Amin Ghafouri
Citation
Amin Ghafouri. "A Game-Theoretic Approach for Selecting Optimal Thresholds for Anomaly Detection in Dynamical Environments". Talk or presentation, 23, August, 2017.
Abstract
Adversaries may cause significant damage to smart infrastructure using malicious attacks. To detect and mitigate these attacks before they can cause physical damage, operators can deploy anomaly detectors, which can alarm operators to suspicious activities. However, detection thresholds of anomaly detectors need to be configured properly, as an oversensitive detector raises a prohibitively large number of false alarms, while an undersensitive detector may miss actual attacks. This is an especially challenging problem in dynamical environments, where the impact of attacks may significantly vary over time. Using a game-theoretic approach, we formulate the problem of finding optimal detection thresholds which minimize both the number of false alarms and the probability of missing actual attacks as a two-player Stackelberg security game. We provide an efficient algorithm for solving the game, thereby finding optimal detection thresholds. We analyze the performance of the proposed algorithm and show that its running time scales polynomially as the length of the time horizon of interest increases. Finally, we evaluate our results using a case study of contamination attacks in water networks, and show that our optimal thresholds significantly outperform fixed thresholds that do not consider that the environment is dynamical.
Electronic downloads
Internal. This publication has been marked by the author for FORCES-only distribution, so electronic downloads are not available without logging in.
| Citation formats |
- HTML
Amin Ghafouri. <a href="http://www.cps-forces.org/pubs/264.html" ><i>A Game-Theoretic Approach for Selecting Optimal Thresholds for Anomaly Detection in Dynamical Environments</i></a>, Talk or presentation, 23, August, 2017.
- Plain text
Amin Ghafouri. "A Game-Theoretic Approach for Selecting Optimal Thresholds for Anomaly Detection in Dynamical Environments". Talk or presentation, 23, August, 2017.
- BibTeX
@presentation{Ghafouri17_GameTheoreticApproachForSelectingOptimalThresholdsFor, author = {Amin Ghafouri}, title = {A Game-Theoretic Approach for Selecting Optimal Thresholds for Anomaly Detection in Dynamical Environments}, day = {23}, month = {August}, year = {2017}, abstract = {Adversaries may cause significant damage to smart infrastructure using malicious attacks. To detect and mitigate these attacks before they can cause physical damage, operators can deploy anomaly detectors, which can alarm operators to suspicious activities. However, detection thresholds of anomaly detectors need to be configured properly, as an oversensitive detector raises a prohibitively large number of false alarms, while an undersensitive detector may miss actual attacks. This is an especially challenging problem in dynamical environments, where the impact of attacks may significantly vary over time. Using a game-theoretic approach, we formulate the problem of finding optimal detection thresholds which minimize both the number of false alarms and the probability of missing actual attacks as a two-player Stackelberg security game. We provide an efficient algorithm for solving the game, thereby finding optimal detection thresholds. We analyze the performance of the proposed algorithm and show that its running time scales polynomially as the length of the time horizon of interest increases. Finally, we evaluate our results using a case study of contamination attacks in water networks, and show that our optimal thresholds significantly outperform fixed thresholds that do not consider that the environment is dynamical.}, URL = {http://cps-forces.org/pubs/264.html} }
Posted by Carolyn Winter on 24 Aug 2017.
Groups: forces
For additional information, see the
Publications FAQ or
contact webmaster at cps-forces org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.