2019 National Cyber Summit

Summit Speaker Noah Dunstatter

Session Information

Allocating Security Analysts to Cyber Alerts Using Markov Games
Wednesday, June 06, 2018 02:35PM - 02:55PM
Allocating cyber-security analysts to incoming cyber alerts is an important task in any organization employing cyber-defense mechanisms. Alerts are typically generated when intrusion detection software on computer systems (e.g., servers, routers) detect abnormal or suspicious activity. Based on the respective significance level of the alerts, some are assigned to cyber-security analysts for further investigation. Due to the wide range of potential attacks coupled with high degrees of attack sophistication, identifying what constitutes a true attack is a challenging problem, especially for organizations performing critical operations (e.g., military bases, financial institutions, etc.) that are constantly being subjected to cyber attacks every day. In this talk, we introduce a game-theoretical framework that assigns cyber-security analysts to cyber alerts to minimize the overall risk faced by an organization. Through dynamic programming and Q-maximin value iteration-based algorithms, we identify optimal allocation strategies that take into account the current availability of analysts, the risk faced by the attacker, the incoming alerts, and the future outlook of the system. We assess the effectiveness of our allocation strategies by comparing them to other sensible heuristics (e.g., random, greedy and myopic). Our results show that our approach outperforms these other strategies in minimizing risk.
South Hall - Ballroom 1
Dr. Mina Guirguis photo
Dr. Mina Guirguis
Associate Professor
Texas State University
Mina Guirguis is an Associate Professor of Computer Science at Texas State University, which he joined in 2006. His research is broadly driven by the interplay of security, networks and stochastic control with research contributions in the areas of Cyber-Physical Systems, Networks and Computing Systems, and Mobile Cloud Computing. Guirguis' research and educational activities are funded with over $2.9M in grants from the NSF, DoD, AFOSR, DHS, IEEE, Cisco and Texas State. Guirguis received the NSF CAREER award in 2012.

Guirguis has been a visiting faculty researcher at the Air Force Research Laboratory (AFRL) in the summers of 2012 and 2013. During the academic year 2014/2015 he joined the Mobile and Pervasive Computing Group in the ECE Dept. at UT Austin. Guirguis has been a visiting scholar at the DHS Center for Risk and Economic Analysis of Terrorism Events (CREATE) in summer 2016. Guirguis has a wide range of industrial experience at various companies including Fortress Technologies and Microsoft. He has served on various Technical Program Committees for many conferences, on NSF panels and on the Editorial Board of International Journals.

Guirguis earned his Ph.D. in Computer Science at Boston University in 2007.
Alireza Tahsini photo
Alireza Tahsini
Texas State University
I am a master student in Computer Science and I will graduate in May 2018. My research focus is on Reinforcement Learning, Deep Learning and Game Theory. Also, I have a remarkable background in industry as a Java/ Android application developer and a start up cofounder. In summary I have:

· Machine learning, Deep Learning and scientific programming experience
· Android application development experience
· Experience with variety of programming languages, especially Java
· Strong mathematical background
· Determined academic achievements and industrial experiences
Noah Dunstatter photo
Noah Dunstatter
Texas State University
Noah is currently pursuing a Master's Degree in Computer Science at Texas State University, where he works as a graduate researcher on the intersection of Deep Reinforcement Learning, Game Theory, and Network Security. His current research focuses on the synthesis of these fields to derive game-theoretically optimal defense strategies for computer emergency response teams. He will be finishing his thesis in December and hopes to find a great school to pursue his PhD or perhaps a challenging career in industry.