TY - GEN
T1 - Game Theory with Learning for Cyber Security Monitoring
AU - Chung, Keywhan
AU - Kamhoua, Charles A.
AU - Kwiat, Kevin A.
AU - Kalbarczyk, Zbigniew T.
AU - Iyer, Ravishankar K.
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/3/1
Y1 - 2016/3/1
N2 - Recent attacks show that threats to cyber infrastructureare not only increasing in volume, but are getting moresophisticated. The attacks may comprise multiple actions that arehard to differentiate from benign activity, and therefore commondetection techniques have to deal with high false positive rates. Because of the imperfect performance of automated detectiontechniques, responses to such attacks are highly dependent onhuman-driven decision-making processes. While game theory hasbeen applied to many problems that require rational decisionmaking, we find limitation on applying such method on securitygames when the defender has limited information about theopponent's strategies and payoffs. In this work, we propose Q-Learning to react automatically to the adversarial behavior ofa suspicious user to secure the system. This work comparesvariations of Q-Learning with a traditional stochastic game. Simulation results show the possibility of Naive Q-Learning, despite restricted information on opponents.
AB - Recent attacks show that threats to cyber infrastructureare not only increasing in volume, but are getting moresophisticated. The attacks may comprise multiple actions that arehard to differentiate from benign activity, and therefore commondetection techniques have to deal with high false positive rates. Because of the imperfect performance of automated detectiontechniques, responses to such attacks are highly dependent onhuman-driven decision-making processes. While game theory hasbeen applied to many problems that require rational decisionmaking, we find limitation on applying such method on securitygames when the defender has limited information about theopponent's strategies and payoffs. In this work, we propose Q-Learning to react automatically to the adversarial behavior ofa suspicious user to secure the system. This work comparesvariations of Q-Learning with a traditional stochastic game. Simulation results show the possibility of Naive Q-Learning, despite restricted information on opponents.
UR - http://www.scopus.com/inward/record.url?scp=84962889632&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84962889632&partnerID=8YFLogxK
U2 - 10.1109/HASE.2016.48
DO - 10.1109/HASE.2016.48
M3 - Conference contribution
AN - SCOPUS:84962889632
T3 - Proceedings of IEEE International Symposium on High Assurance Systems Engineering
SP - 1
EP - 8
BT - Proceedings - 17th IEEE International Symposium on High Assurance Systems Engineering, HASE 2016
A2 - Babiceanu, Radu
A2 - Waeselynck, Helene
A2 - Xu, Jie
A2 - Paul, Raymond A.
A2 - Cukic, Bojan
PB - IEEE Computer Society
T2 - 17th IEEE International Symposium on High Assurance Systems Engineering, HASE 2016
Y2 - 7 January 2016 through 9 January 2016
ER -