Computing the Nash Equilibria of Intruder Classification Games

  • Lemonia Dritsoula
  • Patrick Loiseau
  • John Musacchio
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7638)


We investigate the problem of classifying an intruder of two different types (spy or spammer). The classification is based on the number of file server and mail server attacks a network defender observes during a fixed window. The spammer naively attacks (with a known distribution) his main target: the mail server. The spy strategically selects the number of attacks on his main target: the file server. The defender strategically selects his classification policy: a threshold on the number of file server attacks. We first develop parameterized families of payoff functions for both players and analyze the Nash equilibria of the noncooperative nonzero-sum game. We analyze the strategic interactions of the two players and the tradeoffs each one of them faces: The defender chooses a classification threshold that balances the cost of missed detections and false alarms while the spy seeks to hit the file server as much as possible while still evading detection. We give a characterization of the Nash equilibria in mixed strategies, and demonstrate how the Nash equilibria can be computed in polynomial time. We give two examples of the general model, one that involves forensics on the side of the defender and one that does not. Finally, we evaluate how investments in forensics and data logging could improve the Nash equilibrium payoff of the defender.


Nash equilibria intruder classification polynomial complexity 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dritsoula, L., Loiseau, P., Musacchio, J.: A game-theoretic approach for finding optimal strategies in an intruder classification game. To Appear in Proc. of the 51th IEEE Conf. Decision and Control (CDC) (December 2012)Google Scholar
  2. 2.
    Cyber Security Research Report, Bit9 (2012)Google Scholar
  3. 3.
    TMT Global Security Study Key Findings, Deloitte (2011)Google Scholar
  4. 4.
    Manshaei, M.H., Zhu, Q., Alpcan, T., Basar, T., Hubaux, J.-P.: Game Theory Meets Network Security and Privacy, Ecole Polytechnique Federale de Lausanne (EPFL). Tech. Rep. EPFL-REPORT-151965 (April 2011)Google Scholar
  5. 5.
    Alpcan, T., Başar, T.: A Game Theoretic Approach to Decision and Analysis in Network Intrusion Detection. In: Proc. of the 42nd IEEE Conf. Decision and Control, pp. 2595–2600 (December 2003)Google Scholar
  6. 6.
    Chen, L., Leneutre, J.: A game theoretical framework on intrusion detection in heterogeneous networks. IEEE Transactions on Information Forensics and Security 4(2), 165–178 (2009)CrossRefGoogle Scholar
  7. 7.
    Gueye, A., Walrand, J.C., Anantharam, V.: A Network Topology Design Game: How to Choose Communication Links in an Adversarial Environment? In: GameNets (April 2011)Google Scholar
  8. 8.
    Gueye, A.: A Game Theoretical Approach to Communication Security. PhD dissertation. University of California, Berkeley, Electrical Engineering and Computer Sciences (March 2011)Google Scholar
  9. 9.
    Dalvi, N., Domingos, P., Mausam, Sanghai, S., Verma, D.: Adversarial classification. In: Proc. of the ACM SIGKDD, pp. 99–108 (2004)Google Scholar
  10. 10.
    Luenberger, D.G.: Linear and Nonlinear Programming, 2nd edn. Addison-Wesley (1984)Google Scholar
  11. 11.
    Gambit, Gambit game theory analysis software and tools, (2002)
  12. 12.
    Nash, J.: Non-Cooperative Games. The Annals of Mathematics 54(2), 286–295 (1951)MathSciNetzbMATHCrossRefGoogle Scholar
  13. 13.
    Grant, M., Boyd, S.: CVX: Matlab software for disciplined convex programming, version 1.21. ../../cvx (April 2011)Google Scholar
  14. 14.
    Grant, M., Boyd, S.: Graph implementations for nonsmooth convex programs. In: Blondel, V., Boyd, S., Kimura, H. (eds.) Recent Advances in Learning and Control. LNCIS, vol. 371, pp. 95–110. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Lemonia Dritsoula
    • 1
  • Patrick Loiseau
    • 2
  • John Musacchio
    • 1
  1. 1.UC Santa CruzSanta CruzUSA
  2. 2.EURECOMSophia-AntipolisFrance

Personalised recommendations