Visible to the public Game Theory with Learning for Cyber Security MonitoringConflict Detection Enabled

TitleGame Theory with Learning for Cyber Security Monitoring
Publication TypeConference Paper
Year of Publication2016
AuthorsKeywhan Chung, University of Illinois at Urbana-Champaign, Charles A. Kamhoua, Air Force Research Laboratory, Kevin A. Kwiat, Air Force Research Laboratory, Zbigniew Kalbarczyk, University of Illinois at Urbana-Champaign, Ravishankar K. Iyer, University of Illinois at Urbana-Champaign
Conference NameIEEE High Assurance Systems Engineering Symposium (HASE 2016)
Date Published01/2016
PublisherIEEE Computer Society
Conference LocationOrlando, FL
KeywordsData Driven Security Models and Analysis, defense, game theory, Monitoring, NSA SoS Lablets Materials, q-learning, science of security, UIUC

Recent attacks show that threats to cyber infrastructure are not only increasing in volume, but are getting more sophisticated. The attacks may comprise multiple actions that are hard to differentiate from benign activity, and therefore common detection techniques have to deal with high false positive rates. Because of the imperfect performance of automated detection techniques, responses to such attacks are highly dependent on human-driven decision-making processes. While game theory has been applied to many problems that require rational decisionmaking, we find limitation on applying such method on security games. In this work, we propose Q-Learning to react automatically to the adversarial behavior of a suspicious user to secure the system. This work compares variations of Q-Learning with a traditional stochastic game. Simulation results show the possibility of Naive Q-Learning, despite restricted information on opponents.

Citation Keynode-29815

Other available formats:

Game Theory with Learning for Cyber Security Monitoring