Active perception for cyber intrusion detection and defense

Robert P. Goldman; Mark Burstein; J. Benton; Ugur Kuter; Joseph Mueller; Paul Robertson; Dan Cerys; Andreas Hoffman; Rusty Bobrow

doi:10.1109/SASOW.2015.20

Active perception for cyber intrusion detection and defense

Robert P. Goldman, Mark Burstein, J. Benton, Ugur Kuter, Joseph Mueller, Paul Robertson, Dan Cerys, Andreas Hoffman, Rusty Bobrow

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Scopus citations

Abstract

This paper describes an automated process of active perception for cyber defense. Our approach is informed by theoretical ideas from decision theory and recent research results in neuroscience. Our cognitive agent allocates computational and sensing resources to (approximately) optimize its Value of Information. To do this, it draws on models to direct sensors towards phenomena of greatest interest to inform decisions about cyber defense actions. By identifying critical network assets, the organization's mission measures interest (and value of information). This model enables the system to follow leads from inexpensive, inaccurate alerts with targeted use of expensive, accurate sensors. This allows the deployment of sensors to build structured interpretations of situations. From these, an organization can meet mission-centered decision-making requirements with calibrated responses proportional to the likelihood of true detection and degree of threat.

Original language	English (US)
Title of host publication	Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	92-101
Number of pages	10
ISBN (Electronic)	9781467384391
DOIs	https://doi.org/10.1109/SASOW.2015.20
State	Published - Oct 23 2015
Externally published	Yes
Event	IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015 - Cambridge, United States Duration: Sep 21 2015 → Sep 25 2015

Publication series

Name	Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015

Conference

Conference	IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015
Country/Territory	United States
City	Cambridge
Period	9/21/15 → 9/25/15

Bibliographical note

Publisher Copyright:
© 2015 IEEE.

Keywords

IDS correlation
active perception
cyber defense
intrusion detection

Publisher link

10.1109/SASOW.2015.20

Find It

Find It at U of M Libraries

Cite this

Goldman, R. P., Burstein, M., Benton, J., Kuter, U., Mueller, J., Robertson, P., Cerys, D., Hoffman, A., & Bobrow, R. (2015). Active perception for cyber intrusion detection and defense. In Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015 (pp. 92-101). Article 7306563 (Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SASOW.2015.20

Active perception for cyber intrusion detection and defense. / Goldman, Robert P.; Burstein, Mark; Benton, J. et al.
Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015. Institute of Electrical and Electronics Engineers Inc., 2015. p. 92-101 7306563 (Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Goldman, RP, Burstein, M, Benton, J, Kuter, U, Mueller, J, Robertson, P, Cerys, D, Hoffman, A & Bobrow, R 2015, Active perception for cyber intrusion detection and defense. in Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015., 7306563, Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015, Institute of Electrical and Electronics Engineers Inc., pp. 92-101, IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015, Cambridge, United States, 9/21/15. https://doi.org/10.1109/SASOW.2015.20

Goldman RP, Burstein M, Benton J, Kuter U, Mueller J, Robertson P et al. Active perception for cyber intrusion detection and defense. In Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015. Institute of Electrical and Electronics Engineers Inc. 2015. p. 92-101. 7306563. (Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015). doi: 10.1109/SASOW.2015.20

Goldman, Robert P. ; Burstein, Mark ; Benton, J. et al. / Active perception for cyber intrusion detection and defense. Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 92-101 (Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015).

@inproceedings{7a823c3e77724fe9b6accc4b1c670982,

title = "Active perception for cyber intrusion detection and defense",

abstract = "This paper describes an automated process of active perception for cyber defense. Our approach is informed by theoretical ideas from decision theory and recent research results in neuroscience. Our cognitive agent allocates computational and sensing resources to (approximately) optimize its Value of Information. To do this, it draws on models to direct sensors towards phenomena of greatest interest to inform decisions about cyber defense actions. By identifying critical network assets, the organization's mission measures interest (and value of information). This model enables the system to follow leads from inexpensive, inaccurate alerts with targeted use of expensive, accurate sensors. This allows the deployment of sensors to build structured interpretations of situations. From these, an organization can meet mission-centered decision-making requirements with calibrated responses proportional to the likelihood of true detection and degree of threat.",

keywords = "IDS correlation, active perception, cyber defense, intrusion detection",

author = "Goldman, {Robert P.} and Mark Burstein and J. Benton and Ugur Kuter and Joseph Mueller and Paul Robertson and Dan Cerys and Andreas Hoffman and Rusty Bobrow",

note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015 ; Conference date: 21-09-2015 Through 25-09-2015",

year = "2015",

month = oct,

day = "23",

doi = "10.1109/SASOW.2015.20",

language = "English (US)",

series = "Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "92--101",

booktitle = "Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015",

}

TY - GEN

T1 - Active perception for cyber intrusion detection and defense

AU - Goldman, Robert P.

AU - Burstein, Mark

AU - Benton, J.

AU - Kuter, Ugur

AU - Mueller, Joseph

AU - Robertson, Paul

AU - Cerys, Dan

AU - Hoffman, Andreas

AU - Bobrow, Rusty

PY - 2015/10/23

Y1 - 2015/10/23

N2 - This paper describes an automated process of active perception for cyber defense. Our approach is informed by theoretical ideas from decision theory and recent research results in neuroscience. Our cognitive agent allocates computational and sensing resources to (approximately) optimize its Value of Information. To do this, it draws on models to direct sensors towards phenomena of greatest interest to inform decisions about cyber defense actions. By identifying critical network assets, the organization's mission measures interest (and value of information). This model enables the system to follow leads from inexpensive, inaccurate alerts with targeted use of expensive, accurate sensors. This allows the deployment of sensors to build structured interpretations of situations. From these, an organization can meet mission-centered decision-making requirements with calibrated responses proportional to the likelihood of true detection and degree of threat.

AB - This paper describes an automated process of active perception for cyber defense. Our approach is informed by theoretical ideas from decision theory and recent research results in neuroscience. Our cognitive agent allocates computational and sensing resources to (approximately) optimize its Value of Information. To do this, it draws on models to direct sensors towards phenomena of greatest interest to inform decisions about cyber defense actions. By identifying critical network assets, the organization's mission measures interest (and value of information). This model enables the system to follow leads from inexpensive, inaccurate alerts with targeted use of expensive, accurate sensors. This allows the deployment of sensors to build structured interpretations of situations. From these, an organization can meet mission-centered decision-making requirements with calibrated responses proportional to the likelihood of true detection and degree of threat.

KW - IDS correlation

KW - active perception

KW - cyber defense

KW - intrusion detection

UR - http://www.scopus.com/inward/record.url?scp=84962197748&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84962197748&partnerID=8YFLogxK

U2 - 10.1109/SASOW.2015.20

DO - 10.1109/SASOW.2015.20

M3 - Conference contribution

AN - SCOPUS:84962197748

T3 - Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015

SP - 92

EP - 101

BT - Proceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015

Y2 - 21 September 2015 through 25 September 2015

ER -

Active perception for cyber intrusion detection and defense

Abstract

Publication series

Conference

Bibliographical note

Keywords

Publisher link

Find It

Other files and links

Fingerprint

Cite this