We are currently experiencing intermittent issues impacting performance. We apologize for the inconvenience.
By Topic

Intrusion detection in IT networks with limited observations

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Bommannavar, P. ; Manage. Sci. & Eng., Stanford Univ., Stanford, CA, USA ; Bambos, N.

In this paper we consider the problem of quickest alarm intrusion detection for a computer network in a probabilistic setting where the number of opportunities to make observations on the status of a potential intruder is budgeted. Specifically, we model the activity of an intruder with a Markov chain of finite state space, corresponding to logical or physical states in a network, and suppose there is a state b which we would not like the intruder to enter. The intruder, on the other hand, would like to enter this sensitive part of the network and wants to spend as much time there as possible. The state of the intruder evolves in discrete time; also there are a limited number of opportunities for the security system to make state observations over the finite horizon of the problem. This model can be used to capture the essence of intrusion detection in a variety of situations such as hackers in a network or physical intruders in a spatial area where there is a constraint on the number of observations one may make due to power limitations. We develop an optimal policy for dynamically scheduling observations to minimize the amount of time that the intruder spends in b without being discovered.

Published in:

Computing, Networking and Communications (ICNC), 2012 International Conference on

Date of Conference:

Jan. 30 2012-Feb. 2 2012