A Game Theoretic Approach to Optimize the Performance of Host-Based IDS

A traditional host-based intrusion detection system (HIDS) has to continuously monitor thousands of objects on the host, regardless of whether or not there are any attacks and in what scenarios these attacks have been occurred. This leads to a huge consumption of system resources. In this paper, we put forward an approach that dynamically adjusts the objects a HIDS monitors according to the expected attack scenario. To achieve this goal, we formulate a repeated non-cooperative game between an attacker and a HIDS. The solution leads the HIDS to find the optimal number of objects that should be monitored and the corresponding monitored time. We study the case of multiple-step attack to gain more insight of the solution for this game model. Therefore, our model considers the tradeoff between the detection accuracy and the resource consumption. Analysis and simulation results prove that our approach can effectively decrease the resource consumption of the HIDS taking into consideration the detection accuracy.