Self-Organized Mechanism for Distributed Setup of Multiple Heterogeneous Intrusion Detection Systems

We propose a distributed and self-organized framework for collaboration of multiple heterogeneous IDS sensors. The framework is based on a game-theoretical approach that optimizes behavior of each IDS sensor with respect to other sensors in highly dynamic environments. We formalize the proposed collaborative architecture as a game between defenders and attackers and transform the hard problem of heterogeneous collaboration into an easier problem of finding two functions that are used in the game-theoretical model to specialize the detection mechanisms on a specific type of malicious activity. The collaboration of such more specialized IDS nodes covers much wider range of attack classes, allowing the collaborating system to maximize the overall network security awareness. We have evaluated the proposed concept on real networks, where we have shown considerable improvements in the detection capabilities of intrusion detection devices thanks to the proposed collaboration model.