Don’t bury your head in warnings: A game-theoretic approach for intelligent allocation of cyber-security alerts
In recent years, there have been a number of successful cyber attacks on enterprise networks by malicious actors which have caused severe damage. These networks have Intrusion Detection and Prevention Systems in place to protect them, but they are notorious for producing a high volume of alerts. The...
Saved in:
| Main Authors: | , , , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2017
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/4666 https://ink.library.smu.edu.sg/context/sis_research/article/5669/viewcontent/IJCAI17_CameraReady_1_.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-5669 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-56692020-01-02T07:04:46Z Don’t bury your head in warnings: A game-theoretic approach for intelligent allocation of cyber-security alerts SCHLENKER, Aaron XU, Haifeng GUIRGUIS, Mina KIEKINTVELD, Christopher SINHA, Arunesh TAMBE, Milind SONYA, Solomon BALDERAS, Darryl DUNSTATTER, Noah In recent years, there have been a number of successful cyber attacks on enterprise networks by malicious actors which have caused severe damage. These networks have Intrusion Detection and Prevention Systems in place to protect them, but they are notorious for producing a high volume of alerts. These alerts must be investigated by cyber analysts to determine whether they are an attack or benign. Unfortunately, there are magnitude more alerts generated than there are cyber analysts to investigate them. This trend is expected to continue into the future creating a need for tools which find optimal assignments of the incoming alerts to analysts in the presence of a strategic adversary. We address this challenge with the four following contributions: (1) a cyber screening game (CSG) model for the cyber network protection domain, (2) an NP-hardness proof for computing the optimal strategy for the defender, (3) an algorithm that finds the optimal allocation of experts to alerts in the CSG, and (4) heuristic improvements for computing allocations in CSGs that accomplishes significant scale-up which we show empirically to closely match the solution quality of the optimal algorithm. 2017-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4666 info:doi/10.24963/ijcai.2017/54 https://ink.library.smu.edu.sg/context/sis_research/article/5669/viewcontent/IJCAI17_CameraReady_1_.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Databases and Information Systems |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Databases and Information Systems |
| spellingShingle |
Databases and Information Systems SCHLENKER, Aaron XU, Haifeng GUIRGUIS, Mina KIEKINTVELD, Christopher SINHA, Arunesh TAMBE, Milind SONYA, Solomon BALDERAS, Darryl DUNSTATTER, Noah Don’t bury your head in warnings: A game-theoretic approach for intelligent allocation of cyber-security alerts |
| description |
In recent years, there have been a number of successful cyber attacks on enterprise networks by malicious actors which have caused severe damage. These networks have Intrusion Detection and Prevention Systems in place to protect them, but they are notorious for producing a high volume of alerts. These alerts must be investigated by cyber analysts to determine whether they are an attack or benign. Unfortunately, there are magnitude more alerts generated than there are cyber analysts to investigate them. This trend is expected to continue into the future creating a need for tools which find optimal assignments of the incoming alerts to analysts in the presence of a strategic adversary. We address this challenge with the four following contributions: (1) a cyber screening game (CSG) model for the cyber network protection domain, (2) an NP-hardness proof for computing the optimal strategy for the defender, (3) an algorithm that finds the optimal allocation of experts to alerts in the CSG, and (4) heuristic improvements for computing allocations in CSGs that accomplishes significant scale-up which we show empirically to closely match the solution quality of the optimal algorithm. |
| format |
text |
| author |
SCHLENKER, Aaron XU, Haifeng GUIRGUIS, Mina KIEKINTVELD, Christopher SINHA, Arunesh TAMBE, Milind SONYA, Solomon BALDERAS, Darryl DUNSTATTER, Noah |
| author_facet |
SCHLENKER, Aaron XU, Haifeng GUIRGUIS, Mina KIEKINTVELD, Christopher SINHA, Arunesh TAMBE, Milind SONYA, Solomon BALDERAS, Darryl DUNSTATTER, Noah |
| author_sort |
SCHLENKER, Aaron |
| title |
Don’t bury your head in warnings: A game-theoretic approach for intelligent allocation of cyber-security alerts |
| title_short |
Don’t bury your head in warnings: A game-theoretic approach for intelligent allocation of cyber-security alerts |
| title_full |
Don’t bury your head in warnings: A game-theoretic approach for intelligent allocation of cyber-security alerts |
| title_fullStr |
Don’t bury your head in warnings: A game-theoretic approach for intelligent allocation of cyber-security alerts |
| title_full_unstemmed |
Don’t bury your head in warnings: A game-theoretic approach for intelligent allocation of cyber-security alerts |
| title_sort |
don’t bury your head in warnings: a game-theoretic approach for intelligent allocation of cyber-security alerts |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2017 |
| url |
https://ink.library.smu.edu.sg/sis_research/4666 https://ink.library.smu.edu.sg/context/sis_research/article/5669/viewcontent/IJCAI17_CameraReady_1_.pdf |
| _version_ |
1770574957997195264 |