Title :
A hierarchical and factored POMDP based automated intrusion response framework
Author :
Zan, Xin ; Gao, Feng ; Han, Jiuqiang ; Liu, Xiaoyong ; Zhou, Jiaping
Author_Institution :
Dept. of Autom., Xi´´an Jiaotong Univ., Xi´´an, China
Abstract :
In this paper, we formulate intrusion response problem as a factored Partially Observed Markov Decision Process (POMDP) model. Furthermore, a hierarchical planning algorithm is presented to decompose overall POMDP into some small sub-POMDPs and compute global optimal response policy according to MLS heuristic criterion. Meanwhile, reachable attack intention is defined and used to identify false alerts and compress belief state space. Finally, some experiments were performed to compare proposed algorithm with previous approaches and the results show that our approach have a good performance in response accuracy to different attack scenarios and robustness against false alerts.
Keywords :
Markov processes; security of data; MLS heuristic criterion; POMDP model; automated intrusion response framework; belief state space; factored POMDP; false alerts; global optimal response policy; hierarchical POMDP; hierarchical planning algorithm; partially observed Markov decision process; reachable attack intention; Computers; Fires; Monitoring; Real time systems; POMDP; automated intrusion response; component; cost function alaysis; hierarchical decomposition;
Conference_Titel :
Software Technology and Engineering (ICSTE), 2010 2nd International Conference on
Conference_Location :
San Juan, PR
Print_ISBN :
978-1-4244-8667-0
Electronic_ISBN :
978-1-4244-8666-3
DOI :
10.1109/ICSTE.2010.5608747
