Optimal index policies for anomaly localization in resource-constrained cyber systems

Kobi Cohen, Qing Zhao, Ananthram Swami

Research output: Contribution to journalArticlepeer-review

34 Scopus citations

Abstract

The problem of anomaly localization in a resource-constrained cyber system is considered. Each anomalous component of the system incurs a cost per unit time until its anomaly is identified and fixed. Different anomalous components may incur different costs depending on their criticality to the system. Due to resource constraints, only one component can be probed at each given time. The observations from a probed component are realizations drawn from two different distributions depending on whether the component is normal or anomalous. The objective is a probing strategy that minimizes the total expected cost, incurred by all the components during the detection process, under reliability constraints. We consider both independent and exclusive models. In the former, each component can be abnormal with a certain probability independent of other components. In the latter, one and only one component is abnormal. We develop optimal index policies under both models. The proposed index policies apply to a more general case where a subset (more than one) of the components can be probed simultaneously. The problem under study also finds applications in spectrum scanning in cognitive radio networks and event detection in sensor networks.

Original languageEnglish
Article number6844162
Pages (from-to)4224-4236
Number of pages13
JournalIEEE Transactions on Signal Processing
Volume62
Issue number16
DOIs
StatePublished - 15 Aug 2014
Externally publishedYes

Keywords

  • Anomaly localization
  • composite hypothesis testing
  • sequential hypothesis testing
  • sequential probability ratio test (SPRT)

ASJC Scopus subject areas

  • Signal Processing
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Optimal index policies for anomaly localization in resource-constrained cyber systems'. Together they form a unique fingerprint.

Cite this