[Bug]: GlobalDefender never detects ActionType.BlockIP. #471
Description
Bug Description
In netsecgame/game/global_defender.py, BlockIP has a default detection probability and a TW ratio threshold, but stochastic_with_threshold only runs detection logic for action types listed in _TW_CONSECUTIVE_TYPE_THRESHOLD or _EPISODE_REPEATED_ACTION_THRESHOLD. BlockIP is in neither list, so the function always falls through to return False for BlockIP. This lets any agent repeatedly issue BlockIP actions (including attackers) with zero chance of detection, effectively disabling the GlobalDefender for a high‑impact action.
Steps to Reproduce
Steps to Reproduce:
- Open
netsecgame/game/global_defender.pyand note ActionType.BlockIP is present in_DEFAULT_DETECTION_PROBSand_TW_TYPE_RATIOS_THRESHOLDbut missing from_TW_CONSECUTIVE_TYPE_THRESHOLDand_EPISODE_REPEATED_ACTION_THRESHOLD. - Run the following in a Python REPL from the repo root:
from netsecgame.game.global_defender import GlobalDefender from netsecgame.game_components import Action, ActionType, IP defender = GlobalDefender() action = Action(ActionType.BlockIP, { "source_host": IP("10.0.0.1"), "target_host": IP("10.0.0.1"), "blocked_host": IP("10.0.0.2"), }) episode_actions = [action.as_dict] * 10 print(defender.stochastic_with_threshold(action, episode_actions, tw_size=5))
Expected Behavior
Expected Behavior:
BlockIP should trigger stochastic detection when its TW ratio (and/or a defined threshold for repeated/consecutive actions) is exceeded, similar to other action types. At minimum, BlockIP should not be hard‑coded to “never detect” when it already has configured detection probabilities and thresholds.
Version
Version: 1.1
Installation / Deployment Method
Running locally from source