Detecting network intrusions via sampling: a game theoretic approach

Author

Kodialam, Murali ; Lakshman, T.V.

Author_Institution

Lucent Technol., Bell Labs., Holmdel, NJ, USA

Volume

3

fYear

2003

Firstpage

1880

Abstract

In this paper, we consider the problem of detecting an intruding packet in a communication network. Detection is accomplished by sampling a portion of the packets transiting selected network links (or router interfaces). Since sampling entails incurring network costs for real-time packet sampling and packet examination hardware, we would like to develop a network packet sampling strategy to effectively detect network intrusions while not exceeding a given total sampling budget. We consider this problem in a game theoretic framework, where the intruder picks paths (or the network ingress point if only shortest path routing is possible) to minimize chances of detection and where the network operator chooses a sampling strategy to maximize the chances of detection. We formulate the game theoretic problem, and develop sampling schemes that are optimal in this game theoretic setting.

Keywords

game theory; packet switching; sampling methods; telecommunication links; telecommunication network routing; telecommunication security; communication network; game theoretic problem; network intrusion detection; network link; packet examination hardware; real-time packet sampling; router interfaces; shortest path routing; Communication networks; Computer crime; Costs; Drugs; Game theory; Hardware; Intrusion detection; Routing; Sampling methods; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies

ISSN

0743-166X

Print_ISBN

0-7803-7752-4

Type

conf

DOI

10.1109/INFCOM.2003.1209210

Filename

1209210