A0706
Title: Multi-attribute utility elicitation for real-time network anomaly detection
Authors: Fletcher Christensen - University of New Mexico (United States) [presenting]
Erin Schwertner-Watson - University of New Mexico (United States)
Lekha Patel - Sandia National Laboratories (United States)
Gabriel Huerta - Sandia National Laboratories (United States)
Douglas McGeehan - Sandia National Laboratories (United States)
Abstract: Identifying cyber attacks as they happen requires effective models for anomaly detection, but computational constraints may limit the space of features available in real-time. Multiple-criteria decision-making (MCDM) is a method for making decisions in situations where the utility of a decision is based on multiple criteria: for example, the accuracy of the model fit and computational burden. Statistical model selection traditionally identifies the `best' model in a candidate class, where model utility is operationalized as out-of-sample model fit and information criteria act as an effective proxy for out-of-sample model fit. The aim is to examine how AIC, a common information criterion, can be modified according to multi-attribute utility theory (MAUT) to select models according to both out-of-sample model fit and computational burden. Some simple classes of multi-attribute utilities and elicitation techniques for verifying that these utilities agree with expressed preferences and with the axioms of the von Neumann-Morgenstern utility theorem are discussed.