Indices of power in optimal IDS default configuration: theory and examples. (English) Zbl 1349.68018
Baras, John S. (ed.) et al., Decision and game theory for security. Second international conference, GameSec 2011, College Park, MD, Maryland, USA, November 14–15, 2011. Proceedings. Berlin: Springer (ISBN 978-3-642-25279-2/pbk). Lecture Notes in Computer Science 7037, 7-21 (2011).
Summary: Intrusion Detection Systems (IDSs) are becoming essential to protecting modern information infrastructures. The effectiveness of an IDS is directly related to the computational resources at its disposal. However, it is difficult to guarantee especially with an increasing demand of network capacity and rapid proliferation of attacks. On the other hand, modern intrusions often come as sequences of attacks to reach some predefined goals. It is therefore critical to identify the best default IDS configuration to attain the highest possible overall protection within a given resource budget. This paper proposes a game theory based solution to the problem of optimal signature-based IDS configuration under resource constraints. We apply the concepts of indices of power, namely, Shapley value and Banzhaf-Coleman index, from cooperative game theory to quantify the influence or contribution of libraries in an IDS with respect to given attack graphs. Such valuations take into consideration the knowledge on common attack graphs and experienced system attacks and are used to configure an IDS optimally at its default state by solving a knapsack optimization problem.
For the entire collection see [Zbl 1225.68008].
For the entire collection see [Zbl 1225.68008].
MSC:
| 68M10 | Network design and communication in computer systems |
| 90C27 | Combinatorial optimization |
| 91A12 | Cooperative games |
| 91A80 | Applications of game theory |
Keywords:
intrusion detection systems; IDS configuration; cooperative games; Shapley value; Banzhaf-Coleman indexReferences:
| [1] | Bartholdi, J., Kemahlioglu-Ziya, E.: Using Shapley value to allocate savings in a supply chain. Supply Chain Optimization 98, 169–208 (2006) · Zbl 1126.90003 · doi:10.1007/0-387-26281-4_6 |
| [2] | Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Predicting the Resource Consumption of Network Intrusion Detection Systems. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 135–154. Springer, Heidelberg (2008) · doi:10.1007/978-3-540-87403-4_8 |
| [3] | Foo, B., Wu, Y.S., Mao, Y.C., Bagchi, S., Spafford, E.: ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment. In: Proc. of International Conference on Dependable Systems and Networks (DSN), June 28-July 1, pp. 508–517 (2005) |
| [4] | Gaffney Jr., J.E., Ulvila, J.: Evaluation of intrusion detectors: a decision theory approach. In: Proc. of the IEEE Symposium on Security and Privacy (S&P), pp. 50–61 (2001) · doi:10.1109/SECPRI.2001.924287 |
| [5] | Ghassemi, F., Krishnamurthy, V.: A cooperative game-theoretic measurement allocation algorithm for localization in unattended ground sensor networks. In: Proc. of International Conference on Information Fusion (2008) |
| [6] | Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Proc. of the 2nd ASIAN ACM Symposium on Information, Computer and Communications Security, p. 2 (2007) · doi:10.1145/1229285.1229288 |
| [7] | Lippmann, R.P., Ingols, K.: An annotated review of past papers on attack graphs. Tech. rep. MIT (March 31, 2005) |
| [8] | Martello, S., Paolo, T.: Knapsack Problems: Algorithms and Computer Implementations. John Wiley and Sons (1990) · Zbl 0708.68002 |
| [9] | Mehta, V., Bartzis, C., Zhu, H., Clarke, E., Wing, J.: Ranking Attack Graphs. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 127–144. Springer, Heidelberg (2006) · doi:10.1007/11856214_7 |
| [10] | Noel, S., Jajodia, S.: Optimal IDS sensor placement and alert prioritization using attack graphs. J. Netw. Syst. Manage. 16(3), 259–275 (2008) · doi:10.1007/s10922-008-9109-x |
| [11] | Owen, G.: Game Theory, 3rd edn. Academic Press (1995) · Zbl 1284.91004 |
| [12] | Paxson, V.: Bro: a system for detecting network intruders in real-time. In: Proc. of the 7th Conference on USENIX Security Symposium (1998) |
| [13] | Roesch, M.: Snort–lightweight intrusion detection for networks. In: Proc. of the 13th Large Systems Administration Conference, LISA 1999 (1999) |
| [14] | Schaelicke, L., Slabach, T., Moore, B., Freeland, C.: Characterizing the Performance of Network Intrusion Detection Sensors. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 155–172. Springer, Heidelberg (2003) · doi:10.1007/978-3-540-45248-5_9 |
| [15] | Schear, N., Albrecht, D.R., Borisov, N.: High-speed Matching of Vulnerability Signatures. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 155–174. Springer, Heidelberg (2008) · doi:10.1007/978-3-540-87403-4_9 |
| [16] | Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proc. of IEEE Symposium on Security and Privacy, pp. 273–284 (2002) · doi:10.1109/SECPRI.2002.1004377 |
| [17] | Sheyner, O.: Tools for Generating and Analyzing Attack Graphs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2003. LNCS, vol. 3188, pp. 344–371. Springer, Heidelberg (2004) · Zbl 1104.68424 · doi:10.1007/978-3-540-30101-1_17 |
| [18] | Sinha, S., Jahanian, F., Patel, J.M.: WIND: Workload-Aware Intrusion Detection. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 290–310. Springer, Heidelberg (2006) · doi:10.1007/11856214_15 |
| [19] | Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: Proc. of DARPA Information Survivability Conference & Exposition II, DISCEX 2001, vol. 2 (2001) · doi:10.1109/DISCEX.2001.932182 |
| [20] | Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P., Ioannidis, S.: Gnort: High Performance Network Intrusion Detection Using Graphics Processors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 116–134. Springer, Heidelberg (2008) · doi:10.1007/978-3-540-87403-4_7 |
| [21] | Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Comput. Commun. 29(18), 3812–3824 (2006) · doi:10.1016/j.comcom.2006.06.018 |
| [22] | Zhu, Q., Başar, T.: Dynamic policy-based IDS configuration. In: Proc. of the 48th IEEE Conference on Decision and Control (CDC), held jointly with the 2009 28th Chinese Control Conference (CCC), pp. 8600–8605 (December 2009) · doi:10.1109/CDC.2009.5399894 |
| [23] | Zhu, Q., Tembine, H., Başar, T.: Network security configurations: A nonzero-sum stochastic game approach. In: Proc. of American Control Conference (ACC), June 30-July 2, pp. 1059–1064 (2010) |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
