Networked IDS configuration in heterogeneous networks — A game theory approach

Abstract

Intrusion Detection Systems (IDSs) are an essential component of any network security architecture. Their importance is emphasized in today's heterogeneous and complex networks, where a variety of network assets are constantly subject to a large number of attacks. As the network traffic increases, the importance of proper IDS configuration is reinforced. For instance, the larger the number of detection libraries are, the larger number of attacks is expected to be detected. A larger number of libraries implies that the computational complexity is increased, which may reduce system performance. There is always a tradeoff between security enforcement level and system performance. Many papers in the literature have exploited Game theory to address this problem by including different factors in their proposed models. In this paper, we propose a game theoretic approach to determine the networked IDS configuration in heterogeneous networks. We utilize a more efficient way to tune IDS configuration, including library selection, based on the type and value of protected network assets; the interdependencies between assets are considered in the model. Unlike most existing methods, in the proposed game model the impact of each particular attack is considered to be different for each asset. The problem has been modeled as a non-cooperative multi-person nonzero-sum stochastic game. The existence of stationary Nash equilibrium for this game has been demonstrated.