On Achieving Cost-Sensitive Anomaly Detection and Response in Mobile Ad Hoc Networks

In Mobile Ad Hoc Networks (MANET), anomaly detection and response system (ADRS) plays a paramount role in diagnosing anomalous events, which are resulted by both accidental system errors and intentional attacks. While a variety of ADRS is ready for deployment, there lacks a sound and formal way to examine their operational characteristics for selecting the most appropriate ones with particular concerns. To that end, this paper develops a decision-theoretical framework to identify the fundamental tradeoffs between the key evaluation metrics of ADRS in MANET, along with a formal method to optimize the overall performance of ADRS in terms of those metrics of concern. In particular, each ADRS sensor is treated as an autonomous agent, making its decision as the local operational environment and a global signal that estimates the performance of ADRS as a whole, in terms of detection performance (detection accuracy and false positive rate) and operational cost (detection cost and response cost). The theoretical framework then serves as a basis for developing policy gradient algorithms for practically and automatically inferring the optimal behavior of ADRS sensors. A set of simulations is conducted for validating the feasibility and evaluating the performance of our proposed framework.