An Intrusion Detection Game Theoretical Model

ABSTRACT We propose, in this article, a game theoretical model for Host-based Intrusion Detection Systems (HIDS). The main drawbacks of existing HIDSs, such as Swatch, are the high computation cost in detection and the generation of false alarms. These limitations are not acceptable in resource-limited systems such as wireless mobile devices. We address these issues by applying game theory to HIDSs, so that HIDSs can discover potential attackers with lower computation cost and false alarm rates. To achieve that, we explore two solutions: The Bayesian model and the Dempster-Shafer (DS) model where the identity of the attacker is unknown. Such type of models can be used in Mobile Ad hoc Networks (MANET) where the sender identity is unknown. They help to determine the belief value that determines whether a sender is misbehaving or not. Our novel contribution in this article is a hybrid model that combines the Bayesian and DS models for decreasing false positives and detecting accurately an attacker. Our simulation results show the benefits from the combination of these two models regarding the posterior belief function that is used for increasing the possibility of intrusion detection.

[1]  Rahul Khanna,et al.  Control theoretic approach to intrusion detection using a distributed hidden Markov model , 2008, IEEE Wireless Communications.

[2]  Prabir Bhattacharya,et al.  Game theoretic models for detecting network intrusions , 2008, Comput. Commun..

[3]  Cristina Comaniciu,et al.  A Bayesian game approach for intrusion detection in wireless ad hoc networks , 2006, GameNets '06.

[4]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[5]  A. Robert Calderbank,et al.  Reverse-Engineering MAC: A Non-Cooperative Game Model , 2007, IEEE Journal on Selected Areas in Communications.

[6]  A. Patcha,et al.  A game theoretic approach to modeling intrusion detection in mobile ad hoc networks , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[7]  Zhu Wei-wei Network Security Behavior Model Based on Dynamic Non-Cooperative Game Model with Incomplete Information , 2006 .

[8]  Glenn Shafer,et al.  A Mathematical Theory of Evidence , 2020, A Mathematical Theory of Evidence.

[9]  John S. Baras,et al.  Intrusion Detection System Resiliency to Byzantine Attacks: The Case Study of Wormholes in OLSR , 2007, MILCOM 2007 - IEEE Military Communications Conference.

[10]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[11]  Lijun Chen,et al.  A Game-Theoretic Framework for Medium Access Control , 2008, IEEE Journal on Selected Areas in Communications.

[12]  Prabir Bhattacharya On the Dempster-Shafer evidence theory and non-hierarchical aggregation of belief structures , 2000, IEEE Trans. Syst. Man Cybern. Part A.

[13]  Wenke Lee,et al.  A cooperative intrusion detection system for ad hoc networks , 2003, SASN '03.

[14]  Zhuge Jian,et al.  A Network Anomaly Detector Based on the D-S Evidence Theory , 2006 .

[15]  Prabir Bhattacharya,et al.  A Moderate to Robust Game Theoretical Model for Intrusion Detection in MANETs , 2008, 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications.