Skip to main content
SpringerLink
Log in

Indices of Power in Optimal IDS Default Configuration: Theory and Examples

  • Conference paper
Decision and Game Theory for Security (GameSec 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7037))

Included in the following conference series:

Abstract

Intrusion Detection Systems (IDSs) are becoming essential to protecting modern information infrastructures. The effectiveness of an IDS is directly related to the computational resources at its disposal. However, it is difficult to guarantee especially with an increasing demand of network capacity and rapid proliferation of attacks. On the other hand, modern intrusions often come as sequences of attacks to reach some predefined goals. It is therefore critical to identify the best default IDS configuration to attain the highest possible overall protection within a given resource budget. This paper proposes a game theory based solution to the problem of optimal signature-based IDS configuration under resource constraints. We apply the concepts of indices of power, namely, Shapley value and Banzhaf-Coleman index, from cooperative game theory to quantify the influence or contribution of libraries in an IDS with respect to given attack graphs. Such valuations take into consideration the knowledge on common attack graphs and experienced system attacks and are used to configure an IDS optimally at its default state by solving a knapsack optimization problem.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bartholdi, J., Kemahlioglu-Ziya, E.: Using Shapley value to allocate savings in a supply chain. Supply Chain Optimization 98, 169–208 (2006)

    Article  MATH  Google Scholar 

  2. Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Predicting the Resource Consumption of Network Intrusion Detection Systems. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 135–154. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  3. Foo, B., Wu, Y.S., Mao, Y.C., Bagchi, S., Spafford, E.: ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment. In: Proc. of International Conference on Dependable Systems and Networks (DSN), June 28-July 1, pp. 508–517 (2005)

    Google Scholar 

  4. Gaffney Jr., J.E., Ulvila, J.: Evaluation of intrusion detectors: a decision theory approach. In: Proc. of the IEEE Symposium on Security and Privacy (S&P), pp. 50–61 (2001)

    Google Scholar 

  5. Ghassemi, F., Krishnamurthy, V.: A cooperative game-theoretic measurement allocation algorithm for localization in unattended ground sensor networks. In: Proc. of International Conference on Information Fusion (2008)

    Google Scholar 

  6. Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Proc. of the 2nd ASIAN ACM Symposium on Information, Computer and Communications Security, p. 2 (2007)

    Google Scholar 

  7. Lippmann, R.P., Ingols, K.: An annotated review of past papers on attack graphs. Tech. rep. MIT (March 31, 2005)

    Google Scholar 

  8. Martello, S., Paolo, T.: Knapsack Problems: Algorithms and Computer Implementations. John Wiley and Sons (1990)

    Google Scholar 

  9. Mehta, V., Bartzis, C., Zhu, H., Clarke, E., Wing, J.: Ranking Attack Graphs. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 127–144. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Noel, S., Jajodia, S.: Optimal IDS sensor placement and alert prioritization using attack graphs. J. Netw. Syst. Manage. 16(3), 259–275 (2008)

    Article  Google Scholar 

  11. Owen, G.: Game Theory, 3rd edn. Academic Press (1995)

    Google Scholar 

  12. Paxson, V.: Bro: a system for detecting network intruders in real-time. In: Proc. of the 7th Conference on USENIX Security Symposium (1998)

    Google Scholar 

  13. Roesch, M.: Snort–lightweight intrusion detection for networks. In: Proc. of the 13th Large Systems Administration Conference, LISA 1999 (1999)

    Google Scholar 

  14. Schaelicke, L., Slabach, T., Moore, B., Freeland, C.: Characterizing the Performance of Network Intrusion Detection Sensors. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 155–172. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Schear, N., Albrecht, D.R., Borisov, N.: High-speed Matching of Vulnerability Signatures. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 155–174. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proc. of IEEE Symposium on Security and Privacy, pp. 273–284 (2002)

    Google Scholar 

  17. Sheyner, O.: Tools for Generating and Analyzing Attack Graphs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2003. LNCS, vol. 3188, pp. 344–371. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  18. Sinha, S., Jahanian, F., Patel, J.M.: WIND: Workload-Aware Intrusion Detection. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 290–310. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  19. Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: Proc. of DARPA Information Survivability Conference & Exposition II, DISCEX 2001, vol. 2 (2001)

    Google Scholar 

  20. Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P., Ioannidis, S.: Gnort: High Performance Network Intrusion Detection Using Graphics Processors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 116–134. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  21. Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Comput. Commun. 29(18), 3812–3824 (2006)

    Article  Google Scholar 

  22. Zhu, Q., Başar, T.: Dynamic policy-based IDS configuration. In: Proc. of the 48th IEEE Conference on Decision and Control (CDC), held jointly with the 2009 28th Chinese Control Conference (CCC), pp. 8600–8605 (December 2009)

    Google Scholar 

  23. Zhu, Q., Tembine, H., Başar, T.: Network security configurations: A nonzero-sum stochastic game approach. In: Proc. of American Control Conference (ACC), June 30-July 2, pp. 1059–1064 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Coordinated Science Laboratory and Department of Electrical and Computer Engineering, University of Illinois at Urbana Champaign, 1308 W. Main St., Urbana, IL, USA, 61801

    Quanyan Zhu & Tamer Başar

Authors
  1. Quanyan Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tamer Başar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Maryland, College Park, 20742, Maryland, MD, USA

    John S. Baras  & Jonathan Katz  & 

  2. INRIA, 335 Chemin des Combes, 84140, Montfavet, France

    Eitan Altman

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhu, Q., Başar, T. (2011). Indices of Power in Optimal IDS Default Configuration: Theory and Examples. In: Baras, J.S., Katz, J., Altman, E. (eds) Decision and Game Theory for Security. GameSec 2011. Lecture Notes in Computer Science, vol 7037. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25280-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25280-8_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25279-2

  • Online ISBN: 978-3-642-25280-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation