TY - GEN
T1 - A game theoretic approach to optimize the performance of Host-Based IDS
AU - Liu, Shuai
AU - Zhang, Da Yong
AU - Chu, Xiao
AU - Otrok, Hadi
AU - Bhattacharya, Prabir
PY - 2008
Y1 - 2008
N2 - A traditional Host-Based Intrusion Detection System (HIDS) has to continuously monitor thousands of objects on the host, regardless of whether or not there are any attacks and in what scenarios these attacks have been occurred. This leads to a huge consumption of system resources. In this paper, we put forward an approach that dynamically adjusts the objects a HIDS monitors according to the expected attack scenario. To achieve this goal, we formulate a repeated non-cooperative game between an attacker and a HIDS. The solution leads the HIDS to find the optimal number of objects that should be monitored and the corresponding monitored time. We study the case of multiple-step attack to gain more insight of the solution for this game model. Therefore, our model considers the tradeoff between the detection accuracy and the resource consumption. Analysis and simulation results prove that our approach can effectively decrease the resource consumption of the HIDS taking into consideration the detection accurac.
AB - A traditional Host-Based Intrusion Detection System (HIDS) has to continuously monitor thousands of objects on the host, regardless of whether or not there are any attacks and in what scenarios these attacks have been occurred. This leads to a huge consumption of system resources. In this paper, we put forward an approach that dynamically adjusts the objects a HIDS monitors according to the expected attack scenario. To achieve this goal, we formulate a repeated non-cooperative game between an attacker and a HIDS. The solution leads the HIDS to find the optimal number of objects that should be monitored and the corresponding monitored time. We study the case of multiple-step attack to gain more insight of the solution for this game model. Therefore, our model considers the tradeoff between the detection accuracy and the resource consumption. Analysis and simulation results prove that our approach can effectively decrease the resource consumption of the HIDS taking into consideration the detection accurac.
KW - Host-based Intrusion Detection Systems (HIDS)
KW - Resource consumption and game theory
UR - http://www.scopus.com/inward/record.url?scp=56749169084&partnerID=8YFLogxK
U2 - 10.1109/WiMob.2008.20
DO - 10.1109/WiMob.2008.20
M3 - Conference contribution
AN - SCOPUS:56749169084
SN - 9780769533933
T3 - Proceedings - 4th IEEE International Conference on Wireless and Mobile Computing, Networking and Communication, WiMob 2008
SP - 448
EP - 453
BT - Proceedings - 4th IEEE International Conference on Wireless and Mobile Computing, Networking and Communication, WiMob 2008
T2 - 4th IEEE International Conference on Wireless and Mobile Computing, Networking and Communication, WiMob 2008
Y2 - 12 October 2008 through 14 October 2008
ER -