An Intrusion Detection Game with Limited Observations

We present a2-player zero-sum stochastic (Markov) security game which m odels the interaction between malicious attackers to a system and the IDS who allocates sys tem resources for detection and response. We capture the operation of a sensor network observing and reporting th e attack information to the IDS as a finite Markov chain. Thus, we extend the game theoretic framework in [1] to a stoch astic and dynamic one. We analyze the outcomes and evolution of an example game numerically for various game pa rameters. Furthermore, we study limited information cases where players optimize their strategies offline or onl ine depending on the type of information available, using methods based on Markov decision process and Q-learning.

[1]  Michael L. Littman,et al.  Markov Games as a Framework for Multi-Agent Reinforcement Learning , 1994, ICML.

[2]  Dimitri P. Bertsekas,et al.  Dynamic Programming and Optimal Control, Two Volume Set , 1995 .

[3]  Michail G. Lagoudakis,et al.  Learning in Zero-Sum Team Markov Games Using Factored Value Functions , 2002, NIPS.

[4]  Keith B. Hall,et al.  Correlated Q-Learning , 2003, ICML.

[5]  Michael P. Wellman,et al.  Nash Q-Learning for General-Sum Stochastic Games , 2003, J. Mach. Learn. Res..

[6]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[7]  Sajal K. Das,et al.  Intrusion detection in sensor networks: a non-cooperative game approach , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[8]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[9]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[10]  Alain Dutech,et al.  Cooperation through communication in decentralized Markov games , 2004 .

[11]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2005, ACM Trans. Inf. Syst. Secur..

[12]  David S. Leslie,et al.  Individual Q-Learning in Normal Form Games , 2005, SIAM J. Control. Optim..

[13]  Michael L. Littman,et al.  Cyclic Equilibria in Markov Games , 2005, NIPS.