Dynamic policy-based IDS configuration

Quanyan Zhu, Tamer Başar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Intrusion Detection System (IDS) is an important security enforcement tool in modern networked information systems. Obtaining an optimal IDS configuration for effective detection of attacks is far from trivial. There exists a tradeoff between security enforcement levels and the performance of information systems. It is critical to configure an IDS in a dynamic and iterative fashion to balance the security overhead and system performance. In this paper, we use noncooperative game approaches to address this problem. We first build a fundamental game framework to model the zero-sum interactions between the detector and the attacker. Building on this platform, we then formulate a stochastic game model in which the transitions between system states are determined by the actions chosen by both players. An optimal policy-based configuration can be found by minimizing a discounted cost criterion, using an iterative method. In addition, we propose a Q-learning algorithm to find the optimal game values when the transitions between system states are unknown. We show the convergence of the algorithm to the optimal Q-function and illustrate the concepts by simulation.

Original languageEnglish (US)
Title of host publicationProceedings of the 48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages8600-8605
Number of pages6
ISBN (Print)9781424438716
DOIs
StatePublished - 2009
Event48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009 - Shanghai, China
Duration: Dec 15 2009Dec 18 2009

Publication series

NameProceedings of the IEEE Conference on Decision and Control
ISSN (Print)0743-1546
ISSN (Electronic)2576-2370

Other

Other48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009
Country/TerritoryChina
CityShanghai
Period12/15/0912/18/09

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Modeling and Simulation
  • Control and Optimization

Fingerprint

Dive into the research topics of 'Dynamic policy-based IDS configuration'. Together they form a unique fingerprint.

Cite this