A game-theoretical approach to incentive design in collaborative intrusion detection networks

Traditional intrusion detection systems (IDSs) work in isolation and may be easily compromised by new threats. An intrusion detection network (IDN) is a collaborative IDS network intended to overcome this weakness by allowing IDS peers to share collective knowledge and experience, hence improve the overall accuracy of intrusion assessment. In this work, we design an incentive model based on trust management by using game theory for peers to collaborate truthfully without free-riding in an IDN environment. We show the existence and uniqueness of a Nash equilibrium under which peers can communicate in an incentive compatible manner. Using duality of the problem, we develop an iterative algorithm that converges geometrically to the equilibrium. Our numerical experiments and discrete event simulation demonstrate the convergence to the Nash equilibrium and the incentives of the resource allocation design.

[1]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[2]  T. Başar,et al.  An Intrusion Detection Game with Limited Observations , 2005 .

[3]  Rituparna Chaki,et al.  HIDS: Honesty-Rate Based Collaborative Intrusion Detection System for Mobile Ad-Hoc Networks , 2008, 2008 7th Computer Information Systems and Industrial Management Applications.

[4]  David K. Y. Yau,et al.  A game theoretic approach to provide incentive and service differentiation in P2P networks , 2004, SIGMETRICS '04/Performance '04.

[5]  Nahid Shahmehri,et al.  A Trust-Aware, P2P-Based Overlay for Intrusion Detection , 2006, 17th International Workshop on Database and Expert Systems Applications (DEXA'06).

[6]  A. Berman,et al.  2. Nonnegative Matrices , 1994 .

[7]  Dimitri P. Bertsekas,et al.  Network optimization : continuous and discrete models , 1998 .

[8]  Raouf Boutaba,et al.  Robust and scalable trust management for collaborative intrusion detection , 2009, 2009 IFIP/IEEE International Symposium on Integrated Network Management.

[9]  E. Maasland,et al.  Auction Theory , 2021, Springer Texts in Business and Economics.

[10]  Somesh Jha,et al.  Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[11]  David K. Y. Yau,et al.  Incentive and service differentiation in P2P networks: a game theoretic approach , 2006, TNET.

[12]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[13]  George S. Fishman,et al.  Discrete-Event Simulation : Modeling, Programming, and Analysis , 2001 .

[14]  John S. Baras,et al.  Malicious Users in Unstructured Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[15]  Saurabh Bagchi,et al.  Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[16]  Cristina Comaniciu,et al.  A Bayesian game approach for intrusion detection in wireless ad hoc networks , 2006, GameNets '06.

[17]  T. Başar,et al.  Dynamic Noncooperative Game Theory, 2nd Edition , 1998 .

[18]  Raouf Boutaba,et al.  Trust Management for Host-Based Collaborative Intrusion Detection , 2008, DSOM.

[19]  T. Başar,et al.  Dynamic Noncooperative Game Theory , 1982 .

[20]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[21]  George S. Fishman,et al.  Discrete-event simulation , 2001 .

[22]  Ehab Al-Shaer,et al.  Ranking-Based Optimal Resource Allocation in Peer-to-Peer Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[23]  C. Leckie,et al.  A peer-to-peer collaborative intrusion detection system , 2005, 2005 13th IEEE International Conference on Networks Jointly held with the 2005 IEEE 7th Malaysia International Conf on Communic.

[24]  Andrew T. Campbell,et al.  Peering and provisioning of differentiated Internet services , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).