A game-based intrusion detection mechanism to confront internal attackers

 
This item is provided by the institution :
Technological Educational Institute of Athens
Repository :
Ypatia - Institutional Repository
see the original item page
in the repository's web site and access all digital files if the item*
share




2010 (EN)
A game-based intrusion detection mechanism to confront internal attackers (EN)

Κατσικάς, Σωκράτης Κ. (EL)
Καντζάβελου, Ιωάννα (EL)

Τεχνολογικό Εκπαιδευτικό Ίδρυμα Αθήνας. Σχολή Τεχνολογικών Εφαρμογών. Τμήμα Μηχανικών Πληροφορικής Τ.Ε. (EL)

Insiders might threaten organizations’ systems any time. By interacting with a system, an insider plays games with the security mechanisms employed to protect it. We apply game theory to model these interactions in an extensive form game that is being played repeatedly with an Intrusion Detection System (IDS). The outcomes of the game are quantified by first specifying players’ preferences, and then, by using the von Neumann–Morgenstern utility function, to assign numbers that reflect these preferences. Examining players’ best responses, the solution of the game follows by locating all the Nash Equilibria (NE). We extend the NE notion to the logit Quantal Response Equilibrium (QRE), to capture players’ bounded rationality and model insider’s behavior. The QRE results are more realistic, and show that the solution of the game might be significantly different than the corresponding NE solution. Thus, we determine how an insider will interact in the future, and how an IDS will react to protect the system. To easily exploit QRE results in ID, we propose the use of a detection mechanism. To present a possible implementation scheme of the detection mechanism, we give the application model and a detailed game-based detection algorithm. (EN)

journalArticle

Μηχανισμός ανίχνευσης (EN)
Detection mechanism (EN)
Intrusion detection (EN)
Ανίχνευσης εισβολής (EN)

ΤΕΙ Αθήνας (EL)
Technological Educational Institute of Athens (EN)

Computers & Security (EN)

English

2010

doi:10.1016/j.cose.2010.06.002

Elsevier B.V. (EN)



*Institutions are responsible for keeping their URLs functional (digital file, item page in repository site)