A hierarchical and factored POMDP based automated intrusion response framework

Author

Zan, Xin ; Gao, Feng ; Han, Jiuqiang ; Liu, Xiaoyong ; Zhou, Jiaping

Author_Institution

Dept. of Autom., Xi´´an Jiaotong Univ., Xi´´an, China

Volume

2

fYear

2010

fDate

3-5 Oct. 2010

Abstract

In this paper, we formulate intrusion response problem as a factored Partially Observed Markov Decision Process (POMDP) model. Furthermore, a hierarchical planning algorithm is presented to decompose overall POMDP into some small sub-POMDPs and compute global optimal response policy according to MLS heuristic criterion. Meanwhile, reachable attack intention is defined and used to identify false alerts and compress belief state space. Finally, some experiments were performed to compare proposed algorithm with previous approaches and the results show that our approach have a good performance in response accuracy to different attack scenarios and robustness against false alerts.

Keywords

Markov processes; security of data; MLS heuristic criterion; POMDP model; automated intrusion response framework; belief state space; factored POMDP; false alerts; global optimal response policy; hierarchical POMDP; hierarchical planning algorithm; partially observed Markov decision process; reachable attack intention; Computers; Fires; Monitoring; Real time systems; POMDP; automated intrusion response; component; cost function alaysis; hierarchical decomposition;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Technology and Engineering (ICSTE), 2010 2nd International Conference on

Conference_Location

San Juan, PR

Print_ISBN

978-1-4244-8667-0

Electronic_ISBN

978-1-4244-8666-3

Type

conf

DOI

10.1109/ICSTE.2010.5608747

Filename

5608747