A game theoretic approach to efficient mixed strategies for intrusion detection

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

19 Scopus citations

Abstract

As information technology evolves, and as more intrusion detection (ID) techniques are developed, security architects face the problem of effectively integrating various detection techniques to improve overall detection performance while maintain a high level of efficiency in network operation. In this paper, we consider the problem of optimal intrusion detection strategy in a network environment where multiple ID techniques are deployed. We first formulate a zero-sum attacker/defender game. The objective of the defender is to decide an optimal mixed strategy (i.e., a distribution over a set of strategies with each corresponding to the use of a particular ID technique) that maximizes his expected detection gain. In contrast, the objective of the attacker is to decide an optimal mixed strategy (i.e., a distribution over a set of strategies with each corresponding to a specific attack type or anomaly pattern) that minimizes his expected detection loss. The minmax theorem guarantees an optimal equilibrium strategy pair, which provides a valuable quantitative measure of the contributions from different ID techniques to the overall detection efficiency. Such information can assist security architects in understanding the effectiveness of these techniques, and in selecting the appropriate intrusion detection techniques according to the expected attacks. We also formulate a non-zero-sum noncooperative attacker/defender game where the payoffs of players are non-strictly competitive. We show that this game achieves at least one Nash equilibrium that leads to a defense strategy for the defender. Examples are presented and discussed both analytically and numerically.

Original languageEnglish
Title of host publication2006 IEEE International Conference on Communications, ICC 2006
Pages2201-2206
Number of pages6
DOIs
StatePublished - 2006
Event2006 IEEE International Conference on Communications, ICC 2006 - Istanbul, Turkey
Duration: 11 Jul 200615 Jul 2006

Publication series

NameIEEE International Conference on Communications
Volume5
ISSN (Print)0536-1486

Conference

Conference2006 IEEE International Conference on Communications, ICC 2006
Country/TerritoryTurkey
CityIstanbul
Period11/07/0615/07/06

Fingerprint

Dive into the research topics of 'A game theoretic approach to efficient mixed strategies for intrusion detection'. Together they form a unique fingerprint.

Cite this