A Malware Detector Placement Game for Intrusion Detection

  • Stephan Schmidt
  • Tansu Alpcan
  • Şahin Albayrak
  • Tamer Başar
  • Achim Mueller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5141)

Abstract

We propose and investigate a game-theoretic approach to the malware filtering and detector placement problem which arises in network security. Our main objective is to develop optimal detector algorithms taking into account attacker strategies and actions. Assuming rational and intelligent attackers, we present a two-person zero-sum non-cooperative Markov security game framework as a basis for modeling the interaction between the attackers who generate malware traffic on a network and a corresponding intrusion detection system (IDS). Thus, we establish a formal model of the detector placement problem based on game theory and derive optimal strategies for both players. In addition, we test the strategies obtained in a realistic agent-based network simulation environment and compare the results of static and dynamic placement scenarios. The obtained IDS strategies and the corresponding simulation results provide interesting insights into how to optimally deploy malware detectors in a network environment.

Keywords

network-based intrusion detection monitor placement game theory 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Stephan Schmidt
    • 1
  • Tansu Alpcan
    • 2
  • Şahin Albayrak
    • 1
  • Tamer Başar
    • 3
  • Achim Mueller
    • 2
  1. 1.DAI-LaborTU BerlinGermany
  2. 2.Deutsche Telekom LaboratoriesTU BerlinGermany
  3. 3.Coordinated Science LaboratoryU. of IllinoisUrbana

Personalised recommendations