Detecting network intrusions via sampling: a game theoretic approach
Murali Kodialam,T. V. Lakshman +1 more
- Vol. 3, pp 1880-1889
Reads0
Chats0
TLDR
This paper considers the problem of detecting an intruding packet in a communication network in a game theoretic framework, and develops sampling schemes that are optimal in thisgame theoretic setting.Abstract:
In this paper, we consider the problem of detecting an intruding packet in a communication network. Detection is accomplished by sampling a portion of the packets transiting selected network links (or router interfaces). Since sampling entails incurring network costs for real-time packet sampling and packet examination hardware, we would like to develop a network packet sampling strategy to effectively detect network intrusions while not exceeding a given total sampling budget. We consider this problem in a game theoretic framework, where the intruder picks paths (or the network ingress point if only shortest path routing is possible) to minimize chances of detection and where the network operator chooses a sampling strategy to maximize the chances of detection. We formulate the game theoretic problem, and develop sampling schemes that are optimal in this game theoretic setting.read more
Citations
More filters
Journal ArticleDOI
A survey on networking games in telecommunications
TL;DR: This survey summary summarizes different modeling and solution concepts of networking games, as well as a number of different applications in telecommunications that make use of or can make useof networking games.
Book
Network Security: A Decision and Game-Theoretic Approach
Tansu Alpcan,Tamer Baar +1 more
TL;DR: Covering attack detection, malware response, algorithm and mechanism design, privacy, and risk management, this comprehensive work applies unique quantitative models derived from decision, control, and game theories to understanding diverse network security problems.
Proceedings ArticleDOI
Optimal positioning of active and passive monitoring devices
TL;DR: A combinatorial view of the problem of assigning tap devices for passive monitoring and beacons for active monitoring is presented and complexity and approximability results are derived, as well as efficient and versatile Mixed Integer Programming (MIP) formulations.
Patent
Systems and Methods for Correlating and Distributing Intrusion Alert Information Among Collaborating Computer Systems
Salvatore J. Stolfo,Tal Malkin,Angelos D. Keromytis,Vishal Misra,Michael E. Locasto,Janak Parekh +5 more
TL;DR: In this paper, an alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems, and an alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule.
Proceedings ArticleDOI
A Bayesian game approach for intrusion detection in wireless ad hoc networks
TL;DR: A game theoretic framework to analyze the interactions between pairs of attacking/defending nodes using a Bayesian formulation and shows that the dynamic game produces energy-efficient monitoring strategies for the defender, while improving the overall hybrid detection power.
References
More filters
Book
Network Flows: Theory, Algorithms, and Applications
TL;DR: In-depth, self-contained treatments of shortest path, maximum flow, and minimum cost flow problems, including descriptions of polynomial-time algorithms for these core models are presented.
Proceedings ArticleDOI
Faster and simpler algorithms for multicommodity flow and other fractional packing problems
Naveen Garg,Jochen Könemann +1 more
TL;DR: This paper provides a different approach to these problems which yields faster and much simpler algorithms and allows us to substitute shortest path computations for min- cost flow computations in computing maximum concurrent flow and min-cost multicommodity flow.
Proceedings ArticleDOI
SRED: stabilized RED
TL;DR: It is shown that candidate rows thus identified indeed have a high posterior probability of taking a larger than average amount of bandwidth, and the mechanism can be used to identify flows that may be misbehaving.
Proceedings ArticleDOI
CHOKe - a stateless active queue management scheme for approximating fair bandwidth allocation
TL;DR: A simple packet dropping scheme, called CHOKe, that discriminates against the flows which submit more packets per second than is allowed by their fair share, which aims to approximate the fair queueing policy.
Journal ArticleDOI
The maximum concurrent flow problem
Farhad Shahrokhi,David W. Matula +1 more
TL;DR: A fully polynomial-time approximation scheme for the maximum concurrent flow problem is developed and the problem of associating costs to the edges so as to maximize the minimum-cost of routing the concurrent flow is the dual of the MCFP.
Related Papers (5)
A game theoretic approach to decision and analysis in network intrusion detection
Tansu Alpcan,Tamer Basar +1 more
Secure routing in wireless sensor networks: attacks and countermeasures
Chris Karlof,David Wagner +1 more