Indices of power in optimal IDS default configuration: Theory and examples

Quanyan Zhu, Tamer Başar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Intrusion Detection Systems (IDSs) are becoming essential to protecting modern information infrastructures. The effectiveness of an IDS is directly related to the computational resources at its disposal. However, it is difficult to guarantee especially with an increasing demand of network capacity and rapid proliferation of attacks. On the other hand, modern intrusions often come as sequences of attacks to reach some predefined goals. It is therefore critical to identify the best default IDS configuration to attain the highest possible overall protection within a given resource budget. This paper proposes a game theory based solution to the problem of optimal signature-based IDS configuration under resource constraints. We apply the concepts of indices of power, namely, Shapley value and Banzhaf-Coleman index, from cooperative game theory to quantify the influence or contribution of libraries in an IDS with respect to given attack graphs. Such valuations take into consideration the knowledge on common attack graphs and experienced system attacks and are used to configure an IDS optimally at its default state by solving a knapsack optimization problem.

Original languageEnglish (US)
Title of host publicationDecision and Game Theory for Security - Second International Conference, GameSec 2011, Proceedings
Pages7-21
Number of pages15
DOIs
StatePublished - 2011
Event2nd International Conference on Decision and Game Theory for Security, GameSec 2011 - College Park, MD, United States
Duration: Nov 14 2011Nov 15 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7037 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other2nd International Conference on Decision and Game Theory for Security, GameSec 2011
CountryUnited States
CityCollege Park, MD
Period11/14/1111/15/11

Keywords

  • Banzhaf-Coleman Index
  • Cooperative Games
  • IDS Configuration
  • Intrusion Detection Systems
  • Shapley Value

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Indices of power in optimal IDS default configuration: Theory and examples'. Together they form a unique fingerprint.

Cite this