Abstract

Recent attacks show that threats to cyber infrastructureare not only increasing in volume, but are getting moresophisticated. The attacks may comprise multiple actions that arehard to differentiate from benign activity, and therefore commondetection techniques have to deal with high false positive rates. Because of the imperfect performance of automated detectiontechniques, responses to such attacks are highly dependent onhuman-driven decision-making processes. While game theory hasbeen applied to many problems that require rational decisionmaking, we find limitation on applying such method on securitygames when the defender has limited information about theopponent's strategies and payoffs. In this work, we propose Q-Learning to react automatically to the adversarial behavior ofa suspicious user to secure the system. This work comparesvariations of Q-Learning with a traditional stochastic game. Simulation results show the possibility of Naive Q-Learning, despite restricted information on opponents.

Original languageEnglish (US)
Title of host publicationProceedings - 17th IEEE International Symposium on High Assurance Systems Engineering, HASE 2016
EditorsRadu Babiceanu, Helene Waeselynck, Jie Xu, Raymond A. Paul, Bojan Cukic
PublisherIEEE Computer Society
Pages1-8
Number of pages8
ISBN (Electronic)9781467399128
DOIs
StatePublished - Mar 1 2016
Event17th IEEE International Symposium on High Assurance Systems Engineering, HASE 2016 - Orlando, United States
Duration: Jan 7 2016Jan 9 2016

Publication series

NameProceedings of IEEE International Symposium on High Assurance Systems Engineering
Volume2016-March
ISSN (Print)1530-2059

Other

Other17th IEEE International Symposium on High Assurance Systems Engineering, HASE 2016
Country/TerritoryUnited States
CityOrlando
Period1/7/161/9/16

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Game Theory with Learning for Cyber Security Monitoring'. Together they form a unique fingerprint.

Cite this