Guided Learning

Abstract

The proposed work will focus on learning a robust and complete model of entity behavior on computer networks.Entities of interest include individual users, servers, control equipment, bots, and other agent-like systems. Given a reliable and robust model of each entity s "pattern of life," anomalous activity produced by malicious software or criminal attacks can be detected. While rule-based systems have been in place for detecting unusual network events, these have generally been ineffective for data-dependent detections such as behavioral anomalies and tend to have high false-alert rates. To improve upon existing methods, we propose a joint logical-statistical learner in which the statistical model infers data-driven parameters and the logical model encodes domain driven rules for distinguishing nominal and malicious activities. We also propose building a deep reinforcement learning model for a simplified network defense game, in which both attack/evasion and detection strategies can co-evolve in an adversarial environment. Both approaches can be viewed as "cognitive" models, integrating "fast" sensing-like abilities with "slow" planning-like reasoning, and leveraging recent successes in machine learning and deep neural networks.

Document Details

Document Type

DoD Grant Award

Publication Date

Jan 04, 2017

Source ID

N000141712143

Entities

Tags