Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

11-2015

Abstract

Network monitoring is an important way to ensure the security of hosts from being attacked by malicious attackers. One challenging problem for network operators is how to distribute the limited monitoring resources (e.g., intrusion detectors) among the network to detect attacks effectively, especially when the attacking strategies can be changing dynamically and unpredictable. To this end, we adopt Markov game to model the interactions between the network operator and the attacker and propose an adaptive Markov strategy (AMS) to determine how the detectors should be placed on the network against possible attacks to minimize the network’s accumulated cost over time. The AMS is guaranteed to converge to the best response strategy when the attacker’s strategy is fixed (rationality), converge to a fixed strategy under self-play (convergence) and obtain a payoff no less than that under the precomputed Nash equilibrium strategy of the Markov game (safety). The experimental results show that the AMS can achieve better protection for the network compared with both previous approaches based on the prediction of attack paths and Nash equilibrium strategy.

Discipline

Artificial Intelligence and Robotics | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

Proceedings of the 27th IEEE International Conference on Tools with Artificial Intelligence (ICTAI), Vietri sul Mare, Italy, 2015 November 9-11

First Page

1085

Last Page

1092

ISBN

1082-3409

Identifier

10.1109/ICTAI.2015.154

Publisher

IEEE

City or Country

Vietri sul Mare, Italy

Additional URL

https://doi.org/10.1109/ICTAI.2015.154

Download

Share

COinS