Dynamic intrusion detection in resource-constrained cyber networks

Keqin Liu; Qing Zhao

doi:10.1109/ISIT.2012.6284708

Dynamic intrusion detection in resource-constrained cyber networks

Keqin Liu^*, Qing Zhao

^*Corresponding author for this work

Department of Financial and Actuarial Mathematics

Cornell University

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

5 Citations (Scopus)

Abstract

We consider a large-scale cyber network with N components. Each component is either in a healthy state (0) or an abnormal state (1). Due to intrusions, the state of each component transits from 0 to 1 over time according to an arbitrary stochastic process. At each time, a subset of K (K < N) components are probed and those observed in abnormal states are fixed. The objective is to design a dynamic probing strategy that minimizes the long-term network cost incurred at all abnormal components. We formulate the problem as a Restless Multi-Armed Bandit (RMAB) process. We show that this class of RMAB is indexable and Whittle index can be obtained in closed-form. For homogeneous networks, we show that Whittle index policy achieves the optimal performance with a simple structure that does not require any prior knowledge on the intrusion processes.

Original language	English
Title of host publication	2012 IEEE International Symposium on Information Theory Proceedings, ISIT 2012
Pages	970-974
Number of pages	5
DOIs	https://doi.org/10.1109/ISIT.2012.6284708
Publication status	Published - 2012
Event	2012 IEEE International Symposium on Information Theory, ISIT 2012 - Cambridge, MA, United States Duration: 1 Jul 2012 → 6 Jul 2012

Publication series

Name	IEEE International Symposium on Information Theory - Proceedings

Conference

Conference	2012 IEEE International Symposium on Information Theory, ISIT 2012
Country/Territory	United States
City	Cambridge, MA
Period	1/07/12 → 6/07/12

Access to Document

10.1109/ISIT.2012.6284708

Cite this

@inproceedings{3fd55f1a5dd44ec1a47abb1357da1bce,

title = "Dynamic intrusion detection in resource-constrained cyber networks",

abstract = "We consider a large-scale cyber network with N components. Each component is either in a healthy state (0) or an abnormal state (1). Due to intrusions, the state of each component transits from 0 to 1 over time according to an arbitrary stochastic process. At each time, a subset of K (K < N) components are probed and those observed in abnormal states are fixed. The objective is to design a dynamic probing strategy that minimizes the long-term network cost incurred at all abnormal components. We formulate the problem as a Restless Multi-Armed Bandit (RMAB) process. We show that this class of RMAB is indexable and Whittle index can be obtained in closed-form. For homogeneous networks, we show that Whittle index policy achieves the optimal performance with a simple structure that does not require any prior knowledge on the intrusion processes.",

author = "Keqin Liu and Qing Zhao",

year = "2012",

doi = "10.1109/ISIT.2012.6284708",

language = "English",

isbn = "9781467325790",

series = "IEEE International Symposium on Information Theory - Proceedings",

pages = "970--974",

booktitle = "2012 IEEE International Symposium on Information Theory Proceedings, ISIT 2012",

note = "2012 IEEE International Symposium on Information Theory, ISIT 2012 ; Conference date: 01-07-2012 Through 06-07-2012",

}

Liu, K & Zhao, Q 2012, Dynamic intrusion detection in resource-constrained cyber networks. in 2012 IEEE International Symposium on Information Theory Proceedings, ISIT 2012., 6284708, IEEE International Symposium on Information Theory - Proceedings, pp. 970-974, 2012 IEEE International Symposium on Information Theory, ISIT 2012, Cambridge, MA, United States, 1/07/12. https://doi.org/10.1109/ISIT.2012.6284708

Dynamic intrusion detection in resource-constrained cyber networks. / Liu, Keqin; Zhao, Qing.
2012 IEEE International Symposium on Information Theory Proceedings, ISIT 2012. 2012. p. 970-974 6284708 (IEEE International Symposium on Information Theory - Proceedings).

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

TY - GEN

T1 - Dynamic intrusion detection in resource-constrained cyber networks

AU - Liu, Keqin

AU - Zhao, Qing

PY - 2012

Y1 - 2012

N2 - We consider a large-scale cyber network with N components. Each component is either in a healthy state (0) or an abnormal state (1). Due to intrusions, the state of each component transits from 0 to 1 over time according to an arbitrary stochastic process. At each time, a subset of K (K < N) components are probed and those observed in abnormal states are fixed. The objective is to design a dynamic probing strategy that minimizes the long-term network cost incurred at all abnormal components. We formulate the problem as a Restless Multi-Armed Bandit (RMAB) process. We show that this class of RMAB is indexable and Whittle index can be obtained in closed-form. For homogeneous networks, we show that Whittle index policy achieves the optimal performance with a simple structure that does not require any prior knowledge on the intrusion processes.

AB - We consider a large-scale cyber network with N components. Each component is either in a healthy state (0) or an abnormal state (1). Due to intrusions, the state of each component transits from 0 to 1 over time according to an arbitrary stochastic process. At each time, a subset of K (K < N) components are probed and those observed in abnormal states are fixed. The objective is to design a dynamic probing strategy that minimizes the long-term network cost incurred at all abnormal components. We formulate the problem as a Restless Multi-Armed Bandit (RMAB) process. We show that this class of RMAB is indexable and Whittle index can be obtained in closed-form. For homogeneous networks, we show that Whittle index policy achieves the optimal performance with a simple structure that does not require any prior knowledge on the intrusion processes.

UR - http://www.scopus.com/inward/record.url?scp=84867496666&partnerID=8YFLogxK

U2 - 10.1109/ISIT.2012.6284708

DO - 10.1109/ISIT.2012.6284708

M3 - Conference Proceeding

AN - SCOPUS:84867496666

SN - 9781467325790

T3 - IEEE International Symposium on Information Theory - Proceedings

SP - 970

EP - 974

BT - 2012 IEEE International Symposium on Information Theory Proceedings, ISIT 2012

T2 - 2012 IEEE International Symposium on Information Theory, ISIT 2012

Y2 - 1 July 2012 through 6 July 2012

ER -

Dynamic intrusion detection in resource-constrained cyber networks

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this