Toward cost-sensitive self-optimizing anomaly detection and response in autonomic networks

While anomaly detection and response play a significant role in attaining auto defense, one of core functionalities of autonomic networks, the design and deployment of Anomaly Detection and Response Systems (ADRS) herein is a non-trivial issue because of the special network characteristic, namely self-managing, which requires candidate ADRS to automatically and optimally balance performance objectives and potential negative consequence. In this paper, we propose a decision-theoretic framework to systematically analyze ADRS in autonomic networks, with an objective to achieve its cost-sensitive and self-optimizing operation. In particular, each ADRS agent is viewed as an autonomous entity, making decision as its local operating environment. A global reward signal is then used to quantify the performance of ADRS as a whole in terms of those identified metrics. Furthermore, the analytical framework serves as a basis for developing an adaptive, robust, and near-optimal prototype termed ARSoS, along with a reinforcement learning algorithm for approximately inferring the optimal behavior of a reputation-based ADRS in a specific autonomic network variant, mobile ad-hoc network. The performance of ARSoS is validated through extensive simulations.