TY - GEN
T1 - Indices of power in optimal IDS default configuration
T2 - 2nd International Conference on Decision and Game Theory for Security, GameSec 2011
AU - Zhu, Quanyan
AU - Başar, Tamer
PY - 2011
Y1 - 2011
N2 - Intrusion Detection Systems (IDSs) are becoming essential to protecting modern information infrastructures. The effectiveness of an IDS is directly related to the computational resources at its disposal. However, it is difficult to guarantee especially with an increasing demand of network capacity and rapid proliferation of attacks. On the other hand, modern intrusions often come as sequences of attacks to reach some predefined goals. It is therefore critical to identify the best default IDS configuration to attain the highest possible overall protection within a given resource budget. This paper proposes a game theory based solution to the problem of optimal signature-based IDS configuration under resource constraints. We apply the concepts of indices of power, namely, Shapley value and Banzhaf-Coleman index, from cooperative game theory to quantify the influence or contribution of libraries in an IDS with respect to given attack graphs. Such valuations take into consideration the knowledge on common attack graphs and experienced system attacks and are used to configure an IDS optimally at its default state by solving a knapsack optimization problem.
AB - Intrusion Detection Systems (IDSs) are becoming essential to protecting modern information infrastructures. The effectiveness of an IDS is directly related to the computational resources at its disposal. However, it is difficult to guarantee especially with an increasing demand of network capacity and rapid proliferation of attacks. On the other hand, modern intrusions often come as sequences of attacks to reach some predefined goals. It is therefore critical to identify the best default IDS configuration to attain the highest possible overall protection within a given resource budget. This paper proposes a game theory based solution to the problem of optimal signature-based IDS configuration under resource constraints. We apply the concepts of indices of power, namely, Shapley value and Banzhaf-Coleman index, from cooperative game theory to quantify the influence or contribution of libraries in an IDS with respect to given attack graphs. Such valuations take into consideration the knowledge on common attack graphs and experienced system attacks and are used to configure an IDS optimally at its default state by solving a knapsack optimization problem.
KW - Banzhaf-Coleman Index
KW - Cooperative Games
KW - IDS Configuration
KW - Intrusion Detection Systems
KW - Shapley Value
UR - http://www.scopus.com/inward/record.url?scp=81755161449&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=81755161449&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-25280-8_3
DO - 10.1007/978-3-642-25280-8_3
M3 - Conference contribution
AN - SCOPUS:81755161449
SN - 9783642252792
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 7
EP - 21
BT - Decision and Game Theory for Security - Second International Conference, GameSec 2011, Proceedings
Y2 - 14 November 2011 through 15 November 2011
ER -