An intrusion detection game theoretical model

We propose, in this article, a game theoretical model for Host-based Intrusion Detection Systems (HIDS). The main drawbacks of existing HIDSs, such as Swatch, are the high computation cost in detection and the generation of false alarms. These limitations are not acceptable in resource-limited systems such as wireless mobile devices. We address these issues by applying game theory to HIDSs, so that HIDSs can discover potential attackers with lower computation cost and false alarm rates. To achieve that, we explore two solutions: The Bayesian model and the Dempster-Shafer (DS) model where the identity of the attacker is unknown. Such type of models can be used in Mobile Ad hoc Networks (MANET) where the sender identity is unknown. They help to determine the belief value that determines whether a sender is misbehaving or not. Our novel contribution in this article is a hybrid model that combines the Bayesian and DS models for decreasing false positives and detecting accurately an attacker. Our simulation results show the benefits from the combination of these two models regarding the posterior belief function that is used for increasing the possibility of intrusion detection.