Strategic Games and Zero Shot Attacks on Heavy-Hitter Network Flow Monitoring
Francesco Da Dalt
Network and Distributed System Security (NDSS) Symposium 2026 · Day 3 · Web Security
This research applies **game-theoretic reinforcement learning** to the problem of configuring network flow monitoring systems against adaptive adversaries. The core insight is that both defenders (configuring heavy-hitter detectors) and attackers (crafting evasion traffic) face a dependency loop: the optimal defense depends on the attack, and the optimal attack depends on the defense. Rather than relying on heuristics or historical data, the researchers use **adversarial co-training** to find robust configurations that approximate Nash equilibria.
AI review
A clean application of game theory and reinforcement learning to network flow monitoring that produces genuinely useful offensive and defensive results. The zero-shot attack transfer -- training against a neural proxy and successfully evading 8/9 unseen detection algorithms -- is the standout finding. The co-training convergence to Nash equilibrium is mathematically grounded, and the 2.2x exploitability reduction from parameter tuning alone is practically valuable.