Constructing multi-layered boundary to defend against intrusive anomalies: An autonomic detection coordinator

Zonghua Zhang, Hong Shen

研究成果: Paper同行評審

9 引文 斯高帕斯(Scopus)

摘要

An autonomic detection coordinator is developed in this paper, which constructs a multi-layered boundary to defend against host-based intrusive anomalies by correlating several observation-specific anomaly detectors. Two key observations facilitate the model formulation: First, different anomaly detectors have different detection coverage and blind spots; Second, diverse operating environments provide different kinds of information to reveal anomalies. After formulating the cooperation between basic detectors as a partially observable Markov decision process, a policy-gradient reinforcement learning algorithm is applied to search in an optimal cooperation manner, with the objective to achieve broader detection coverage and fewer false alerts. Furthermore, the coordinator's behavior can be adjusted easily by setting a reward signal to meet the diverse demands of changing system situations. A preliminary experiment is implemented, together with some comparative studies, to demonstrate the coordinator's performance in terms of admitted criteria.

原文English
頁面118-127
頁數10
出版狀態Published - 2005
對外發佈
事件2005 International Conference on Dependable Systems and Networks - Yokohama, Japan
持續時間: 28 6月 20051 7月 2005

Conference

Conference2005 International Conference on Dependable Systems and Networks
國家/地區Japan
城市Yokohama
期間28/06/051/07/05

指紋

深入研究「Constructing multi-layered boundary to defend against intrusive anomalies: An autonomic detection coordinator」主題。共同形成了獨特的指紋。

引用此