Abstract
We present a distributed self-organized model for collaboration of multiple heterogeneous IDS sensors. The distributed model is based on a game-theoretical approach that optimizes behavior of each IDS sensor with respect to other sensors in highly dynamic environments. We propose a general formalization of the problem of distributed collaboration as a game between defenders and attackers and introduce ε-FIRE, a solution concept suitable for solving this game in highly dynamic environments.
Our experimental evaluation of the proposed collaboration model on real network traffic clearly shows improvements in the detection capabilities of all IDS sensors, allowing each system to specialize on particular network activities while not reducing the overall effectiveness. The concept of opponent aware, self-coordinating and strategically reasoning Network Intrusion Detection Networks allows effective collaboration of individual system defenders that may match a market-based collaboration structures of the attackers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cisco netflow, http://www.cisco.com/warp/public/732/tech/netflow
Aumann, R.: Correlated equilibrium as an expression of Bayesian rationality. Econometrica: Journal of the Econometric Society (1987)
Blum, A., Mansour, Y.: Learning, regret minimization and equilibria. In: Algorithmic Game Theory, ch. 4, pp. 79–101. Cambridge University Press (2007)
Debar, H., Curry, D., Feinstein, B.: The intrusion detection message exchange format (idmef). rfc 4765 March, (4765) (2007)
Elshoush, H.T., Osman, I.M.: Alert correlation in collaborative intelligent intrusion detection systems–a survey. Applied Soft Computing (2011)
Hart, S.: Adaptive Heuristics. Econometrica 73(5), 1401–1430 (2005)
Hart, S.: Nash equilibrium and dynamics. Discussion Paper Series dp490, Center for Rationality and Interactive Decision Theory, Hebrew University, Jerusalem (2008)
Hart, S., Mas-Colell, A.: A simple adaptive procedure leading to correlated equilibrium. Econometrica 68(5), 1127–1150 (2000)
Huynh, T.D., Jennings, N.R., Shadbolt, N.R.: Fire: An integrated trust and reputation model for open multi-agent systems. In: ECAI, pp. 18–22 (2004)
Nisan, N., Roughgarden, T., Tardos, E., Vazirani, V.V.: Algorithmic Game Theory. Cambridge University Press, New York (2007)
Rehak, M., Pechoucek, M., Grill, M., Stiborek, J., Bartos, K., Celeda, P.: Adaptive multiagent system for network traffic monitoring. IEEE Intelligent Systems 24(3), 16–25 (2009)
Shamma, J., Arslan, G.: Dynamic fictitious play, dynamic gradient play, and distributed convergence to Nash equilibria. IEEE Transactions on Automatic Control 50(3), 312–327 (2005)
Sutton, R.S., Barto, A.G.: Reinforcement Learning: An Introduction. The MIT Press (March 1998)
Wunder, M., Littman, M.L., Babes, M.: Classes of multiagent q-learning dynamics with epsilon-greedy exploration. In: ICML 2010, pp. 1167–1174 (2010)
Zinkevich, M., Johanson, M., Bowling, M.H., Piccione, C.: Regret minimization in games with incomplete information. In: Platt, J.C., Koller, D., Singer, Y., Roweis, S.T. (eds.) NIPS. MIT Press (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bartos, K., Rehak, M., Svoboda, M. (2013). Self-organized Collaboration of Distributed IDS Sensors. In: Flegel, U., Markatos, E., Robertson, W. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2012. Lecture Notes in Computer Science, vol 7591. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37300-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-37300-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37299-5
Online ISBN: 978-3-642-37300-8
eBook Packages: Computer ScienceComputer Science (R0)