Dynamic probing for intrusion detection under resource constraints

Keqin Liu, Qing Zhao, Ananthram Swami

Research output: Chapter in Book or Report/Conference proceedingConference Proceedingpeer-review

3 Citations (Scopus)

Abstract

We consider a large-scale cyber network with N components. Each component is either in a healthy state or an abnormal state. To model scenarios where attacks to the network may not follow a stochastic process and the attackers may adapt to the actions of the intrusion detection system (IDS) in an arbitrary and unknown way, we adopt a non-stochastic model in which the attack process at each component can be any unknown deterministic sequence. Due to resource constraints, the IDS can only choose K (K < N) components to probe at each time. An abnormal component incurs a cost per unit time (depending on the criticality of the component) until it is probed and fixed. The objective is a dynamic probing strategy under the performance measure of regret, defined as the performance loss compared to that of a genie who knows the entire attack processes a priori and probes optimally (under certain constraints) based on this knowledge. We propose a policy that achieves sublinear regret order, thus offers the same time averaged performance as that of the omniscient genie.

Original languageEnglish
Title of host publication2013 IEEE International Conference on Communications, ICC 2013
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1980-1984
Number of pages5
ISBN (Print)9781467331227
DOIs
Publication statusPublished - 2013
Event2013 IEEE International Conference on Communications, ICC 2013 - Budapest, Hungary
Duration: 9 Jun 201313 Jun 2013

Publication series

NameIEEE International Conference on Communications
ISSN (Print)1550-3607

Conference

Conference2013 IEEE International Conference on Communications, ICC 2013
Country/TerritoryHungary
CityBudapest
Period9/06/1313/06/13

Keywords

  • dynamic probing
  • Intrusion detection
  • non-stochastic multi-armed bandit
  • regret

Fingerprint

Dive into the research topics of 'Dynamic probing for intrusion detection under resource constraints'. Together they form a unique fingerprint.

Cite this