Skip to main content
SpringerLink
Log in

Solving Cyber Alert Allocation Markov Games with Deep Reinforcement Learning

  • Conference paper
  • First Online:
Decision and Game Theory for Security (GameSec 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11836))

Included in the following conference series:

Abstract

Companies and organizations typically employ different forms of intrusion detection (and prevention) systems on their computer and network resources (e.g., servers, routers) that monitor and flag suspicious and/or abnormal activities. When a possible malicious activity is detected, one or more cyber-alerts are generated with varying levels of significance (e.g., high, medium, or low). Some subset of these alerts may then be assigned to cyber-security analysts on staff for further investigation. Due to the wide range of potential attacks and the high degrees of attack sophistication, identifying what constitutes a true attack is a challenging problem. In this paper, we present a framework that allows us to derive game-theoretic strategies for assigning security alerts to security analysts. Our approach considers a series of sub-games between the attacker and defender with a state maintained between sub-games. Due to the large sizes of the action and state spaces, we present a technique that uses deep neural networks in conjunction with Q-learning to derive near-optimal Nash strategies for both attacker and defender. We assess the effectiveness of these policies by comparing them to optimal policies obtained from brute force value iteration methods, as well as other sensible heuristics (e.g., random and myopic). Our results show that we consistently obtain policies whose utility is comparable to that of the optimal solution, while drastically reducing the run times needed to achieve such policies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Altner, D., Servi, L.: A two-stage stochastic shift scheduling model for cybersecurity workforce optimization with on call options (2016)

    Google Scholar 

  2. Brown, G.W.: Iterative solution of games by fictitious play. In: Koopmans, T.C. (ed.) Activity Analysis of Production and Allocation. Wiley, New York (1951)

    Google Scholar 

  3. Brown, M., Sinha, A., Schlenker, A., Tambe, M.: One size does not fit all: a game-theoretic approach for dynamically and effectively screening for threats. In: AAAI Conference on Artificial Intelligence (2016)

    Google Scholar 

  4. Dunstatter, N., Guirguis, M., Tahsini, A.: Allocating security analysts to cyber alerts using markov games. In: 2018 National Cyber Summit (NCS) (2018)

    Google Scholar 

  5. Ganesan, R., Jajodia, S., Cam, H.: Optimal scheduling of cybersecurity analysts for minimizing risk. ACM Trans. Intell. Syst. Technol. 8, 52 (2015)

    Google Scholar 

  6. Ganesan, R., Jajodia, S., Shah, A., Cam, H.: Dynamic scheduling of cybersecurity analysts for minimizing risk using reinforcement learning. ACM Trans. Intell. Syst. Technol. 8, 4 (2016)

    Article  Google Scholar 

  7. Jain, M., Kardes, E., Kiekintveld, C., Ordónez, F., Tambe, M.: Security games with arbitrary schedules: a branch and price approach. In: Proceedings of AAAI (2010)

    Google Scholar 

  8. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. CoRR (2014)

    Google Scholar 

  9. Lagoudakis, M.G., Parr, R.: Value function approximation in zero-sum markov games. In: Proceedings of the Eighteenth Conference on Uncertainty in Artificial Intelligence, pp. 283–292. Morgan Kaufmann Publishers Inc., San Francisco (2002)

    Google Scholar 

  10. Lample, G., Chaplot, D.S.: Playing FPS games with deep reinforcement learning. CoRR abs/1609.05521 (2016)

    Google Scholar 

  11. Lin, L.J.: Reinforcement learning for robots using neural networks. Ph.D. thesis, Pittsburgh, PA, USA (1992)

    Google Scholar 

  12. Littman, M.: Value-function reinforcement learning in markov games. Princeton University Press (2000)

    Google Scholar 

  13. Littman, M.: Markov games as a framework for multi-agent reinforcement learning. In: Proceedings of the Eleventh International Conference on Machine Learning, pp. 157–163. Morgan Kaufmann (1994)

