Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

8-2017

Abstract

In recent years, there have been a number of successful cyber attacks on enterprise networks by malicious actors which have caused severe damage. These networks have Intrusion Detection and Prevention Systems in place to protect them, but they are notorious for producing a high volume of alerts. These alerts must be investigated by cyber analysts to determine whether they are an attack or benign. Unfortunately, there are magnitude more alerts generated than there are cyber analysts to investigate them. This trend is expected to continue into the future creating a need for tools which find optimal assignments of the incoming alerts to analysts in the presence of a strategic adversary. We address this challenge with the four following contributions: (1) a cyber screening game (CSG) model for the cyber network protection domain, (2) an NP-hardness proof for computing the optimal strategy for the defender, (3) an algorithm that finds the optimal allocation of experts to alerts in the CSG, and (4) heuristic improvements for computing allocations in CSGs that accomplishes significant scale-up which we show empirically to closely match the solution quality of the optimal algorithm.

Discipline

Databases and Information Systems

Research Areas

Data Science and Engineering

Publication

Proceedings of 26th International Joint Conference on Artificial Intelligence (IJCAI)

Identifier

10.24963/ijcai.2017/54

City or Country

Melbourne, Australia

Additional URL

https://doi.org/10.24963/ijcai.2017/54

Download

Share

COinS