Accession Number

ADA581703

Title

Optimal Index Policies for Quickest Localization of Anomaly in Resource Constrained Cyber Networks.

Publication Date

2013

Media Count

16p

Personal Author

A. Swami K. Cohen Q. Zhao

Abstract

We consider the problem of quickest localization of anomaly in a resourceconstrained cyber network consisting of multiple components. Due to resource constraints, only one component can be probed at a time. The observations are random realizations drawn from two different distributions depending on whether the component is normal or anomalous. Components are assigned priorities. Components with higher priorities in an abnormal state should be fixed before components with lower priorities to reduce the overall damage to the network. We formulate the problem as a prioritybased constrained optimization problem. The objective is to minimize the expected weighted sum of completion times of abnormal components subject to error probability constraints. We then propose a twostage optimization formulation to solve the problem. First, we consider the independent model, in which each component is abnormal independent of other components. Next, we consider the exclusive model, in which only one component is abnormal. We develop optimal index policies under both models. Optimal lowcomplexity algorithms are derived for the simple hypotheses case, in which the distribution is completely known under both hypotheses. Asymptotically (as the error probability approaches zero) optimal lowcomplexity algorithms are derived for the composite hypotheses case, where there is uncertainty in the distribution parameters. Simulation results demonstrate the performance of the algorithms.

Keywords

Algorithms Anomalies Anomaly detection Anomaly localization Computer networks Computerized simulation Constrained optimization problems Hypotheses Intrusion detection systems Intrusion detection(Computers) Lowcomplexity algorithms Maximum likelihood estimation Optimal index policies Optimization Policies Probability Problem solving Quick reaction Resourceconstrained cyber networks Salrt(Sequential adaptive likelihood ratio test) Sequential detection theory Sequential hypothesis testing Sglrt(Sequential generalized likelihood ratio test) Sprt(Sequential probability ratio test) Statistical analysis Uncertainty


Source Agency

Non Paid ADAS

NTIS Subject Category

72F  Statistical Analysis 62D  Information Processing Standards

Corporate Author

California Univ., Davis. Dept. of Electrical and Computer Engineering.

Document Type

Technical report

Title Note

Research paper.

NTIS Issue Number

1325

Contract Number

W911NF1120086
