A Game Theoretic Model to Handle Network Intrusions over Multiple Packets

In this paper we build a game theoretic framework to model network intrusions through multiple packets. Detection is accomplished by sampling a portion of the packets transiting through selected network links (or router interfaces). Given a total sampling budget, our work then aims at developing a network packet sampling strategy to effectively reduce the success chances of an intruder. We consider the scenario where a well informed intruder divides his attack over multiple packets in order to increase his chances of successfully intruding a target domain. Each fragment of the attack is transmitted through a different path using multi-path routing, where each path is selected with a different probability. To the best of our knowledge, there has not been any work done for the case where the attack is split over multiple packets using game theory. We formulate the game theoretic problem, and develop optimal sampling schemes.