Configuration Strategies For Collaborative IDS Using Game Theory

In recent years, distributed and zero-day attacks have emerged as one of the most serious security threats. Th e incomplete knowledge and information of a stand-alone intrusion detection system (IDS) is one of the main reasons for the success of these attacks. Collaborative IDS (CIDS) is one solution to address this problem. IDSs in this framework share their knowledge and consult with each other. Having access to a larger number of detection libraries for IDS configuration, along with the possibility of more cooperation with other participants in this collaborative system can lead to improved overall performance. However, a larger number of libraries and more collaborative activities increase resource consumption and communication overhead, which may in turn reduce system performance. Th ere are a large number of papers in the literature that have utilized game theory to describe the optimal configuration of standalone or networked IDSs. In this paper, those works have been extended and the interactions between the attackers and IDSs in a CIDS framework have been modeled with a nonzero-sum stochastic game. In this regard, the solution concept of stationary Nash equilibrium has been applied to this game to describe the optimal configuration of each IDS in a CIDS and the expected behavior of attackers.