Active perception for cyber intrusion detection and defense

J. Benton; Robert P. Goldman; Mark Burstein; Joseph Mueller; Paul Robertson; Dan Cerys; Andreas Hoffman; Rusty Bobrow

Active perception for cyber intrusion detection and defense

J. Benton, Robert P. Goldman, Mark Burstein, Joseph Mueller, Paul Robertson, Dan Cerys, Andreas Hoffman, Rusty Bobrow

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Most modern network-based intrusion detection systems (IDSs) passively monitor network traffic to identify possible attacks through known vectors. Though useful, this approach has widely known high false positive rates, often causing administrators to suffer from a "cry Wolf effect," where they ignore all warnings because so many have been false. In this paper, we focus on a method to reduce this effect using an idea borrowed from computer vision and neuroscience called active perception. Our approach is informed by theoretical ideas from decision theory and recent research results in neuroscience. The active perception agent allocates computational and sensing resources to (approximately) optimize its Value of Information. To do this, it draws on models to direct sensors towards phenomena of greatest interest to inform decisions about cyber defense actions. By identifying critical network assets, the organization's mission measures self-interest (and value of information). This model enables the system to follow leads from inexpensive, inaccurate alerts with targeted use of expensive, accurate sensors. This allows the deployment of sensors to build structured interpretations of situations. From these, an organization can meet missioncentered decision-making requirements with calibrated responses proportional to the likelihood of true detection and degree of threat.

Original language	English (US)
Title of host publication	WS-16-01
Subtitle of host publication	Artificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence
Publisher	AI Access Foundation
Pages	157-161
Number of pages	5
ISBN (Electronic)	9781577357599
State	Published - 2016
Externally published	Yes
Event	30th AAAI Conference on Artificial Intelligence, AAAI 2016 - Phoenix, United States Duration: Feb 12 2016 → Feb 17 2016

Publication series

Name	AAAI Workshop - Technical Report
Volume	WS-16-01 - WS-16-15

Other

Other	30th AAAI Conference on Artificial Intelligence, AAAI 2016
Country/Territory	United States
City	Phoenix
Period	2/12/16 → 2/17/16

Bibliographical note

Publisher Copyright:
Copyright © 2016, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.

Find It

Find It at U of M Libraries

Cite this

Benton, J., Goldman, R. P., Burstein, M., Mueller, J., Robertson, P., Cerys, D., Hoffman, A., & Bobrow, R. (2016). Active perception for cyber intrusion detection and defense. In WS-16-01: Artificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence (pp. 157-161). (AAAI Workshop - Technical Report; Vol. WS-16-01 - WS-16-15). AI Access Foundation.

Active perception for cyber intrusion detection and defense. / Benton, J.; Goldman, Robert P.; Burstein, Mark et al.
WS-16-01: Artificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence. AI Access Foundation, 2016. p. 157-161 (AAAI Workshop - Technical Report; Vol. WS-16-01 - WS-16-15).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Benton, J, Goldman, RP, Burstein, M, Mueller, J, Robertson, P, Cerys, D, Hoffman, A & Bobrow, R 2016, Active perception for cyber intrusion detection and defense. in WS-16-01: Artificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence. AAAI Workshop - Technical Report, vol. WS-16-01 - WS-16-15, AI Access Foundation, pp. 157-161, 30th AAAI Conference on Artificial Intelligence, AAAI 2016, Phoenix, United States, 2/12/16.

Benton J, Goldman RP, Burstein M, Mueller J, Robertson P, Cerys D et al. Active perception for cyber intrusion detection and defense. In WS-16-01: Artificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence. AI Access Foundation. 2016. p. 157-161. (AAAI Workshop - Technical Report).

Benton, J. ; Goldman, Robert P. ; Burstein, Mark et al. / Active perception for cyber intrusion detection and defense. WS-16-01: Artificial Intelligence Applied to Assistive Technologies and Smart Environments; WS-16-02: AI, Ethics, and Society; WS-16-03: Artificial Intelligence for Cyber Security; WS-16-04: Artificial Intelligence for Smart Grids and Smart Buildings; WS-16-05: Beyond NP; WS-16-06: Computer Poker and Imperfect Information Games; WS-16-07: Declarative Learning Based Programming; WS-16-08: Expanding the Boundaries of Health Informatics Using AI; WS-16-09: Incentives and Trust in Electronic Communities; WS-16-10: Knowledge Extraction from Text; WS-16-11: Multiagent Interaction without Prior Coordination; WS-16-12: Planning for Hybrid Systems; WS-16-13: Scholarly Big Data: AI Perspectives, Challenges, and Ideas; WS-16-14: Symbiotic Cognitive Systems; WS-16-15: World Wide Web and Population Health Intelligence. AI Access Foundation, 2016. pp. 157-161 (AAAI Workshop - Technical Report).

