论文信息 - Autonomic defense: Thwarting automated attacks via real-time feedback control

Autonomic defense: Thwarting automated attacks via real-time feedback control

A critical threat to organizations, and the Internet itself, is a class of automated network attacks referred to as Internet worms. This article examines the use of mathematical models and optimization algorithms--specifically a partially-observable Markov decision process (PO-MDP) based feedback control system--as the basis for implementing an autonomic defense system (ADS) that can protect organizations against Internet worms. The PO-MDP ADS introduced in this article is capable of detecting and responding to worms in real time. Furthermore, the PO-MDP ADS can ameliorate the rate of incorrect control decisions that would normally occur in the presence of sensor false alarms.

Gregory L. Frazier | Tiffany M. Frazier | Sam Carter | Derek Armstrong

[1] Vern Paxson,et al. How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[2] Nong Ye,et al. Statistical process control for computer intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[3] Stefan Axelsson,et al. The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.

[4] Nong Ye,et al. A process control approach to cyber attack detection , 2001, Commun. ACM.

[5] Cannady,et al. New Methods of Intrusion Detection Using Control-Loop Measurement , 1996 .

[6] O. Patrick Kreidl,et al. Feedback control applied to survivability: a host-based autonomic defense system , 2004, IEEE Transactions on Reliability.

[7] William L. Fithen,et al. State of the Practice of Intrusion Detection Technologies , 2000 .