• DocumentCode
    3396925
  • Title

    A controller-based autonomic defense system

  • Author

    Armstrong, Derek ; Frazier, Gregory ; Carter, Sam ; Frazier, Tiffany

  • Volume
    2
  • fYear
    2003
  • fDate
    22-24 April 2003
  • Firstpage
    21
  • Abstract
    We demonstrate the results of our research into the implementation of a host-based autonomic defense system (ADS) using a partially-observable Markov decision process. The goal of an ADS is to "relexively" respond to an attack, thwarting it to the extent that humans have time to form a tactical response to the attack. A defensive system that automatically responds to an attack must meet two criteria: it must select the correct response in the face of an attack, and it must not take actions to attacks that are not there. This challenge is exacerbated by the fact that, in order to detect never-before-seen attacks, the ADS must use anomaly detectors for its sensor input; anomaly detectors typically have relatively high false positive and false negative rates. Thus, key to an ADS is a controller that can obtain a valid signal from a noisy sensor. The ALPHATECH Lightweight Autonomic Defense System (αLADS) is a prototype ADS constructed around a PO-MDP stochastic controller. The state model allows the controller to filter out the false positives from the anomaly sensor such that authorized processes are not killed and false alerts are not issued. We demonstrate αLADS defending against Internet worms operating in real time.
  • Keywords
    Internet; Markov processes; control engineering computing; security of data; sensors; αLADS; ADS; PO-MDP stochastic controller; TECH Lightweight Autonomic Defense System; anomaly detectors; authorized processes; controller-based autonomic defense system; defensive system; false positives; host-based autonomic defense system; never-before-seen attacks; noisy sensor; partially-observable Markov decision process; real time Internet worms; state model; tactical response; Control systems; Detectors; Face detection; Humans; Information filtering; Information filters; Internet; Lighting control; Prototypes; Stochastic systems;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    DARPA Information Survivability Conference and Exposition, 2003. Proceedings
  • Print_ISBN
    0-7695-1897-4
  • Type

    conf

  • DOI
    10.1109/DISCEX.2003.1194902
  • Filename
    1194902