Abstract
In this paper, the game theoretical analysis method is presented to provide optimal strategies for anomaly-based intrusion detection systems (A-IDS). A two-stage game model is established to represent the interactions between the attackers and defenders. In the first stage, the players decide to do actions or keep silence, and in the second stage, attack intensity and detection threshold are considered as two important strategic variables for the attackers and defenders, respectively. The existence, uniqueness, and explicit computation of the Nash equilibrium are analyzed and obtained by considering six different scenarios, from which the optimal detection and attack actions are provided. Numerical examples are provided to validate our theoretical results.
Highlights
Nowadays, network devices and communication services are vulnerable to various kinds of intrusion attacks, such as DoS/ DDoS, false data injection, and botnet attacks. e intrusion attacks tend to be more intelligent and the unexpected attack modes arise frequently
As one of the most important techniques to tackle with various attacks, anomaly-based intrusion detection system (A-IDS) has been widely adopted in almost all kinds of network environments [1, 2]
A number of results on game theory-based intrusion detection methods have been reported for different network environments and security requirements
Summary
Network devices and communication services are vulnerable to various kinds of intrusion attacks, such as DoS/ DDoS, false data injection, and botnet attacks. e intrusion attacks tend to be more intelligent and the unexpected attack modes arise frequently. For intelligent APT attacks, the attackers often disguise themselves as no attack happens, which may make the detector to not always preciously identify the malicious actions To handle these uncertainties, Bayesian games are Security and Communication Networks considered in intrusion detection by updating the defender’s belief to her/his opponent based on the past behaviors [12,13,14,15]. Ough attack intensity and detection threshold are two important factors affecting the false and missing alarm rates, which correspond to the payoffs of attackers and defenders in an intrusion detection game, they are seldom considered in the aforementioned results.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
