TY - GEN
T1 - Dynamic policy-based IDS configuration
AU - Zhu, Quanyan
AU - Başar, Tamer
PY - 2009
Y1 - 2009
N2 - Intrusion Detection System (IDS) is an important security enforcement tool in modern networked information systems. Obtaining an optimal IDS configuration for effective detection of attacks is far from trivial. There exists a tradeoff between security enforcement levels and the performance of information systems. It is critical to configure an IDS in a dynamic and iterative fashion to balance the security overhead and system performance. In this paper, we use noncooperative game approaches to address this problem. We first build a fundamental game framework to model the zero-sum interactions between the detector and the attacker. Building on this platform, we then formulate a stochastic game model in which the transitions between system states are determined by the actions chosen by both players. An optimal policy-based configuration can be found by minimizing a discounted cost criterion, using an iterative method. In addition, we propose a Q-learning algorithm to find the optimal game values when the transitions between system states are unknown. We show the convergence of the algorithm to the optimal Q-function and illustrate the concepts by simulation.
AB - Intrusion Detection System (IDS) is an important security enforcement tool in modern networked information systems. Obtaining an optimal IDS configuration for effective detection of attacks is far from trivial. There exists a tradeoff between security enforcement levels and the performance of information systems. It is critical to configure an IDS in a dynamic and iterative fashion to balance the security overhead and system performance. In this paper, we use noncooperative game approaches to address this problem. We first build a fundamental game framework to model the zero-sum interactions between the detector and the attacker. Building on this platform, we then formulate a stochastic game model in which the transitions between system states are determined by the actions chosen by both players. An optimal policy-based configuration can be found by minimizing a discounted cost criterion, using an iterative method. In addition, we propose a Q-learning algorithm to find the optimal game values when the transitions between system states are unknown. We show the convergence of the algorithm to the optimal Q-function and illustrate the concepts by simulation.
UR - http://www.scopus.com/inward/record.url?scp=77950838880&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77950838880&partnerID=8YFLogxK
U2 - 10.1109/CDC.2009.5399894
DO - 10.1109/CDC.2009.5399894
M3 - Conference contribution
AN - SCOPUS:77950838880
SN - 9781424438716
T3 - Proceedings of the IEEE Conference on Decision and Control
SP - 8600
EP - 8605
BT - Proceedings of the 48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009
Y2 - 15 December 2009 through 18 December 2009
ER -