Abstract
We propose and investigate a game-theoretic approach to the malware filtering and detector placement problem which arises in network security. Our main objective is to develop optimal detector algorithms taking into account attacker strategies and actions. Assuming rational and intelligent attackers, we present a two-person zero-sum non-cooperative Markov security game framework as a basis for modeling the interaction between the attackers who generate malware traffic on a network and a corresponding intrusion detection system (IDS). Thus, we establish a formal model of the detector placement problem based on game theory and derive optimal strategies for both players. In addition, we test the strategies obtained in a realistic agent-based network simulation environment and compare the results of static and dynamic placement scenarios. The obtained IDS strategies and the corresponding simulation results provide interesting insights into how to optimally deploy malware detectors in a network environment.
Research supported and funded by Deutsche Telekom AG.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Horton, J.D., Lopez-Ortiz, A.: On the number of distributed measurement points for network tomography. In: IMC 2003: Proc. of the 3rd ACM SIGCOMM conf. on Internet measurement, pp. 204–209. ACM Press, New York (2003)
Jamin, S., Cheng, J., Yixin, J., Raz, D., Shavitt, Y., Lhixia, Z.: On the placement of internet instrumentation. In: Proc. INFOCOM 2000, vol. 1, pp. 295–304 (2000)
Estan, C., Keys, K., Moore, D., Varghese, G.: Building a better netflow. In: Proc. SIGCOMM 2004, pp. 245–256. ACM Press, New York (2004)
Fricke, S., Bsufka, K., Keiser, J., Schmidt, T., Sesseler, R., Albayrak, S.: Agent-based telematic services and telecom applications. Communications of the ACM 44(4), 43–48 (2001)
Cantieni, G.R., Iannaccone, G., Barakat, C., Diot, C., Thiran, P.: Reformulating the monitor placement problem: Optimal network-wide sampling. Technical report, Intel Research (2005)
Brandes, U.: A faster algorithm for betweenness centrality. Journal of Mathematical Sociology 25(2), 163–177 (2001)
Bloem, M., Alpcan, T., Schmidt, S., Başar, T.: Malware filtering for network security using weighted optimality measures. In: Proc. of 2007 IEEE Multi-conference on Systems and Control. IEEE, Los Alamitos (2007)
Kodialam, M., Lakshman, T.: Detecting network intrusions via sampling: A game theoretic approach. In: Proceedings IEEE INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3, pp. 1880–1889 (2003)
Başar, T., Olsder, G.J.: Dynamic Noncooperative Game Theory, 2nd edn. SIAM, Philadelphia (1999)
Alpcan, T., Başar, T.: An intrusion detection game with limited observations. In: Proceedings of 12th International Symposium on Dynamic Games and Applications, Sophia-Antipolis, France (2006)
Bertsekas, D.: Dynamic Programming and Optimal Control, 2nd edn., vol. 2. Athena Scientific, Belmont (2001)
Littman, M.L.: Markov games as a framework for multi-agent reinforcement learning. In: Proc. of the Eleventh International Conference on Machine Learning, San Francisco, CA, 157–163 (1994)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schmidt, S., Alpcan, T., Albayrak, Ş., Başar, T., Mueller, A. (2008). A Malware Detector Placement Game for Intrusion Detection. In: Lopez, J., Hämmerli, B.M. (eds) Critical Information Infrastructures Security. CRITIS 2007. Lecture Notes in Computer Science, vol 5141. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89173-4_26
Download citation
DOI: https://doi.org/10.1007/978-3-540-89173-4_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89095-9
Online ISBN: 978-3-540-89173-4
eBook Packages: Computer ScienceComputer Science (R0)