Constructing a multilayered boundary to defend against intrusive anomalies

Zonghua Zhang, Hong Shen

Research output: Contribution to journalArticlepeer-review

Abstract

We propose a model for constructing a multilayered boundary in an information system to defend against intrusive anomalies by correlating a number of parametric anomaly detectors. The model formulation is based on two observations. First, anomaly detectors differ in their detection coverage or blind spots. Second, operating environments of the anomaly detectors reveal different information about system anomalies. The correlation among observation-specific anomaly detectors is first formulated as a Partially Observable Markov Decision Process, and then a policy-gradient reinforcement learning algorithm is developed for an optimal cooperation search, with the practical objectives being broader overall detection coverage and fewer false alerts. A host-based experimental scenario is developed to illustrate the principle of the model and to demonstrate its performance.

Original languageEnglish
Pages (from-to)490-499
Number of pages10
JournalIEICE Transactions on Information and Systems
VolumeE90-D
Issue number2
DOIs
Publication statusPublished - Feb 2007
Externally publishedYes

Keywords

  • Anomaly detection
  • Information security
  • Intrusion detection
  • POMDP

Fingerprint

Dive into the research topics of 'Constructing a multilayered boundary to defend against intrusive anomalies'. Together they form a unique fingerprint.

Cite this