TY - GEN
T1 - Configuration of the Detection Function in a Distributed IDS Using Game Theory
AU - Weill, Clement
AU - Olivereau, Alexis
AU - Zeghlache, Djamal
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/2/1
Y1 - 2020/2/1
N2 - With the rise of the Internet-of-Things, networks are becoming abundant and diverse in nature. Classical solutions to defend such networks, such as firewalls or access control, cannot scale appropriately. The use of Intrusion Detection Systems, especially networked-based, is widespread as a means to compensate for these shortcomings. Yet, the resources to monitor each network individually, grows considerably with the number of networks and the number of different attacks. To solve this issue, we present a distributed network IDS composed of several probes that monitor the different networks. Each probe of the IDS has access to a large number of detection libraries for signature-based detection, as well as our own anomaly-based detection library. However using these detection mechanisms has a cost on each probe, the choice of network to monitor and of the libraries to use, is a complex one that depends on the attacker's strategies and the goals of the defender. To optimize the detection function at every step, this paper models the choices as a two-player nonzero-sum game between the attackers of the network and the IDS's configuration. There are several papers in the literature that use game theory to find optimal configurations of distributed IDS. Those works have been extended here and through a thorough analysis of our framework, we have established guidelines for IDSs.
AB - With the rise of the Internet-of-Things, networks are becoming abundant and diverse in nature. Classical solutions to defend such networks, such as firewalls or access control, cannot scale appropriately. The use of Intrusion Detection Systems, especially networked-based, is widespread as a means to compensate for these shortcomings. Yet, the resources to monitor each network individually, grows considerably with the number of networks and the number of different attacks. To solve this issue, we present a distributed network IDS composed of several probes that monitor the different networks. Each probe of the IDS has access to a large number of detection libraries for signature-based detection, as well as our own anomaly-based detection library. However using these detection mechanisms has a cost on each probe, the choice of network to monitor and of the libraries to use, is a complex one that depends on the attacker's strategies and the goals of the defender. To optimize the detection function at every step, this paper models the choices as a two-player nonzero-sum game between the attackers of the network and the IDS's configuration. There are several papers in the literature that use game theory to find optimal configurations of distributed IDS. Those works have been extended here and through a thorough analysis of our framework, we have established guidelines for IDSs.
KW - Agent
KW - Communication
KW - Context
KW - Event
KW - Matching
KW - Profile
U2 - 10.1109/ICIN48450.2020.9059373
DO - 10.1109/ICIN48450.2020.9059373
M3 - Conference contribution
AN - SCOPUS:85084042986
T3 - 2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops, ICIN 2020
SP - 210
EP - 215
BT - 2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops, ICIN 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops, ICIN 2020
Y2 - 24 February 2020 through 27 February 2020
ER -