An adaptive Markov strategy for effective network intrusion detection

An adaptive Markov strategy for effective network intrusion detection

Network monitoring is an important way to ensure the security of hosts from being attacked by malicious attackers. One challenging problem for network operators is how to distribute the limited monitoring resources (e.g., intrusion detectors) among the network to detect attacks effectively, especial...

Full description

Saved in:
Bibliographic Details
Main Authors: HAO, Jianye, XUE, Yinxing, CHANDRAMOHAN, Mahinthan, LIU, Yang, SUN, Jun
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2015
Subjects:
Artificial Intelligence and Robotics
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/4952
https://ink.library.smu.edu.sg/context/sis_research/article/5955/viewcontent/ictai15.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-5955
record_format dspace
spelling sg-smu-ink.sis_research-59552020-02-27T03:18:55Z An adaptive Markov strategy for effective network intrusion detection HAO, Jianye XUE, Yinxing CHANDRAMOHAN, Mahinthan LIU, Yang SUN, Jun Network monitoring is an important way to ensure the security of hosts from being attacked by malicious attackers. One challenging problem for network operators is how to distribute the limited monitoring resources (e.g., intrusion detectors) among the network to detect attacks effectively, especially when the attacking strategies can be changing dynamically and unpredictable. To this end, we adopt Markov game to model the interactions between the network operator and the attacker and propose an adaptive Markov strategy (AMS) to determine how the detectors should be placed on the network against possible attacks to minimize the network’s accumulated cost over time. The AMS is guaranteed to converge to the best response strategy when the attacker’s strategy is fixed (rationality), converge to a fixed strategy under self-play (convergence) and obtain a payoff no less than that under the precomputed Nash equilibrium strategy of the Markov game (safety). The experimental results show that the AMS can achieve better protection for the network compared with both previous approaches based on the prediction of attack paths and Nash equilibrium strategy. 2015-11-09T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4952 info:doi/10.1109/ICTAI.2015.154 https://ink.library.smu.edu.sg/context/sis_research/article/5955/viewcontent/ictai15.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Artificial Intelligence and Robotics Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Artificial Intelligence and Robotics
Software Engineering
spellingShingle Artificial Intelligence and Robotics
Software Engineering
HAO, Jianye
XUE, Yinxing
CHANDRAMOHAN, Mahinthan
LIU, Yang
SUN, Jun
An adaptive Markov strategy for effective network intrusion detection
description Network monitoring is an important way to ensure the security of hosts from being attacked by malicious attackers. One challenging problem for network operators is how to distribute the limited monitoring resources (e.g., intrusion detectors) among the network to detect attacks effectively, especially when the attacking strategies can be changing dynamically and unpredictable. To this end, we adopt Markov game to model the interactions between the network operator and the attacker and propose an adaptive Markov strategy (AMS) to determine how the detectors should be placed on the network against possible attacks to minimize the network’s accumulated cost over time. The AMS is guaranteed to converge to the best response strategy when the attacker’s strategy is fixed (rationality), converge to a fixed strategy under self-play (convergence) and obtain a payoff no less than that under the precomputed Nash equilibrium strategy of the Markov game (safety). The experimental results show that the AMS can achieve better protection for the network compared with both previous approaches based on the prediction of attack paths and Nash equilibrium strategy.
format text
author HAO, Jianye
XUE, Yinxing
CHANDRAMOHAN, Mahinthan
LIU, Yang
SUN, Jun
author_facet HAO, Jianye
XUE, Yinxing
CHANDRAMOHAN, Mahinthan
LIU, Yang
SUN, Jun
author_sort HAO, Jianye
title An adaptive Markov strategy for effective network intrusion detection
title_short An adaptive Markov strategy for effective network intrusion detection
title_full An adaptive Markov strategy for effective network intrusion detection
title_fullStr An adaptive Markov strategy for effective network intrusion detection
title_full_unstemmed An adaptive Markov strategy for effective network intrusion detection
title_sort adaptive markov strategy for effective network intrusion detection
publisher Institutional Knowledge at Singapore Management University
publishDate 2015
url https://ink.library.smu.edu.sg/sis_research/4952
https://ink.library.smu.edu.sg/context/sis_research/article/5955/viewcontent/ictai15.pdf
_version_ 1770575156662501376

Similar Items