A Proposal for Kelly CriterionBased Lossy Network Compression
Technical Report,01 Aug 2014,31 Aug 2015
US Army Research Laboratory Aberdeen Proving Ground United States
Pagination or Media Count:
This proposal describes the development of a Kelly criterioninspired compression algorithm to be used in distributed network intrusion detection applications. Most of these applications only send alerts to the central analysis servers. These alerts do not provide the forensic capability that the analysts require to determine if this is an actual or attempted intrusion. Standard lossless compression algorithms do not reduce the size of the traffic enough to prevent negatively impacting the site. Kellys algorithm instructs a gambler how much to bet based upon the chance of winning and the potential payoff. There has been a significant amount of research into anomaly detection algorithms that will provide some indications of the maliciousness of a network session. We propose to combine expert knowledge, data mining, and best of breed anomaly detection algorithms to determine the likelihood that a session is malicious or the chance of winning. Further, we propose using a Kelly criterioninspired algorithm to select the amount of bandwidth or wealth for each session. We expect that this will minimize the total amount of traffic we transmit while maximizing the amount of malicious traffic we transmit.
- Computer Systems Management and Standards