File:Multi-armed bandit models of network intrusion in the cyber domain (IA multiarmedbandit1094556715).pdf
Original file (1,275 × 1,650 pixels, file size: 2.28 MB, MIME type: application/pdf, 76 pages)
Captions
Captions
Summary[edit]
Multi-armed bandit models of network intrusion in the cyber domain
(   ) |
||
|---|---|---|
| Author |
Kronzilber, Dor |
 |
| Title |
Multi-armed bandit models of network intrusion in the cyber domain |
|
| Publisher |
Monterey, California: Naval Postgraduate School |
|
| Description |
We model attacks against computer networks in the cyber domain from the attacker’s point of view. We consider an attacker with limited resources and time, whose goal is to maximize the expected reward earned by exploiting infected computers, while considering the risks. A computer network is represented as a graph consisting of computers or routers, where each computer has unknown expected reward and the routers connect sub-networks of computers. At time zero the attacker starts from an infected computer, called the “home computer,” while all the other computers in the network are not infected. In any given period, the attacker can try to earn a reward by exploiting the subset of infected computers, or can choose to expand by infecting adjacent computers and routers, which does not accrue any reward. However, each infected computer must be connected through other infected computers all the way to the “home computer” for the attacker to be able to exploit it (but this connectivity may be lost when attacks are detected). For the linear network model, which is a worst-case scenario from the attacker point of view, we find that the optimal number of nodes to attempt to infect is of the order square root of the time when the network is sufficiently large. Also, we determine a critical relationship between the attacker’s probability to infect a new node and the probability of detection. When this critical condition is met, the attacker should not try to infect any additional nodes. Subjects: multi-armed bandit; cyber intrusion; computer network; advanced persistent threat |
|
| Language | English | |
| Publication date | September 2017 | |
| Current location |
IA Collections: navalpostgraduateschoollibrary; fedlink |
|
| Accession number |
multiarmedbandit1094556715 |
|
| Source | ||
| Permission (Reusing this file) |
Copyright is reserved by the copyright owner. | |
Licensing[edit]
|
This work is in the public domain in the United States because it is a work prepared by an officer or employee of the United States Government as part of that person’s official duties under the terms of Title 17, Chapter 1, Section 105 of the US Code.
Note: This only applies to original works of the Federal Government and not to the work of any individual U.S. state, territory, commonwealth, county, municipality, or any other subdivision. This template also does not apply to postage stamp designs published by the United States Postal Service since 1978. (See § 313.6(C)(1) of Compendium of U.S. Copyright Office Practices). It also does not apply to certain US coins; see The US Mint Terms of Use.
|
 |
| This file has been identified as being free of known restrictions under copyright law, including all related and neighboring rights. | ||
File history
Click on a date/time to view the file as it appeared at that time.
| Date/Time | Thumbnail | Dimensions | User | Comment | |
|---|---|---|---|---|---|
| current | 03:15, 23 July 2020 |  | 1,275 × 1,650, 76 pages (2.28 MB) | Fæ (talk | contribs) | FEDLINK - United States Federal Collection multiarmedbandit1094556715 (User talk:Fæ/IA books#Fork8) (batch 1993-2020 #22423) |
You cannot overwrite this file.
File usage on Commons
The following page uses this file: