Dynamic IDS Configuration in the Presence of Intruder Type Uncertainty

Intrusion detection systems (IDSs) assume increasingly importance in past decades as information systems become ubiquitous. Despite the abundance of intrusion detection algorithms developed so far, there is still no single detection algorithm or procedure that can catch all possible intrusions; also, simultaneously running all these algorithms may not be feasible for practical IDSs due to resource limitation. For these reasons, effective IDS configuration becomes crucial for real-time intrusion detection. However, the uncertainty in the intruder's type and the (often unknown) dynamics involved with the target system pose challenges to IDS configuration. Considering these challenges, the IDS configuration problem is formulated as an incomplete information stochastic game in this work, and a new algorithm, Bayesian Nash-Q learning, that combines conventional reinforcement learning with a Bayesian type identification procedure is proposed. Numerical results show that the proposed algorithm can identify the intruder's type with high fidelity and provide effective configuration.

[1]  Xiaofan He,et al.  Systematization of metrics in intrusion detection systems , 2015, HotSoS.

[2]  Jung-Min Park,et al.  A Game Theoretic Formulation for Intrusion Detection in Mobile Ad Hoc Networks , 2006, Int. J. Netw. Secur..

[3]  Michael P. Wellman,et al.  Nash Q-Learning for General-Sum Stochastic Games , 2003, J. Mach. Learn. Res..

[4]  Prabir Bhattacharya,et al.  A Cooperative Approach for Analyzing Intrusions in Mobile Ad hoc Networks , 2007, 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07).

[5]  Cristina Comaniciu,et al.  A Bayesian game approach for intrusion detection in wireless ad hoc networks , 2006, GameNets '06.

[6]  Quanyan Zhu,et al.  Dynamic policy-based IDS configuration , 2009, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[7]  Peng Ning,et al.  A stochastic multi-channel spectrum access game with incomplete information , 2015, 2015 IEEE International Conference on Communications (ICC).

[8]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[9]  Anthony Ephremides,et al.  Jamming games in wireless networks with incomplete information , 2011, IEEE Communications Magazine.

[10]  R. Jagannathan,et al.  A prototype real-time intrusion-detection expert system , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[11]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[12]  Peng Ning,et al.  Improving learning and adaptation in security games by exploiting information asymmetry , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[13]  Σωκράτης Κ. Κατσικάς,et al.  A game-based intrusion detection mechanism to confront internal attackers , 2015 .

[14]  Lin Chen,et al.  A Game Theoretical Framework on Intrusion Detection in Heterogeneous Networks , 2009, IEEE Transactions on Information Forensics and Security.

[15]  L. S. Shapley,et al.  17. A Value for n-Person Games , 1953 .

[16]  Bart De Schutter,et al.  A Comprehensive Survey of Multiagent Reinforcement Learning , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[17]  Quanyan Zhu,et al.  Distributed strategic learning with application to network security , 2011, Proceedings of the 2011 American Control Conference.

[18]  Ravi Sankar,et al.  A Survey of Intrusion Detection Systems in Wireless Sensor Networks , 2014, IEEE Communications Surveys & Tutorials.

[19]  Wei He,et al.  A Game Theoretical Attack-Defense Model Oriented to Network Security Risk Assessment , 2008, CSSE.

[20]  Francis Minhthang Bui,et al.  A Game-Theoretic Framework for Robust Optimal Intrusion Detection in Wireless Sensor Networks , 2014, IEEE Transactions on Information Forensics and Security.

[21]  K. J. Ray Liu,et al.  An anti-jamming stochastic game for cognitive radio networks , 2011, IEEE Journal on Selected Areas in Communications.