A malware detector placement game for intrusion detection

Stephan Schmidt, Tansu Alpcan, Şahin Albayrak, Tamer Başar, Achim Mueller

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We propose and investigate a game-theoretic approach to the malware filtering and detector placement problem which arises in network security. Our main objective is to develop optimal detector algorithms taking into account attacker strategies and actions. Assuming rational and intelligent attackers, we present a two-person zero-sum non-cooperative Markov security game framework as a basis for modeling the interaction between the attackers who generate malware traffic on a network and a corresponding intrusion detection system (IDS). Thus, we establish a formal model of the detector placement problem based on game theory and derive optimal strategies for both players. In addition, we test the strategies obtained in a realistic agent-based network simulation environment and compare the results of static and dynamic placement scenarios. The obtained IDS strategies and the corresponding simulation results provide interesting insights into how to optimally deploy malware detectors in a network environment.

Original languageEnglish (US)
Title of host publicationCritical Information Infrastructures Security - Second International Workshop, CRITIS 2007, Revised Papers
Pages311-326
Number of pages16
DOIs
StatePublished - 2008
Event2nd International Workshop on Critical Information Infrastructure Security, CRITIS 2007 - Malaga, Spain
Duration: Oct 3 2007Oct 5 2007

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5141 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other2nd International Workshop on Critical Information Infrastructure Security, CRITIS 2007
Country/TerritorySpain
CityMalaga
Period10/3/0710/5/07

Keywords

  • game theory
  • monitor placement
  • network-based intrusion detection

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'A malware detector placement game for intrusion detection'. Together they form a unique fingerprint.

Cite this