Game-theoretic resource allocation for malicious packet detection in computer networks

We study the problem of optimal resource allocation for packet selection and inspection to detect potential threats in large computer networks with multiple computers of differing importance. An attacker tries to harm these targets by sending malicious packets from multiple entry points of the network; the defender thus needs to optimally allocate her resources to maximize the probability of malicious packet detection under network latency constraints. We formulate the problem as a graph-based security game with multiple resources of heterogeneous capabilities and propose a mathematical program for finding optimal solutions. We also propose Grande, a novel polynomial time algorithm that uses an approximated utility function to circumvent the limited scalability caused by the attacker's large strategy space and the non-linearity of the aforementioned mathematical program. Grande computes solutions with bounded error and scales up to problems of realistic sizes.

[1]  Murali S. Kodialam,et al.  Detecting network intrusions via sampling: a game theoretic approach , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[2]  G. Nemhauser,et al.  Maximizing Submodular Set Functions: Formulations and Analysis of Algorithms* , 1981 .

[3]  Y. Freund,et al.  Adaptive game playing using multiplicative weights , 1999 .

[4]  Vincent Conitzer,et al.  Security Games with Multiple Attacker Resources , 2011, IJCAI.

[5]  Vincent Conitzer,et al.  Computing the optimal strategy to commit to , 2006, EC '06.

[6]  Jorge J. Moré,et al.  The NEOS Server , 1998 .

[7]  Andreas Krause,et al.  Near-optimal Observation Selection using Submodular Functions , 2007, AAAI.

[8]  L. Schrage Optimization Modeling With LINDO , 1997 .

[9]  Sarit Kraus,et al.  Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games , 2008, AAMAS.

[10]  Vincent Conitzer,et al.  A double oracle algorithm for zero-sum security games on graphs , 2011, AAMAS.

[11]  Shaddin Dughmi Submodular Functions: Extensions, Distributions, and Algorithms. A Survey , 2009, ArXiv.

[12]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[13]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[14]  Matt Bishop,et al.  Attack class: address spoofing , 1997 .

[15]  Vincent Conitzer,et al.  Multi-Step Multi-Sensor Hider-Seeker Games , 2009, IJCAI.

[16]  Prabir Bhattacharya,et al.  Game theoretic models for detecting network intrusions , 2008, Comput. Commun..

[17]  Manish Jain,et al.  Software Assistants for Randomized Patrol Planning for the LAX Airport Police and the Federal Air Marshal Service , 2010, Interfaces.

[18]  Andreas Krause,et al.  Randomized Sensing in Adversarial Environments , 2011, IJCAI.

[19]  Tansu Alpcan,et al.  Network Security , 2010 .

[20]  Lin Chen,et al.  A Game Theoretical Framework on Intrusion Detection in Heterogeneous Networks , 2009, IEEE Transactions on Information Forensics and Security.

[21]  Milind Tambe,et al.  GUARDS: game theoretic security allocation on a national scale , 2011, AAMAS.

[22]  Jan Vondrák,et al.  Optimal approximation for the submodular welfare problem in the value oracle model , 2008, STOC.