TY - GEN
T1 - A malware detector placement game for intrusion detection
AU - Schmidt, Stephan
AU - Alpcan, Tansu
AU - Albayrak, Şahin
AU - Başar, Tamer
AU - Mueller, Achim
N1 - Funding Information:
Research supported and funded by Deutsche Telekom AG.
PY - 2008
Y1 - 2008
N2 - We propose and investigate a game-theoretic approach to the malware filtering and detector placement problem which arises in network security. Our main objective is to develop optimal detector algorithms taking into account attacker strategies and actions. Assuming rational and intelligent attackers, we present a two-person zero-sum non-cooperative Markov security game framework as a basis for modeling the interaction between the attackers who generate malware traffic on a network and a corresponding intrusion detection system (IDS). Thus, we establish a formal model of the detector placement problem based on game theory and derive optimal strategies for both players. In addition, we test the strategies obtained in a realistic agent-based network simulation environment and compare the results of static and dynamic placement scenarios. The obtained IDS strategies and the corresponding simulation results provide interesting insights into how to optimally deploy malware detectors in a network environment.
AB - We propose and investigate a game-theoretic approach to the malware filtering and detector placement problem which arises in network security. Our main objective is to develop optimal detector algorithms taking into account attacker strategies and actions. Assuming rational and intelligent attackers, we present a two-person zero-sum non-cooperative Markov security game framework as a basis for modeling the interaction between the attackers who generate malware traffic on a network and a corresponding intrusion detection system (IDS). Thus, we establish a formal model of the detector placement problem based on game theory and derive optimal strategies for both players. In addition, we test the strategies obtained in a realistic agent-based network simulation environment and compare the results of static and dynamic placement scenarios. The obtained IDS strategies and the corresponding simulation results provide interesting insights into how to optimally deploy malware detectors in a network environment.
KW - game theory
KW - monitor placement
KW - network-based intrusion detection
UR - http://www.scopus.com/inward/record.url?scp=77953711643&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77953711643&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-89173-4_26
DO - 10.1007/978-3-540-89173-4_26
M3 - Conference contribution
AN - SCOPUS:77953711643
SN - 3540890955
SN - 9783540890959
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 311
EP - 326
BT - Critical Information Infrastructures Security - Second International Workshop, CRITIS 2007, Revised Papers
T2 - 2nd International Workshop on Critical Information Infrastructure Security, CRITIS 2007
Y2 - 3 October 2007 through 5 October 2007
ER -