Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

An Intrusion Detection Game with Limited Observations

Summary: An Intrusion Detection Game
with Limited Observations
Tansu Alpcan1
and Tamer Bas¸ar2
We present a 2-player zero-sum stochastic (Markov) security game which models the interaction between
malicious attackers to a system and the IDS who allocates system resources for detection and response. We capture
the operation of a sensor network observing and reporting the attack information to the IDS as a finite Markov chain.
Thus, we extend the game theoretic framework in [1] to a stochastic and dynamic one. We analyze the outcomes and
evolution of an example game numerically for various game parameters. Furthermore, we study limited information
cases where players optimize their strategies offline or online depending on the type of information available, using
methods based on Markov decision process and Q-learning.
Intrusion detection systems (IDSs) monitor various events in a networked system and analyze them
for signs of security compromises [2]. By extending the information security paradigm beyond traditional
protective (e.g. firewalls) and reactive measures (e.g. virus and malware detection), they increase the ability
of the system administrator to control the system, and help him or her better manage its security [3]. In
recent years an increasing number of security related problems in networked systems have resulted in
a surge of interest and research in this area. However, the majority of the earlier literature on intrusion
detection (ID) relies on ad-hoc schemes and experimental work. We believe that a quantitative decision


Source: Alpcan, Tansu - Deutsche Telekom Laboratories & Technische Universität Berlin


Collections: Engineering