Abstract
Intrusion Detection Systems (IDSs) are becoming essential to protecting modern information infrastructures. The effectiveness of an IDS is directly related to the computational resources at its disposal. However, it is difficult to guarantee especially with an increasing demand of network capacity and rapid proliferation of attacks. On the other hand, modern intrusions often come as sequences of attacks to reach some predefined goals. It is therefore critical to identify the best default IDS configuration to attain the highest possible overall protection within a given resource budget. This paper proposes a game theory based solution to the problem of optimal signature-based IDS configuration under resource constraints. We apply the concepts of indices of power, namely, Shapley value and Banzhaf-Coleman index, from cooperative game theory to quantify the influence or contribution of libraries in an IDS with respect to given attack graphs. Such valuations take into consideration the knowledge on common attack graphs and experienced system attacks and are used to configure an IDS optimally at its default state by solving a knapsack optimization problem.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bartholdi, J., Kemahlioglu-Ziya, E.: Using Shapley value to allocate savings in a supply chain. Supply Chain Optimization 98, 169–208 (2006)
Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Predicting the Resource Consumption of Network Intrusion Detection Systems. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 135–154. Springer, Heidelberg (2008)
Foo, B., Wu, Y.S., Mao, Y.C., Bagchi, S., Spafford, E.: ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment. In: Proc. of International Conference on Dependable Systems and Networks (DSN), June 28-July 1, pp. 508–517 (2005)
Gaffney Jr., J.E., Ulvila, J.: Evaluation of intrusion detectors: a decision theory approach. In: Proc. of the IEEE Symposium on Security and Privacy (S&P), pp. 50–61 (2001)
Ghassemi, F., Krishnamurthy, V.: A cooperative game-theoretic measurement allocation algorithm for localization in unattended ground sensor networks. In: Proc. of International Conference on Information Fusion (2008)
Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Proc. of the 2nd ASIAN ACM Symposium on Information, Computer and Communications Security, p. 2 (2007)
Lippmann, R.P., Ingols, K.: An annotated review of past papers on attack graphs. Tech. rep. MIT (March 31, 2005)
Martello, S., Paolo, T.: Knapsack Problems: Algorithms and Computer Implementations. John Wiley and Sons (1990)
Mehta, V., Bartzis, C., Zhu, H., Clarke, E., Wing, J.: Ranking Attack Graphs. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 127–144. Springer, Heidelberg (2006)
Noel, S., Jajodia, S.: Optimal IDS sensor placement and alert prioritization using attack graphs. J. Netw. Syst. Manage. 16(3), 259–275 (2008)
Owen, G.: Game Theory, 3rd edn. Academic Press (1995)
Paxson, V.: Bro: a system for detecting network intruders in real-time. In: Proc. of the 7th Conference on USENIX Security Symposium (1998)
Roesch, M.: Snort–lightweight intrusion detection for networks. In: Proc. of the 13th Large Systems Administration Conference, LISA 1999 (1999)
Schaelicke, L., Slabach, T., Moore, B., Freeland, C.: Characterizing the Performance of Network Intrusion Detection Sensors. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 155–172. Springer, Heidelberg (2003)
Schear, N., Albrecht, D.R., Borisov, N.: High-speed Matching of Vulnerability Signatures. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 155–174. Springer, Heidelberg (2008)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proc. of IEEE Symposium on Security and Privacy, pp. 273–284 (2002)
Sheyner, O.: Tools for Generating and Analyzing Attack Graphs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2003. LNCS, vol. 3188, pp. 344–371. Springer, Heidelberg (2004)
Sinha, S., Jahanian, F., Patel, J.M.: WIND: Workload-Aware Intrusion Detection. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 290–310. Springer, Heidelberg (2006)
Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: Proc. of DARPA Information Survivability Conference & Exposition II, DISCEX 2001, vol. 2 (2001)
Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P., Ioannidis, S.: Gnort: High Performance Network Intrusion Detection Using Graphics Processors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 116–134. Springer, Heidelberg (2008)
Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Comput. Commun. 29(18), 3812–3824 (2006)
Zhu, Q., Başar, T.: Dynamic policy-based IDS configuration. In: Proc. of the 48th IEEE Conference on Decision and Control (CDC), held jointly with the 2009 28th Chinese Control Conference (CCC), pp. 8600–8605 (December 2009)
Zhu, Q., Tembine, H., Başar, T.: Network security configurations: A nonzero-sum stochastic game approach. In: Proc. of American Control Conference (ACC), June 30-July 2, pp. 1059–1064 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhu, Q., Başar, T. (2011). Indices of Power in Optimal IDS Default Configuration: Theory and Examples. In: Baras, J.S., Katz, J., Altman, E. (eds) Decision and Game Theory for Security. GameSec 2011. Lecture Notes in Computer Science, vol 7037. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25280-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-25280-8_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25279-2
Online ISBN: 978-3-642-25280-8
eBook Packages: Computer ScienceComputer Science (R0)