",
keywords = "game theory, extensive-form games, exact Nash equilibrium, algo-rithms"
author = "Frans A. Oliehoek, et al.",
title = "GANGs: Generative Adversarial Network Games",
journal = "arxiv",
year = "2017",
DOI = "",
keywords = "GANs; adversarial learning; game theory"
No preview for this file type
% \usepackage[utf8x]{inputenc}
% \usepackage{algorithm}
% \usepackage{algorithmic}
% \usepackage{fancyhdr}
% \usepackage{amssymb}
% \usetikzlibrary{trees}
......@@ -26,6 +26,8 @@
% Setting penalty for breaking line or page after[before] first[last] line of
% paragraph
......@@ -215,11 +217,69 @@ positive constraint to prevent this. Every deffender's strategy must sattisfy
constraint $FP_{rate} \le FP_{constraint}$. Exact definition and calculation see
below \todo{link to it}.
\subsection{Solving the game}
To solve ... Double oracle \todo{add definition}
Each attacker action is a vector $f \in \mathbb{R}^n$ which constists of $n$
features. Each feature is some property of DNS request, but the selection of
features heavily affect the final result. Initially I'm using only 2 features so
the results might be smoothly visualised: entropy and length of the request.
Utility function used in game $G$ depends on the chosen features. In my case
the attacker wants to maximize both of my features, that's why I've used such
\REQUIRE request
\STATE $e \leftarrow 0$
\STATE $occurrence \leftarrow emptyMap$, initival value 0
\FORALL{char in request}
\STATE $occurrence$[char]$ \leftarrow occurrence$[char]$+1$
\FORALL{key, value in $occurrence$}
\STATE $p \leftarrow \dfrac{value}{length(request)}$
\STATE $ e \leftarrow e - (p \cdot \log_2 p)$
Other features of dns request to consider for future development might be bigrams, trigrams, occurrence of unusual letters or number of digits.
\subsection{Solving the game}
To find Nash Equilibrium of the game I use double oracle algorithm \cite{doubleoraclepaper}. Double oracle basicly works in these steps:
\caption{Double oracle}
\STATE $a_{p1} \leftarrow$ \text{array with 1 random player1 action}
\STATE $a_{p2} \leftarrow$ \text{array with neural network classifying all
requests as benign}
\STATE $probs_{p1}, probs_{p2} \leftarrow$ \text{ solve\_game($a_{p1}, a_{p2}$)}
\STATE $best\_response_{p1} \leftarrow$ \text{ best response of player1}
\STATE $best\_response_{p2} \leftarrow$ \text{ best response of player2}
\IF{$best\_response_{p1} \in a_{p1} \textbf{ AND } best\_response_{p2} \in a_{p2}$}
\RETURN $probs_{p1}, probs_{p2}$
\STATE $a_{p1}$\text{.add($best\_response_{p1}$)}
\STATE $a_{p2}$\text{.add($best\_response_{p2}$)}
The algorithm rises next questions - more precisely how to search for best responses,
how to solve the game given the set of possible actions and how to compare 2 neural
networks for equaility.
Given the utility function $u$ and 2 neural networks $nn_1$ and $nn_2$ I say
that these neural networks are similar enough to be seen as equal if and only if
\mid u(a_i, nn_1) - u(a_i, nn_2) \mid < \varepsilon \qquad \forall a_i \in a_{p1}
\qquad \varepsilon \in \mathbb{R}^+
\todo{TODO} talk linear solver and about searching bestresponse (a little data talk)
Speaking about dataset \todo{dataset}
......@@ -230,7 +290,7 @@ school gitlab repository for bachelor thesis in \textit{research\_project} branc
See \url{}.
todo todo{todo}
Other result using for example syntetic data might be found in my reference
implementation in \textit{results} directory.
......@@ -240,8 +300,9 @@ implementation in \textit{results} directory.
\item What needs to be done moree...
\item Cons of my solution (false positives)
\item Reference test \cite{testreference}
\item Reference test
\item use more features
\item find way to find attacker's actions
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment