{"id":"https://openalex.org/W2792721951","doi":"https://doi.org/10.1109/tifs.2018.2819967","title":"A POMDP Approach to the Dynamic Defense of Large-Scale Cyber Networks","display_name":"A POMDP Approach to the Dynamic Defense of Large-Scale Cyber Networks","publication_year":2018,"publication_date":"2018-03-26","ids":{"openalex":"https://openalex.org/W2792721951","doi":"https://doi.org/10.1109/tifs.2018.2819967","mag":"2792721951"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2018.2819967","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2018.2819967","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5070206390","display_name":"Erik Miehling","orcid":"https://orcid.org/0000-0003-0533-8329"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Erik Miehling","raw_affiliation_strings":["Coordinated Science Laboratory, University of Illinois at Urbana\u2013Champaign, Urbana, IL, USA"],"affiliations":[{"raw_affiliation_string":"Coordinated Science Laboratory, University of Illinois at Urbana\u2013Champaign, Urbana, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014911774","display_name":"Mohammad Rasouli","orcid":"https://orcid.org/0000-0002-4038-1456"},"institutions":[{"id":"https://openalex.org/I97018004","display_name":"Stanford University","ror":"https://ror.org/00f54p054","country_code":"US","type":"education","lineage":["https://openalex.org/I97018004"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mohammad Rasouli","raw_affiliation_strings":["Department of Civil and Environmental Engineering, Stanford University, Stanford, CA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Civil and Environmental Engineering, Stanford University, Stanford, CA, USA","institution_ids":["https://openalex.org/I97018004"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5015762210","display_name":"Demosthenis Teneketzis","orcid":"https://orcid.org/0000-0002-0450-5992"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Demosthenis Teneketzis","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Michigan, Ann Arbor, MI, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Michigan, Ann Arbor, MI, USA","institution_ids":["https://openalex.org/I27837315"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5070206390"],"corresponding_institution_ids":["https://openalex.org/I157725225"],"apc_list":null,"apc_paid":null,"fwci":7.9349,"has_fulltext":false,"cited_by_count":85,"citation_normalized_percentile":{"value":0.9770602,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":"13","issue":"10","first_page":"2490","last_page":"2505"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8268713355064392},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7921608686447144},{"id":"https://openalex.org/keywords/partially-observable-markov-decision-process","display_name":"Partially observable Markov decision process","score":0.6338886618614197},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5957791805267334},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5536471605300903},{"id":"https://openalex.org/keywords/markov-decision-process","display_name":"Markov decision process","score":0.5189864039421082},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5085850954055786},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.45202872157096863},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.43949079513549805},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.4329224228858948},{"id":"https://openalex.org/keywords/dependency","display_name":"Dependency (UML)","score":0.4228940010070801},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.41815292835235596},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4145324230194092},{"id":"https://openalex.org/keywords/markov-process","display_name":"Markov process","score":0.37388676404953003},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.35883408784866333},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3294408321380615},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2792699635028839},{"id":"https://openalex.org/keywords/markov-chain","display_name":"Markov chain","score":0.21529367566108704},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.20346245169639587},{"id":"https://openalex.org/keywords/markov-model","display_name":"Markov model","score":0.17228931188583374}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8268713355064392},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7921608686447144},{"id":"https://openalex.org/C17098449","wikidata":"https://www.wikidata.org/wiki/Q176814","display_name":"Partially observable Markov decision process","level":4,"score":0.6338886618614197},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5957791805267334},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5536471605300903},{"id":"https://openalex.org/C106189395","wikidata":"https://www.wikidata.org/wiki/Q176789","display_name":"Markov decision process","level":3,"score":0.5189864039421082},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5085850954055786},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.45202872157096863},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43949079513549805},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.4329224228858948},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.4228940010070801},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.41815292835235596},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4145324230194092},{"id":"https://openalex.org/C159886148","wikidata":"https://www.wikidata.org/wiki/Q176645","display_name":"Markov process","level":2,"score":0.37388676404953003},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.35883408784866333},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3294408321380615},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2792699635028839},{"id":"https://openalex.org/C98763669","wikidata":"https://www.wikidata.org/wiki/Q176645","display_name":"Markov chain","level":2,"score":0.21529367566108704},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.20346245169639587},{"id":"https://openalex.org/C163836022","wikidata":"https://www.wikidata.org/wiki/Q6771326","display_name":"Markov model","level":3,"score":0.17228931188583374},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2018.2819967","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2018.2819967","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6600000262260437,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G6471190695","display_name":null,"funder_award_id":"W911NF-13-1-0421","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G8305956998","display_name":null,"funder_award_id":"CNS-1238962","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W19881422","https://openalex.org/W1535136082","https://openalex.org/W1584620713","https://openalex.org/W1800991598","https://openalex.org/W1825715633","https://openalex.org/W1965332127","https://openalex.org/W1995716850","https://openalex.org/W2011418219","https://openalex.org/W2016551721","https://openalex.org/W2053944475","https://openalex.org/W2097209984","https://openalex.org/W2097688220","https://openalex.org/W2099419334","https://openalex.org/W2099430963","https://openalex.org/W2120839938","https://openalex.org/W2121805588","https://openalex.org/W2135329833","https://openalex.org/W2144913588","https://openalex.org/W2146440914","https://openalex.org/W2157636101","https://openalex.org/W2168405694","https://openalex.org/W2171084228","https://openalex.org/W2288766236","https://openalex.org/W2379726672","https://openalex.org/W2490447569","https://openalex.org/W2520200210","https://openalex.org/W2522792437","https://openalex.org/W2765659133","https://openalex.org/W2790134597","https://openalex.org/W2963860935","https://openalex.org/W4248986893","https://openalex.org/W4249173680","https://openalex.org/W6674875911","https://openalex.org/W6684973485","https://openalex.org/W6696294499","https://openalex.org/W6812742317"],"related_works":["https://openalex.org/W2096013579","https://openalex.org/W52153049","https://openalex.org/W1760611253","https://openalex.org/W1515117609","https://openalex.org/W1589140671","https://openalex.org/W4323315247","https://openalex.org/W2294884454","https://openalex.org/W3169161914","https://openalex.org/W4321379664","https://openalex.org/W2211790881"],"abstract_inverted_index":{"We":[0],"investigate":[1],"the":[2,7,18,27,49,64,71,74,85,99,103,114,121,146,152,156,173,188,209,213,225,237],"problem":[3,165],"of":[4,9,20,39,73,98,120,132,166,227,231,236],"optimally":[5,170],"mitigating":[6],"progression":[8,72,87,101,175],"an":[10,244],"adversary":[11],"through":[12,102],"a":[13,37,43,60,129,149,179,194,228],"network":[14,104],"in":[15,224],"real-time,":[16],"decreasing":[17],"probability":[19],"it":[21],"reaching":[22],"its":[23,108],"goal(s),":[24],"while":[25],"minimizing":[26],"negative":[28],"impact":[29],"to":[30,69,82,169,218],"availability.":[31],"Our":[32],"model":[33],"is":[34,80,105,125,176,241],"based":[35],"on":[36,63,113,243],"type":[38],"attack":[40],"graph,":[41,46,65],"termed":[42],"condition":[44],"dependency":[45],"which":[47,111],"models":[48],"dependencies":[50],"between":[51],"security":[52,137,221],"conditions":[53],"(attacker":[54],"capabilities)":[55],"and":[56,143,160,202],"exploits.":[57],"By":[58],"embedding":[59],"state":[61,190],"space":[62],"we":[66,192,215],"are":[67,216],"able":[68,81,217],"quantify":[70],"attacker":[75,133],"over":[76,155,206],"time.":[77,207],"The":[78,96,117,163,234],"defender":[79,147],"interfere":[83,171],"with":[84,172,187],"attacker's":[86,100,122,157,174],"by":[88,107,127,212],"blocking":[89],"some":[90],"exploits":[91],"from":[92],"being":[93],"carried":[94],"out.":[95],"nature":[97],"dictated":[106],"private":[109],"strategy,":[110],"depends":[112],"defender's":[115,118],"action.":[116],"uncertainty":[119],"true":[123,161],"strategy":[124],"modeled":[126],"considering":[128],"finite":[130],"collection":[131],"types.":[134],"Using":[135,208],"noisy":[136],"alerts":[138,222],"(exhibiting":[139],"both":[140],"missed":[141],"detections":[142],"false":[144,232],"alarms),":[145],"maintains":[148],"belief":[150],"representing":[151],"joint":[153],"distribution":[154],"current":[158],"capabilities":[159],"strategy.":[162],"resulting":[164],"determining":[167],"how":[168],"cast":[177],"as":[178],"partially":[180],"observable":[181],"Markov":[182],"decision":[183],"process.":[184],"To":[185],"deal":[186],"large":[189],"space,":[191],"develop":[193],"scalable":[195],"online":[196],"defense":[197,204,239],"algorithm":[198],"for":[199],"tracking":[200],"beliefs":[201],"prescribing":[203],"actions":[205],"context":[210],"provided":[211],"state,":[214],"efficiently":[219],"process":[220],"even":[223],"presence":[226],"high":[229],"rate":[230],"alarms.":[233],"behavior":[235],"computed":[238],"policy":[240],"demonstrated":[242],"illustrative":[245],"example.":[246]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":17},{"year":2021,"cited_by_count":16},{"year":2020,"cited_by_count":14},{"year":2019,"cited_by_count":11},{"year":2018,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}