Optimal Index Policies for Anomaly Localization in Resource-Constrained Cyber Systems
Kobi Cohen, Qing Zhao, Ananthram Swami
TL;DR
This paper develops optimal index policies for efficiently localizing anomalies in resource-constrained cyber systems, minimizing costs while considering different models of anomaly occurrence and allowing for simultaneous probing.
Contribution
It introduces and analyzes optimal simple index policies for anomaly localization under both independent and exclusive models, applicable to broader scenarios with multiple simultaneous probes.
Findings
Proposed index policies are optimal under specified models.
Policies perform well in simulations with multiple simultaneous probes.
Applicable to spectrum scanning and event detection in sensor networks.
Abstract
The problem of anomaly localization in a resource-constrained cyber system is considered. Each anomalous component of the system incurs a cost per unit time until its anomaly is identified and fixed. Different anomalous components may incur different costs depending on their criticality to the system. Due to resource constraints, only one component can be probed at each given time. The observations from a probed component are realizations drawn from two different distributions depending on whether the component is normal or anomalous. The objective is a probing strategy that minimizes the total expected cost, incurred by all the components during the detection process, under reliability constraints. We consider both independent and exclusive models. In the former, each component can be abnormal with a certain probability independent of other components. In the latter, one and only one…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.