Don't Bury your Head in Warnings: A Game-Theoretic Approach for Intelligent Allocation of Cybersecurity
Alerts
(A Schlenker, H Xu, M Guirguis, C Kiekintveld, A Sinha,
M Tambe, S Sonya, D Balderas and N Dunstatter)
In International Joint Conference on Artificial Intelligence (IJCAI) 2017.
This is the author's version of the work.
Download
Abstract
In recent years, there have been a number of successful
cyber attacks on enterprise networks by malicious
actors. These attacks generate alerts which
must be investigated by cyber analysts to determine
if they are an attack. Unfortunately, there are magnitude
more alerts than cyber analysts - a trend expected
to continue into the future creating a need
to find optimal assignments of the incoming alerts
to analysts in the presence of a strategic adversary.
We address this challenge with the four following
contributions: (1) a cyber allocation game (CAG)
model for the cyber network protection domain, (2)
an NP-hardness proof for computing the optimal
strategy for the defender, (3) techniques to find the
optimal allocation of experts to alerts in CAG in the
general case and key special cases, and (4) heuristics
to achieve significant scale-up in CAGs with
minimal loss in solution quality.
