Game theoretic models for detecting network intrusions

In this paper, we study using game theory the problem of detecting intrusions in wired infrastructure networks. Detection is accomplished by sampling a subset of the transmitted packets over selected network links or router interfaces. Given a total sampling budget, our framework aims at developing a network packet sampling strategy to effectively reduce the success chances of an intruder. We consider two different scenarios: (1) A well informed intruder divides his attack over multiple packets in order to increase his chances of successfully intruding a target domain. (2) Different cooperating intruders distribute the attack among themselves each send their attack fragments to the target node. Each of the packets containing a fragment of the attack is transmitted through a different path using multi-path routing, where each path is selected with a different probability. Knowing that, if these packets are independently analyzed then the intrusion will not be detected, i.e., a series of packets form an intrusion. To the best of our knowledge, there has not been any work done for the case where the attack is split over multiple packets or distributed over cooperative intruders using game theory. Non-cooperative game theory is used to formally express the problem, where the two players are: (1) the smart intruder or the cooperative intruders (depends on which scenario we are solving) and (2) the Intrusion Detection System (IDS). Our game theoretic framework will guide the intruder or the intruders to know their attack strategy and the IDS to have an optimal sampling strategy in order to detect the malicious packets.

[1]  P. Morris Introduction to Game Theory , 1994 .

[2]  Sajal K. Das,et al.  Intrusion detection in sensor networks: a non-cooperative game approach , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[3]  Mechthild Stoer,et al.  A simple min-cut algorithm , 1997, JACM.

[4]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[5]  Kenneth Steiglitz,et al.  Combinatorial Optimization: Algorithms and Complexity , 1981 .

[6]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[7]  Sandip Sen,et al.  Agent-Based Distributed Intrusion Alert System , 2004, IWDC.

[8]  Murali S. Kodialam,et al.  Detecting network intrusions via sampling: a game theoretic approach , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[9]  Ian F. Akyildiz,et al.  Wireless sensor networks: a survey , 2002, Comput. Networks.

[10]  Tae Woong Yoon,et al.  Proceedings of the 43rd IEEE Conference on Decision and Control , 2004 .

[11]  Roger B. Myerson,et al.  Game theory - Analysis of Conflict , 1991 .

[12]  M. Willem Minimax Theorems , 1997 .

[13]  Ravindra K. Ahuja,et al.  Network Flows: Theory, Algorithms, and Applications , 1993 .

[14]  Simson L. Garfinkel,et al.  Practical UNIX and Internet Security , 1996 .

[15]  Vishal Sharma,et al.  Framework for Multi-Protocol Label Switching (MPLS)-based Recovery , 2003, RFC.

[16]  Vincent Conitzer,et al.  Computing Shapley Values, Manipulating Value Division Schemes, and Checking Core Membership in Multi-Issue Domains , 2004, AAAI.

[17]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2005, ACM Trans. Inf. Syst. Secur..

[18]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[19]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).