Abstract
Due to cost considerations there must exist in intrusion detection system, a trade-off between the user’s ease of access and capability of detecting attacks. The proposed framework applies two game theoretic models for economic deployment of intrusion detection agent. The first scheme models and analyzes the interaction behaviors between an attacker and intrusion detection agent within a non-cooperative game, and then the security risk value is derived from the mixed strategy Nash equilibrium. The second scheme uses the security risk value to compute the Shapley value of intrusion detection agent while considering the various threat levels. Therefore, the efficient agent allocation creates a minimum set of deployment costs. The experimental results show that with the proposed two-stage game theoretic model, the network administrator can quantitatively evaluate the security risk of each IDS agent and easily select the most critical and effective IDS agent deployment to meet the various threat levels to the network.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alpcan, T., Basar, T. (2003). A game theoretic approach to decision and analysis in network intrusion detection, IEEE Conference on Decision and Control, 2595–2600.
Basar, T., Olsder, G. J. (1999). Dynamic Noncooperative Game Theory, Academic Press, Philadelphia, 87.
Burke, D. A. (1999). Towards a game theoretic model of information warfare. Masters Thesis, Air Force Institute of Technology, Air University.
Cai, J., Pooch, U. (2004). Allocate fair payoff for cooperation in wireless ad hoc networks using Shapley value, Proceedings of the 18th International Parallel and Distributed Processing Symposium, 219–227.
Cavusoglu, H., Mishra, B., Raghunathan, S. (2005). The value of intrusion detection systems in information technology security architecture, Information Systems Research, 16, 28–46.
Dixit, A. Skeath, S. (2001). Games of Strategy, W. W. Norton & Company.
Goemans, M. X., Skutella, M. (2004). Cooperative facility location games, Journal of Algorithms, 50, 194–214.
Keromytis, A. D., Vishal, M., Rubenstein, D. (2004). SOS: An architecture for mitigating DDoS attacks, IEEE Communications, 22, 176–188.
Kodialam, M. T., Lakshman, V. (2003). Detecting network intrusions via sampling: a game theoretic approach, INFOCOM, 2003, 1880–1889.
Liu, P., Zang, W. (2005). Incentive-based modeling and inference of attacker intent, objectives, and strategies, ACM Transactions on Information and System Security, 8, 78–118.
Liu, P., Li, L. (2002). A Game Theoretic Approach to Attack Prediction, Technical Report, Penn State University.
Lye, K. W., Wing, J. (2005). Game strategies in network security, International Journal of Information Security, 4, 71–86.
Martin, O. J., Ariel, R. (1994). A Course in Game Theory, MIT Press, Cambridge.
McKelvey, R. D., Andrew, M. M., and Turocy, T. L. (2007). Gambit: Software Tools for Game Theory, http://econweb.tamu.edu/gambit.
Mel, P., Hu, V., Lippmann, R. J., Zissman, H. M. (2002). An Overview of Issues in Testing Intrusion Detection Systems, NIST, Gaithersburg, MD.
Mishra, D., Rangarajan, B. (2005). Cost sharing in a job scheduling problem using the Shapley value, Proceedings of the 6th ACM Conference on Electronic Commerce, 232–239.
Owen, G. (2001). Game Theory, 3rd ed. Academic Press, New York.
Parsons, S., Wooldridge, M. (2002). Game theory and decision theory in multi-agent systems, Autonomous Agents and Multi-Agent Systems, 5, 243–254.
Schechter, S. E. (2004). Computer Security Strength and Risk: A Quantitative Approach, PhD Thesis, Harvard University.
Schechter, S. E. (2005). Toward econometric models of the security risk from remote attacks, IEEE Security & Privacy, 3(1), 40–44.
Shaw, D. S., Post, J. M., Ruby, K. G. (1999). Inside the minds of the insider, Security Management, 43, 34–44.
Symantec Corporation, http://www.symantec.com/index.jsp.
Zolezzi, J. M., Rudnick, H. (2002). Transmission cost allocation by cooperative games and coalition formation, IEEE Transactions on Power Systems, 41, 1008–1015.
Zou, C. C., Gong, W. Towsley, D. (2002). Code red worm propagation modeling and analysis, In: Proceedings of the 9th ACM Symposium, 138–147.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Chen, YM., Wu, D., Wu, CK. (2010). A Game Theoretic Framework for Multi-agent Deployment in Intrusion Detection Systems. In: Yang, C., Chau, M., Wang, JH., Chen, H. (eds) Security Informatics. Annals of Information Systems, vol 9. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-1325-8_7
Download citation
DOI: https://doi.org/10.1007/978-1-4419-1325-8_7
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-1324-1
Online ISBN: 978-1-4419-1325-8
eBook Packages: Computer ScienceComputer Science (R0)