Computing the Nash Equilibria of Intruder Classification Games
We investigate the problem of classifying an intruder of two different types (spy or spammer). The classification is based on the number of file server and mail server attacks a network defender observes during a fixed window. The spammer naively attacks (with a known distribution) his main target: the mail server. The spy strategically selects the number of attacks on his main target: the file server. The defender strategically selects his classification policy: a threshold on the number of file server attacks. We first develop parameterized families of payoff functions for both players and analyze the Nash equilibria of the noncooperative nonzero-sum game. We analyze the strategic interactions of the two players and the tradeoffs each one of them faces: The defender chooses a classification threshold that balances the cost of missed detections and false alarms while the spy seeks to hit the file server as much as possible while still evading detection. We give a characterization of the Nash equilibria in mixed strategies, and demonstrate how the Nash equilibria can be computed in polynomial time. We give two examples of the general model, one that involves forensics on the side of the defender and one that does not. Finally, we evaluate how investments in forensics and data logging could improve the Nash equilibrium payoff of the defender.
KeywordsNash equilibria intruder classification polynomial complexity
Unable to display preview. Download preview PDF.
- 1.Dritsoula, L., Loiseau, P., Musacchio, J.: A game-theoretic approach for finding optimal strategies in an intruder classification game. To Appear in Proc. of the 51th IEEE Conf. Decision and Control (CDC) (December 2012)Google Scholar
- 2.Cyber Security Research Report, Bit9 (2012)Google Scholar
- 3.TMT Global Security Study Key Findings, Deloitte (2011)Google Scholar
- 4.Manshaei, M.H., Zhu, Q., Alpcan, T., Basar, T., Hubaux, J.-P.: Game Theory Meets Network Security and Privacy, Ecole Polytechnique Federale de Lausanne (EPFL). Tech. Rep. EPFL-REPORT-151965 (April 2011)Google Scholar
- 5.Alpcan, T., Başar, T.: A Game Theoretic Approach to Decision and Analysis in Network Intrusion Detection. In: Proc. of the 42nd IEEE Conf. Decision and Control, pp. 2595–2600 (December 2003)Google Scholar
- 7.Gueye, A., Walrand, J.C., Anantharam, V.: A Network Topology Design Game: How to Choose Communication Links in an Adversarial Environment? In: GameNets (April 2011)Google Scholar
- 8.Gueye, A.: A Game Theoretical Approach to Communication Security. PhD dissertation. University of California, Berkeley, Electrical Engineering and Computer Sciences (March 2011)Google Scholar
- 9.Dalvi, N., Domingos, P., Mausam, Sanghai, S., Verma, D.: Adversarial classification. In: Proc. of the ACM SIGKDD, pp. 99–108 (2004)Google Scholar
- 10.Luenberger, D.G.: Linear and Nonlinear Programming, 2nd edn. Addison-Wesley (1984)Google Scholar
- 11.Gambit, Gambit game theory analysis software and tools, http://www.hss.caltech.edu/gambit (2002)
- 13.Grant, M., Boyd, S.: CVX: Matlab software for disciplined convex programming, version 1.21. ../../cvx (April 2011)Google Scholar