    Google Scholar 

  14. Ma, C., Yau, D., Lou, X., Rao, N.: Markov game analysis for attack-defense of power networks under possible misinformation. IEEE Trans. Power Syst. 28, 1676–1686 (2013)

    Article  Google Scholar 

  15. Mnih, V., et al.: Playing atari with deep reinforcement learning. CoRR (2013)

    Google Scholar 

  16. Ponemon Institute: The cost of malware containment (2015)

    Google Scholar 

  17. Robinson, J.: An iterative method of solving a game. Ann. Math. 54(2), 296–301 (1951)

    Article  MathSciNet  Google Scholar 

  18. Schlenker, A., et al.: Don’t bury your head in warnings: a game-theoretic approach for intelligent allocation of cyber-security alerts. In: Proceedings of the Twenty-Sixth International Joint Conference on Artificial Intelligence, IJCAI-17, pp. 381–387 (2017)

    Google Scholar 

  19. Schlenker, A., et al.: Towards a game-theoretic framework for intelligent cyber-security alert allocation. In: Proceedings of the 3rd IJCAI Workshop on Algorithmic Game Theory, Melbourne, Australia (2017)

    Google Scholar 

  20. Shah, A., Ganesan, R., Jajodia, S., Cam, H.: A methodology to measure and monitor level of operational effectiveness of a CSOC. Int. J. Inf. Secur. 17(2) (2018)

    Article  Google Scholar 

  21. Shu, X., Tian, K., Ciambrone, A., Yao, D.: Breaking the target: an analysis of target data breach and lessons learned. CoRR (2017)

    Google Scholar 

  22. Sinha, A., Nguyen, T., Kar, D., Brown, M., Tambe, M., Jiang, A.: From physical security to cybersecurity. J. Cybersecur. 1(1), 19–35 (2015)

    Google Scholar 

  23. Williams, J.D.: The Compleat Strategyst: Being a Primer on the Theory of Games of Strategy. Dover, New York (1986)

    MATH  Google Scholar 

  24. Xiaolin, C., Xiaobin, T., Yong, Z., Hongsheng, X.: A markov game theory-based risk assessment model for network information system. In: 2008 International Conference on Computer Science and Software Engineering, vol. 3, pp. 1057–1061, December 2008

    Google Scholar 

  25. Yin, Z., et al.: Trusts: scheduling randomized patrols for fare inspection in transit systems using game theory. In: Proceedings of the 24th IAAI, Palo Alto, CA (2012)

    Google Scholar 

  26. Zimmerman, C.: Ten strategies of a world-class cybersecurity operations center. MITRE corporate communications and public affairs (2014)

    Google Scholar 

Download references

Acknowledgement

This work was supported in part by NSF grant #1814064.

Author information

Authors and Affiliations

  1. Department of Computer Science, Texas State University, 601 University Dr, San Marcos, TX, 78666, USA

    Noah Dunstatter, Alireza Tahsini, Mina Guirguis & Jelena Tešić

Authors
  1. Noah Dunstatter
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alireza Tahsini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mina Guirguis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jelena Tešić
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Noah Dunstatter .

Editor information

Editors and Affiliations

  1. University of Melbourne, Melbourne, VIC, Australia

    Tansu Alpcan

  2. Washington University in St. Louis, St. Louis, MO, USA

    Yevgeniy Vorobeychik

  3. University of Maryland, College Park, College Park, MD, USA

    John S. Baras

  4. KTH Royal Institute of Technology, Stockholm, Sweden

    György Dán

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dunstatter, N., Tahsini, A., Guirguis, M., Tešić, J. (2019). Solving Cyber Alert Allocation Markov Games with Deep Reinforcement Learning. In: Alpcan, T., Vorobeychik, Y., Baras, J., Dán, G. (eds) Decision and Game Theory for Security. GameSec 2019. Lecture Notes in Computer Science(), vol 11836. Springer, Cham. https://doi.org/10.1007/978-3-030-32430-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-32430-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-32429-2

  • Online ISBN: 978-3-030-32430-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation