Search Problems in the Domain of Multiplication: Case Study on Anomaly Detection Using Markov Chains

Authors

  • Yisroel Mirsky Ben-Gurion University of the Negev
  • Aviad Cohen Ben-Gurion University of the Negev
  • Roni Stern Ben-Gurion University of the Negev
  • Ariel Felner Ben-Gurion University of the Negev
  • Lior Rokack Ben-Gurion University of the Negev
  • Yuval Elovici Ben-Gurion University of the Negev
  • Bracha Shapira Ben-Gurion University of the Negev

DOI:

https://doi.org/10.1609/socs.v6i1.18354

Keywords:

Multiplication domain search, anomaly detection, search space monotonicity, Markov Chains, network intrusion detection

Abstract

Most work in heuristic search focused on path finding problems in which the cost of a path in the state space is the sum of its edges' weights. This paper addresses a different class of path finding problems in which the cost of a path is the product of its weights. We present reductions from different classes of multiplicative path finding problems to suitable classes of additive path finding problems. As a case study, we consider the problem of finding least and most probable paths in a Markov Chain, where path cost corresponds to the probability of traversing it. The importance of this problem is demonstrated in an anomaly detection application for cyberspace security. Three novel anomaly detection metrics for Markov Chains are presented, where computing these metrics require finding least and most probable paths. The underlying Markov Chain is dynamically changing, and so fast methods for computing least and most probable paths are needed. We propose such methods based on the proposed reductions and using heuristic search algorithms.

SoCS 2015 Proceedings Cover

Downloads

Published

2021-09-01

Issue

Vol. 6 No. 1 (2015): Eighth Annual Symposium on Combinatorial Search

Section

Full Papers