Dynamic Intrusion Detection in Resource-Constrained Cyber Networks
Keqin Liu, Qing Zhao
TL;DR
This paper develops a low-complexity, index-based scheduling policy for detecting intrusions in large-scale resource-constrained cyber networks, effectively minimizing long-term costs and applicable to similar queuing systems.
Contribution
It derives a closed-form Whittle index for a class of restless bandit problems in intrusion detection, enabling efficient and optimal scheduling without prior process knowledge.
Findings
Whittle index exists and is computable in closed form.
The policy is optimal over finite horizons for homogeneous components.
The approach applies to queuing networks with finite buffers.
Abstract
We consider a large-scale cyber network with N components (e.g., paths, servers, subnets). Each component is either in a healthy state (0) or an abnormal state (1). Due to random intrusions, the state of each component transits from 0 to 1 over time according to certain stochastic process. At each time, a subset of K (K < N) components are checked and those observed in abnormal states are fixed. The objective is to design the optimal scheduling for intrusion detection such that the long-term network cost incurred by all abnormal components is minimized. We formulate the problem as a special class of Restless Multi-Armed Bandit (RMAB) process. A general RMAB suffers from the curse of dimensionality (PSPACE-hard) and numerical methods are often inapplicable. We show that, for this class of RMAB, Whittle index exists and can be obtained in closed form, leading to a low-complexity…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Bandit Algorithms Research · Age of Information Optimization · Cognitive Radio Networks and Spectrum Sensing