A Game Theoretical Framework on Intrusion Detection in Heterogeneous Networks

Due to the dynamic, distributed, and heterogeneous nature of today's networks, intrusion detection systems (IDSs) have become a necessary addition to the security infrastructure and are widely deployed as a complementary line of defense to classical security approaches. In this paper, we address the intrusion detection problem in heterogeneous networks consisting of nodes with different noncorrelated security assets. In our study, two crucial questions are: What are the expected behaviors of rational attackers? What is the optimal strategy of the defenders (IDSs)? We answer the questions by formulating the network intrusion detection as a noncooperative game and performing an in-depth analysis on the Nash equilibrium and the engineering implications behind. Based on our game theoretical analysis, we derive the expected behaviors of rational attackers, the minimum monitor resource requirement, and the optimal strategy of the defenders. We then provide guidelines for IDS design and deployment. We also show how our game theoretical framework can be applied to configure the intrusion detection strategies in realistic scenarios via a case study. Finally, we evaluate the proposed game theoretical framework via simulations. The simulation results show both the correctness of the analytical results and the effectiveness of the proposed guidelines.

[1]  Yu Liu,et al.  Modelling misbehaviour in ad hoc networks: a game theoretic approach for intrusion detection , 2006, Int. J. Secur. Networks.

[2]  Murali S. Kodialam,et al.  Detecting network intrusions via sampling: a game theoretic approach , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[3]  Symeon Papavassiliou,et al.  Network intrusion and fault detection: a statistical anomaly approach , 2002, IEEE Commun. Mag..

[4]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[5]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[6]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[7]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[8]  Sajal K. Das,et al.  Intrusion detection in sensor networks: a non-cooperative game approach , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[9]  Saswati Sarkar,et al.  A Statistical Framework for Intrusion Detection in Ad Hoc Networks , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[10]  Philip S. Yu,et al.  Cross-feature analysis for detecting ad-hoc routing anomalies , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[11]  J. Goodman Note on Existence and Uniqueness of Equilibrium Points for Concave N-Person Games , 1965 .

[12]  A. Patcha,et al.  A game theoretic approach to modeling intrusion detection in mobile ad hoc networks , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[13]  Jung-Min Park,et al.  A Game Theoretic Formulation for Intrusion Detection in Mobile Ad Hoc Networks , 2006, Int. J. Netw. Secur..

[14]  Roberto Tagliaferri,et al.  Fuzzy neural networks for classification and detection of anomalies , 1998, IEEE Trans. Neural Networks.