Intrusion Detection in Resource-Constrained Cyber Networks: A Restless Multi-Armed Bandit Approach
نویسندگان
چکیده
We consider a large-scale cyber network with N components. Each component is either in a healthy state (0) or an abnormal state (1). Due to intrusions, the state of each component transits from 0 to 1 over time according to an arbitrary stochastic process. At each time, a subset of K (K < N) components are probed and those observed in abnormal states are fixed. The objective is to design a dynamic probing strategy that minimizes the long-term network cost incurred at all abnormal components. We formulate the problem as a Restless Multi-Armed Bandit (RMAB) process. We show that this class of RMAB is indexable and Whittle index can be obtained in closedform. For homogeneous networks, we show that Whittle index policy achieves the optimal performance with a simple structure that does not require any prior knowledge on the intrusion processes. These results also apply to scheduling in multi-class queuing networks with single buffers.
منابع مشابه
Bandits for Cybersecurity: Adaptive Intrusion Detection Using Honeypots
Intrusion detection is a fundamental problem in network security, and honeypots are one method for actively detecting malicious activity by using deception to fool attackers into interacting with fake hosts or services. We consider the problem of how to strategically select which configurations of honeypots to use to maximize the detection capability in a network. This problem is complicated by...
متن کاملAuthentication and Intrusion Detection System for Mobile Ad-Hoc Networks
ABSTRACT: Mobile ad-hoc network is an infrastructure less network. Continuous user authentication is an important prevention-based approach to protect the high security mobile ad-hoc networks (MANETs). Also intrusion detection systems (IDS) are also important in MANET to effectively identify malicious activities. Most previous work studies these two classes of issues separately. In this paper, ...
متن کاملOn Optimality of Myopic Policy for Restless Multi-armed Bandit Problem with Non i.i.d. Arms and Imperfect Detection
We consider the channel access problem in a multi-channel opportunistic communication system with imperfect channel sensing, where the state of each channel evolves as a non independent and identically distributed Markov process. This problem can be cast into a restless multi-armed bandit (RMAB) problem that is intractable for its exponential computation complexity. A natural alternative is to ...
متن کاملTime-Constrained Restless Bandits and the Knapsack Problem for Perishable Items
Motivated by a food promotion problem, we introduce the Knapsack Problem for Perishable Items (KPPI) to address a dynamic problem of optimally filling a knapsack with items that disappear randomly. The KPPI naturally bridges the gap and elucidates the relation between the pspace-hard restless bandit problem and the np-hard knapsack problem. Our main result is a problem decomposition method resu...
متن کاملTime-Constrained Restless Bandits and the Knapsack Problem for Perishable Items (Extended Abstract)
Motivated by a food promotion problem, we introduce the Knapsack Problem for Perishable Items (KPPI) to address a dynamic problem of optimally filling a knapsack with items that disappear randomly. The KPPI naturally bridges the gap and elucidates the relation between the pspace-hard restless bandit problem and the np-hard knapsack problem. Our main result is a problem decomposition method resu...
متن کامل