Spaces:
Sleeping
Sleeping
File size: 1,072 Bytes
ec8c511 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | # Action Space
## Discrete Actions
| ID | Action | Typical Use | Cost Type |
|---|---|---|---|
| 0 | `ALLOW` | pass low-risk traffic | none |
| 1 | `BLOCK` | immediate deny for high-confidence malicious sessions | low |
| 2 | `INSPECT` | collect additional evidence before terminal decision | medium |
| 3 | `SANDBOX` | isolate unknown/high-risk behavior | high |
| 4 | `RATE_LIMIT` | mitigate volumetric or burst anomalies | low-medium |
| 5 | `QUARANTINE` | isolate source identity while preserving observation | medium |
Costs are computed in `reward_engine.py` as latency + compute.
## Decision Pattern
1. If confidence is high and malicious indicators are strong: `BLOCK` / `QUARANTINE`.
2. If confidence is low but suspicious: `INSPECT` then follow-up action.
3. If traffic appears benign and reputation is healthy: `ALLOW`.
4. If volumetric anomaly dominates: `RATE_LIMIT` before hard block.
## RL Compatibility
- `action_space` is `Discrete(6)` in single-session mode.
- Multi-session mode applies the same discrete action per session ID in the action map.
|