A game theoretic approach to decision and analysis in network intrusion detection

We investigate the basic trade-offs, analysis and decision processes involved in information security and intrusion detection, as well as possible application of game theoretic concepts to develop a formal decision and control framework. A generic model of a distributed intrusion detection system (IDS) with a network of sensors is considered, and two schemes based on game theoretic techniques are proposed. The security warning system is simple and easy-to-implement, and it gives system administrators an intuitive overview of the security situation in the network. The security attack game, on the other hand, models and analyzes attacker and IDS behavior within a two-person, nonzero-sum, noncooperative game with dynamic information. Nash equilibrium solutions in closed form are obtained for specific subgames, and two illustrative examples are provided.

[1]  Andrew P. Moore,et al.  Foundations for Survivable Systems Engineering , 2002 .

[2]  Ming-Yuh Huang,et al.  A large scale distributed intrusion detection framework based on attack strategy analysis , 1999, Comput. Networks.

[3]  Samuel N. Hamilton,et al.  The Role of Game Theory in Information Warfare , 2002 .

[4]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[5]  E. Rabinovitch The neverending saga of internet security: why? how? and what to do next? , 2001 .

[6]  Vasant Honavar,et al.  Intelligent agents for intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[7]  Matthias Klusch,et al.  Coalition Formation in a Power Transmission Planning Enviornment , 1997 .

[8]  T. Başar,et al.  Dynamic Noncooperative Game Theory, 2nd Edition , 1998 .

[9]  Samuel N. Hamilton,et al.  Challenges in Applying Game Theory to the Domain of Information Warfare , 2001 .

[10]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[11]  Peter Mell,et al.  Intrusion Detection Systems , 2001 .

[12]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[13]  T. Başar,et al.  Dynamic Noncooperative Game Theory , 1982 .

[14]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .