Collaborative IDS Configuration: A Two-Layer Game-Theoretical Approach

Abstract

As information systems become ubiquitous, Intrusion Detection Systems (IDSs) have assumed increasing importance. As a result, substantial amount of research efforts have been devoted to developing various intrusion detection algorithms. However, there is still no single detection algorithm that can catch all possible attacks. On the other hand, it is infeasible for practical IDSs to run all the detection algorithms simultaneously due to resource limitation, leaving potential opportunities for the adversaries to explore. This resource scarcity problem becomes more severe when the system is in an ill state (e.g., partially compromised). Enabling collaboration among multiple IDSs may be a viable way to mitigate this problem. Particularly, IDSs in the healthy state can share some of their idle computational resources to those in ill states, so as to improve the overall intrusion detection performance. Considering this, the collaborative IDS configuration problem is formulated as a two-layer stochastic game (SG) in this work and a new algorithm is proposed to solve this two-layer SG. Simulation results show that the proposed algorithm can provide an effective collaborative configuration scheme, leading to significant detection performance gain. Some performance analysis has also been given, and the conditions under which there is a guaranteed improvement in expected system performance have been derived.