Skip to main content

Game Theoretical Adaptation Model for Intrusion Detection System

  • Conference paper
Advances on Practical Applications of Agents and Multi-Agent Systems

Part of the book series: Advances in Intelligent and Soft Computing ((AINSC,volume 155))

Abstract

We present a self-adaptation mechanism for Network Intrusion Detection System which uses a game-theoretical mechanism to increase system robustness against targeted attacks on IDS adaptation. We model the adaptation process as a strategy selection in sequence of single stage, two player games. The key innovation of our approach is a secure runtime game definition and numerical solution and real-time use of game solutions for dynamic system reconfiguration. Our approach is suited for realistic environments where we typically lack any ground truth information regarding traffic legitimacy/maliciousness and where the significant portion of system inputs may be shaped by the attacker in order to render the system ineffective. Therefore, we rely on the concept of challenge insertion: we inject a small sample of simulated attacks into the unknown traffic and use the system response to these attacks to define the game structure and utility functions. This approach is also advantageous from the security perspective, as the manipulation of the adaptive process by the attacker is far more difficult. Our experimental results suggest that the use of game-theoretical mechanism comes with little or no penalty when compared to traditional self-adaptation methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Rehák, M., Staab, E., Fusenig, V., Pechoucek, M., Grill, M., Stiborek, J., Bartos, K., Engel, T.: Runtime monitoring and dynamic reconfiguration for intrusion detection systems. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) Proceedings of 12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009, Saint-Malo, France, September 23-25, pp. 61–80 (2009)

    Google Scholar 

  2. Kayacik, H.G., Zincir-Heywood, A.N.: Mimicry attacks demystified: What can attackers do to evade detection? In: Annual Conference on Privacy, Security and Trust, pp. 213–223 (2008)

    Google Scholar 

  3. Rubinstein, B.I.P., Nelson, B., Huang, L., Joseph, A.D., Lau, S.-h., Taft, N., Tygar, J.D.: Evading Anomaly Detection through Variance Injection Attacks on PCA. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 394–395. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  4. Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure? In: ASIACCS 2006: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 16–25. ACM, New York (2006)

    Chapter  Google Scholar 

  5. Chen, L., Leneutre, J.: A game theoretical framework on intrusion detection in heterogeneous networks. IEEE Transactions on Information Forensics and Security 4, 165–178 (2009)

    Article  Google Scholar 

  6. Blum, A., Mansour, Y.: Learning, regret minimization and equilibria. In: Nisan, N., Roughgarden, T., Tardos, E., Vazirani, V. (eds.) Algorithmic Game Theory, pp. 79–101. Cambridge University Press (2007)

    Google Scholar 

  7. Alpcan, T., Başar, T.: A game theoretic approach to decision and analysis in network intrusion detection. In: Proceedings of the 42nd IEEE Conference on Decision and Control, Maui, HI, pp. 2595–2600 (2003)

    Google Scholar 

  8. Alpcan, T., BaÅŸar, T.: An intrusion detection game with limited observations. In: 12th Int. Symp. on Dynamic Games and Applications, Sophia Antipolis, France (2006)

    Google Scholar 

  9. Liu, Y., Comaniciu, C., Man, H.: A bayesian game approach for intrusion detection in wireless ad hoc networks. In: GameNets 2006: Proceeding from the 2006 Workshop on Game Theory for Communications and Networks, p. 4. ACM, New York (2006)

    Chapter  Google Scholar 

  10. Wagener, G., State, R., Dulaunoy, A., Engel, T.: Self Adaptive High Interaction Honeypots Driven by Game Theory. In: Guerraoui, R., Petit, F. (eds.) SSS 2009. LNCS, vol. 5873, pp. 741–755. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  11. Rehak, M., Staab, E., Pechoucek, M., Stiborek, J., Grill, M., Bartos, K.: Dynamic information source selection for intrusion detection systems. In: Decker, K.S., Sichman, J.S., Sierra, C., Castelfranchi, C. (eds.) Proceedings of the 8th International Conference on Autonomous Agents and Multiagent Systems (AAMAS 2009), pp. 1009–1016. IFAAMAS (2009)

    Google Scholar 

  12. Rehák, M., Pechoucek, M., Grill, M., Stiborek, J., BartoÅ¡, K., Celeda, P.: Adaptive multiagent system for network traffic monitoring. IEEE Intelligent Systems 24, 16–25 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jan Stiborek .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Stiborek, J., Grill, M., Rehak, M., Bartos, K., Jusko, J. (2012). Game Theoretical Adaptation Model for Intrusion Detection System. In: Demazeau, Y., Müller, J., Rodríguez, J., Pérez, J. (eds) Advances on Practical Applications of Agents and Multi-Agent Systems. Advances in Intelligent and Soft Computing, vol 155. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28786-2_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28786-2_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28785-5

  • Online ISBN: 978-3-642-28786-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics