Abstract
We investigate the problem of classifying an intruder of two different types (spy or spammer). The classification is based on the number of file server and mail server attacks a network defender observes during a fixed window. The spammer naively attacks (with a known distribution) his main target: the mail server. The spy strategically selects the number of attacks on his main target: the file server. The defender strategically selects his classification policy: a threshold on the number of file server attacks. We first develop parameterized families of payoff functions for both players and analyze the Nash equilibria of the noncooperative nonzero-sum game. We analyze the strategic interactions of the two players and the tradeoffs each one of them faces: The defender chooses a classification threshold that balances the cost of missed detections and false alarms while the spy seeks to hit the file server as much as possible while still evading detection. We give a characterization of the Nash equilibria in mixed strategies, and demonstrate how the Nash equilibria can be computed in polynomial time. We give two examples of the general model, one that involves forensics on the side of the defender and one that does not. Finally, we evaluate how investments in forensics and data logging could improve the Nash equilibrium payoff of the defender.
Keywords
- Nash equilibria
- intruder classification
- polynomial complexity
This work was supported by AFOSR grant FA9550-09-1-0049.
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Dritsoula, L., Loiseau, P., Musacchio, J.: A game-theoretic approach for finding optimal strategies in an intruder classification game. To Appear in Proc. of the 51th IEEE Conf. Decision and Control (CDC) (December 2012)
Cyber Security Research Report, Bit9 (2012)
TMT Global Security Study Key Findings, Deloitte (2011)
Manshaei, M.H., Zhu, Q., Alpcan, T., Basar, T., Hubaux, J.-P.: Game Theory Meets Network Security and Privacy, Ecole Polytechnique Federale de Lausanne (EPFL). Tech. Rep. EPFL-REPORT-151965 (April 2011)
Alpcan, T., Başar, T.: A Game Theoretic Approach to Decision and Analysis in Network Intrusion Detection. In: Proc. of the 42nd IEEE Conf. Decision and Control, pp. 2595–2600 (December 2003)
Chen, L., Leneutre, J.: A game theoretical framework on intrusion detection in heterogeneous networks. IEEE Transactions on Information Forensics and Security 4(2), 165–178 (2009)
Gueye, A., Walrand, J.C., Anantharam, V.: A Network Topology Design Game: How to Choose Communication Links in an Adversarial Environment? In: GameNets (April 2011)
Gueye, A.: A Game Theoretical Approach to Communication Security. PhD dissertation. University of California, Berkeley, Electrical Engineering and Computer Sciences (March 2011)
Dalvi, N., Domingos, P., Mausam, Sanghai, S., Verma, D.: Adversarial classification. In: Proc. of the ACM SIGKDD, pp. 99–108 (2004)
Luenberger, D.G.: Linear and Nonlinear Programming, 2nd edn. Addison-Wesley (1984)
Gambit, Gambit game theory analysis software and tools, http://www.hss.caltech.edu/gambit (2002)
Nash, J.: Non-Cooperative Games. The Annals of Mathematics 54(2), 286–295 (1951)
Grant, M., Boyd, S.: CVX: Matlab software for disciplined convex programming, version 1.21. ../../cvx (April 2011)
Grant, M., Boyd, S.: Graph implementations for nonsmooth convex programs. In: Blondel, V., Boyd, S., Kimura, H. (eds.) Recent Advances in Learning and Control. LNCIS, vol. 371, pp. 95–110. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dritsoula, L., Loiseau, P., Musacchio, J. (2012). Computing the Nash Equilibria of Intruder Classification Games. In: Grossklags, J., Walrand, J. (eds) Decision and Game Theory for Security. GameSec 2012. Lecture Notes in Computer Science, vol 7638. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34266-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-34266-0_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34265-3
Online ISBN: 978-3-642-34266-0
eBook Packages: Computer ScienceComputer Science (R0)