@inproceedings{b126d3deb53744cfa2ef45d21ebf6bfd,

title = "Active perception for cyber intrusion detection and defense",

abstract = "Most modern network-based intrusion detection systems (IDSs) passively monitor network traffic to identify possible attacks through known vectors. Though useful, this approach has widely known high false positive rates, often causing administrators to suffer from a {"}cry Wolf effect,{"} where they ignore all warnings because so many have been false. In this paper, we focus on a method to reduce this effect using an idea borrowed from computer vision and neuroscience called active perception. Our approach is informed by theoretical ideas from decision theory and recent research results in neuroscience. The active perception agent allocates computational and sensing resources to (approximately) optimize its Value of Information. To do this, it draws on models to direct sensors towards phenomena of greatest interest to inform decisions about cyber defense actions. By identifying critical network assets, the organization's mission measures self-interest (and value of information). This model enables the system to follow leads from inexpensive, inaccurate alerts with targeted use of expensive, accurate sensors. This allows the deployment of sensors to build structured interpretations of situations. From these, an organization can meet missioncentered decision-making requirements with calibrated responses proportional to the likelihood of true detection and degree of threat.",

author = "J. Benton and Goldman, {Robert P.} and Mark Burstein and Joseph Mueller and Paul Robertson and Dan Cerys and Andreas Hoffman and Rusty Bobrow",

note = "Publisher Copyright: Copyright {\textcopyright} 2016, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.; 30th AAAI Conference on Artificial Intelligence, AAAI 2016 ; Conference date: 12-02-2016 Through 17-02-2016",

year = "2016",

language = "English (US)",

series = "AAAI Workshop - Technical Report",

publisher = "AI Access Foundation",

pages = "157--161",

booktitle = "WS-16-01",

}

TY - GEN

T1 - Active perception for cyber intrusion detection and defense

AU - Benton, J.

AU - Goldman, Robert P.

AU - Burstein, Mark

AU - Mueller, Joseph

AU - Robertson, Paul

AU - Cerys, Dan

AU - Hoffman, Andreas

AU - Bobrow, Rusty

PY - 2016

Y1 - 2016

N2 - Most modern network-based intrusion detection systems (IDSs) passively monitor network traffic to identify possible attacks through known vectors. Though useful, this approach has widely known high false positive rates, often causing administrators to suffer from a "cry Wolf effect," where they ignore all warnings because so many have been false. In this paper, we focus on a method to reduce this effect using an idea borrowed from computer vision and neuroscience called active perception. Our approach is informed by theoretical ideas from decision theory and recent research results in neuroscience. The active perception agent allocates computational and sensing resources to (approximately) optimize its Value of Information. To do this, it draws on models to direct sensors towards phenomena of greatest interest to inform decisions about cyber defense actions. By identifying critical network assets, the organization's mission measures self-interest (and value of information). This model enables the system to follow leads from inexpensive, inaccurate alerts with targeted use of expensive, accurate sensors. This allows the deployment of sensors to build structured interpretations of situations. From these, an organization can meet missioncentered decision-making requirements with calibrated responses proportional to the likelihood of true detection and degree of threat.

AB - Most modern network-based intrusion detection systems (IDSs) passively monitor network traffic to identify possible attacks through known vectors. Though useful, this approach has widely known high false positive rates, often causing administrators to suffer from a "cry Wolf effect," where they ignore all warnings because so many have been false. In this paper, we focus on a method to reduce this effect using an idea borrowed from computer vision and neuroscience called active perception. Our approach is informed by theoretical ideas from decision theory and recent research results in neuroscience. The active perception agent allocates computational and sensing resources to (approximately) optimize its Value of Information. To do this, it draws on models to direct sensors towards phenomena of greatest interest to inform decisions about cyber defense actions. By identifying critical network assets, the organization's mission measures self-interest (and value of information). This model enables the system to follow leads from inexpensive, inaccurate alerts with targeted use of expensive, accurate sensors. This allows the deployment of sensors to build structured interpretations of situations. From these, an organization can meet missioncentered decision-making requirements with calibrated responses proportional to the likelihood of true detection and degree of threat.

UR - http://www.scopus.com/inward/record.url?scp=85021905541&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85021905541&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85021905541

T3 - AAAI Workshop - Technical Report

SP - 157

EP - 161

BT - WS-16-01

PB - AI Access Foundation

T2 - 30th AAAI Conference on Artificial Intelligence, AAAI 2016

Y2 - 12 February 2016 through 17 February 2016

ER -

Active perception for cyber intrusion detection and defense

Abstract

Publication series

Other

Bibliographical note

Find It

Other files and links

Fingerprint

Cite this