An optimal control approach to malware filtering

We study and develop an optimal control theoretic approach to malware filtering in the context of network security. We investigate the malware filtering problem by capturing the tradeoff between increased security on one hand and continued usability of the network on the other. We analyze the problem using a linear control system model with a quadratic cost structure and develop algorithms based on Hinfin-optimal control theory. A dynamic feedback filter is derived and shown to be an improvement over various heuristic approaches to malware filtering via numerical analysis. The results obtained are verified and demonstrated with packet level simulations on the Ns-2 network simulator.

[1]  Mitch Tulloch,et al.  Microsoft Encyclopedia of Security , 2003 .

[2]  Scott Hazelhurst,et al.  A Proposal for Dynamic Access Lists for TCP/IP Packet Filering , 2001, ArXiv.

[3]  W. Gong,et al.  A Firewall Network System for Worm Defense in Enterprise Networks , 2004 .

[4]  T. Basar,et al.  Intrusion Response as a Resource Allocation Problem , 2006, Proceedings of the 45th IEEE Conference on Decision and Control.

[5]  T. Başar,et al.  An Intrusion Detection Game with Limited Observations , 2005 .

[6]  Ram Dantu,et al.  Dynamic control of worm propagation , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[7]  Thomas M. Chen,et al.  Effectiveness of Quarantine in Worm Epidemics , 2006, 2006 IEEE International Conference on Communications.

[8]  T. Basar,et al.  H∞-0ptimal Control and Related Minimax Design Problems: A Dynamic Game Approach , 1996, IEEE Trans. Autom. Control..

[9]  Stefan Axelsson,et al.  The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.

[10]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).