Title :
Dynamic intrusion detection in resource-constrained cyber networks
Author :
Liu, Keqin ; Zhao, Qing
Author_Institution :
Electr. & Comput. Eng., Univ. of California, Davis, CA, USA
Abstract :
We consider a large-scale cyber network with N components. Each component is either in a healthy state (0) or an abnormal state (1). Due to intrusions, the state of each component transits from 0 to 1 over time according to an arbitrary stochastic process. At each time, a subset of K (K <; N) components are probed and those observed in abnormal states are fixed. The objective is to design a dynamic probing strategy that minimizes the long-term network cost incurred at all abnormal components. We formulate the problem as a Restless Multi-Armed Bandit (RMAB) process. We show that this class of RMAB is indexable and Whittle index can be obtained in closed-form. For homogeneous networks, we show that Whittle index policy achieves the optimal performance with a simple structure that does not require any prior knowledge on the intrusion processes.
Keywords :
security of data; stochastic processes; N components; RMAB process; Whittle index policy; arbitrary stochastic process; dynamic intrusion detection; dynamic probing strategy; large-scale cyber network; resource-constrained cyber networks; restless multiarmed bandit process; Complexity theory; Dynamic scheduling; Equations; Indexes; Intrusion detection; Probes; Stochastic processes;
Conference_Titel :
Information Theory Proceedings (ISIT), 2012 IEEE International Symposium on
Conference_Location :
Cambridge, MA
Print_ISBN :
978-1-4673-2580-6
Electronic_ISBN :
2157-8095
DOI :
10.1109/ISIT.2012.6284708
