GUIDEX: A Game-Theoretic Incentive-Based Mechanism for Intrusion Detection Networks

Traditional intrusion detection systems (IDSs) work in isolation and can be easily compromised by unknown threats. An intrusion detection network (IDN) is a collaborative IDS network intended to overcome this weakness by allowing IDS peers to share detection knowledge and experience, and hence improve the overall accuracy of intrusion assessment. In this work, we design an IDN system, called GUIDEX, using game-theoretic modeling and trust management for peers to collaborate truthfully and actively. We first describe the system architecture and its individual components, and then establish a game-theoretic framework for the resource management component of GUIDEX. We establish the existence and uniqueness of a Nash equilibrium under which peers can communicate in a reciprocal incentive compatible manner. Based on the duality of the problem, we develop an iterative algorithm that converges geometrically to the equilibrium. Our numerical experiments and discrete event simulation demonstrate the convergence to the Nash equilibrium and the security features of GUIDEX against free riders, dishonest insiders and DoS attacks.

[1]  T. Schelling The Strategy of Conflict , 1963 .

[2]  T. Schelling,et al.  The Strategy of Conflict. , 1961 .

[3]  Sanford J. Grossman,et al.  The free-rider problem and the theory of the corporation , 1980 .

[4]  T. Başar,et al.  Dynamic Noncooperative Game Theory , 1982 .

[5]  Aurel A. Lazar,et al.  Optimal Decentralized Flow Control of Markovian Queueing Networks with Multiple Controllers , 1991, Perform. Evaluation.

[6]  Aurel A. Lazar,et al.  On the existence of equilibria in noncooperative optimal flow control , 1995, JACM.

[7]  Jean Walrand,et al.  Fair end-to-end window-based congestion control , 1998, TNET.

[8]  T. Başar,et al.  Dynamic Noncooperative Game Theory, 2nd Edition , 1998 .

[9]  Dimitri P. Bertsekas,et al.  Network optimization : continuous and discrete models , 1998 .

[10]  Jean C. Walrand,et al.  Fair end-to-end window-based congestion control , 2000, TNET.

[11]  Christian Grothoff Resource allocation in peer-to-peer networks , 2003, Wirtsch..

[12]  Saurabh Bagchi,et al.  Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[13]  Rayadurgam Srikant,et al.  The Mathematics of Internet Congestion Control , 2003 .

[14]  David K. Y. Yau,et al.  A game theoretic approach to provide incentive and service differentiation in P2P networks , 2004, SIGMETRICS '04/Performance '04.

[15]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[16]  Somesh Jha,et al.  Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[17]  C. Leckie,et al.  A peer-to-peer collaborative intrusion detection system , 2005, 2005 13th IEEE International Conference on Networks Jointly held with the 2005 IEEE 7th Malaysia International Conf on Communic.

[18]  Christian Grothoff An Excess-Based Economic Model for Resource Allocation in Peer-to-Peer Networks , 2005 .

[19]  Cristina Comaniciu,et al.  A Bayesian game approach for intrusion detection in wireless ad hoc networks , 2006, GameNets '06.

[20]  Nahid Shahmehri,et al.  A Trust-Aware, P2P-Based Overlay for Intrusion Detection , 2006, 17th International Workshop on Database and Expert Systems Applications (DEXA'06).

[21]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[22]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[23]  Christos H. Papadimitriou,et al.  Free-riding and whitewashing in peer-to-peer systems , 2006, IEEE J. Sel. Areas Commun..

[24]  Christos H. Papadimitriou,et al.  Free-riding and whitewashing in peer-to-peer systems , 2004, IEEE Journal on Selected Areas in Communications.

[25]  Ehab Al-Shaer,et al.  Ranking-Based Optimal Resource Allocation in Peer-to-Peer Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[26]  John Aycock,et al.  Army of Botnets , 2007, NDSS.

[27]  Raouf Boutaba,et al.  Trust Management for Host-Based Collaborative Intrusion Detection , 2008, DSOM.

[28]  Quanyan Zhu,et al.  End‐to‐end DWDM optical link power‐control via a Stackelberg revenue‐maximizing model , 2008, Int. J. Netw. Manag..

[29]  Rituparna Chaki,et al.  HIDS: Honesty-Rate Based Collaborative Intrusion Detection System for Mobile Ad-Hoc Networks , 2008, 2008 7th Computer Information Systems and Industrial Management Applications.

[30]  Raouf Boutaba,et al.  Robust and scalable trust management for collaborative intrusion detection , 2009, 2009 IFIP/IEEE International Symposium on Integrated Network Management.

[31]  Quanyan Zhu,et al.  Dynamic policy-based IDS configuration , 2009, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[32]  Quanyan Zhu,et al.  Enabling differentiated services using generalized power control model in optical networks , 2009, IEEE Transactions on Communications.

[33]  Quanyan Zhu,et al.  A game-theoretical approach to incentive design in collaborative intrusion detection networks , 2009, 2009 International Conference on Game Theory for Networks.

[34]  Raouf Boutaba,et al.  Dirichlet-Based Trust Management for Effective Collaborative Intrusion Detection Networks , 2011, IEEE Transactions on Network and Service Management.

[35]  Quanyan Zhu,et al.  Indices of Power in Optimal IDS Default Configuration: Theory and Examples , 2011, GameSec.