MDP-AD: A Markov decision process-based adaptive framework for real-time detection of evolving and unknown network attacks

IF 6.2 2区工程技术 Q1 ENGINEERING, MULTIDISCIPLINARY

alexandria engineering journal Pub Date : 2025-05-05 DOI:10.1016/j.aej.2025.04.091

Fucai Luo, Tingfa Xu, Jianan Li, Fengxiang Xu

{"title":"MDP-AD: A Markov decision process-based adaptive framework for real-time detection of evolving and unknown network attacks","authors":"Fucai Luo, Tingfa Xu, Jianan Li, Fengxiang Xu","doi":"10.1016/j.aej.2025.04.091","DOIUrl":null,"url":null,"abstract":"<div><div>With the continuous development of network technology and the increasing complexity of application scenarios, network attacks have become more diverse and covert, posing significant challenges to system security. Traditional network security measures often struggle to detect and respond to rapidly evolving attack patterns in real time. Therefore, there is an urgent need for a new detection technology that can dynamically assess risks and adapt to changing environments. The Markov Decision Process (MDP) offers an effective and interpretable approach to sequential decision-making, providing a novel method for automatic network attack detection. This study proposes an automatic detection model based on MDP, which dynamically analyzes network traffic and system behavior while continuously improving detection accuracy through adaptive learning strategies. To evaluate the model's effectiveness, multiple experiments were conducted in various scenarios, achieving a maximum detection accuracy of 94.3 %. The results demonstrate that the proposed MDP-based detection model offers significant advantages in detection accuracy, response speed, and adaptability to unknown attacks.</div></div>","PeriodicalId":7484,"journal":{"name":"alexandria engineering journal","volume":"126 ","pages":"Pages 480-490"},"PeriodicalIF":6.2000,"publicationDate":"2025-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"alexandria engineering journal","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1110016825005885","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

Abstract

With the continuous development of network technology and the increasing complexity of application scenarios, network attacks have become more diverse and covert, posing significant challenges to system security. Traditional network security measures often struggle to detect and respond to rapidly evolving attack patterns in real time. Therefore, there is an urgent need for a new detection technology that can dynamically assess risks and adapt to changing environments. The Markov Decision Process (MDP) offers an effective and interpretable approach to sequential decision-making, providing a novel method for automatic network attack detection. This study proposes an automatic detection model based on MDP, which dynamically analyzes network traffic and system behavior while continuously improving detection accuracy through adaptive learning strategies. To evaluate the model's effectiveness, multiple experiments were conducted in various scenarios, achieving a maximum detection accuracy of 94.3 %. The results demonstrate that the proposed MDP-based detection model offers significant advantages in detection accuracy, response speed, and adaptability to unknown attacks.

查看原文本刊更多论文

MDP-AD：一种基于马尔可夫决策过程的自适应框架，用于实时检测不断发展和未知的网络攻击

随着网络技术的不断发展和应用场景的日益复杂，网络攻击变得更加多样化和隐蔽，对系统安全提出了重大挑战。传统的网络安全措施往往难以实时检测和响应快速发展的攻击模式。因此，迫切需要一种能够动态评估风险并适应不断变化的环境的新型检测技术。马尔可夫决策过程（MDP）为序列决策提供了一种有效且可解释的方法，为网络攻击自动检测提供了一种新的方法。本研究提出了一种基于MDP的自动检测模型，该模型动态分析网络流量和系统行为，同时通过自适应学习策略不断提高检测精度。为了评估模型的有效性，在不同场景下进行了多次实验，最大检测准确率为94.3 %。结果表明，基于mdp的检测模型在检测精度、响应速度和对未知攻击的适应性方面具有显著优势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

alexandria engineering journal Engineering-General Engineering

CiteScore

11.20

自引率

4.40%

发文量

1015

审稿时长

43 days

期刊介绍： Alexandria Engineering Journal is an international journal devoted to publishing high quality papers in the field of engineering and applied science. Alexandria Engineering Journal is cited in the Engineering Information Services (EIS) and the Chemical Abstracts (CA). The papers published in Alexandria Engineering Journal are grouped into five sections, according to the following classification: • Mechanical, Production, Marine and Textile Engineering • Electrical Engineering, Computer Science and Nuclear Engineering • Civil and Architecture Engineering • Chemical Engineering and Applied Sciences • Environmental Engineering