Dynamic policy-based IDS configuration

Quanyan Zhu, Tamer Başar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Intrusion Detection System (IDS) is an important security enforcement tool in modern networked information systems. Obtaining an optimal IDS configuration for effective detection of attacks is far from trivial. There exists a tradeoff between security enforcement levels and the performance of information systems. It is critical to configure an IDS in a dynamic and iterative fashion to balance the security overhead and system performance. In this paper, we use noncooperative game approaches to address this problem. We first build a fundamental game framework to model the zero-sum interactions between the detector and the attacker. Building on this platform, we then formulate a stochastic game model in which the transitions between system states are determined by the actions chosen by both players. An optimal policy-based configuration can be found by minimizing a discounted cost criterion, using an iterative method. In addition, we propose a Q-learning algorithm to find the optimal game values when the transitions between system states are unknown. We show the convergence of the algorithm to the optimal Q-function and illustrate the concepts by simulation.

Original languageEnglish (US)
Title of host publicationProceedings of the 48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009
Pages8600-8605
Number of pages6
DOIs
StatePublished - 2009
Event48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009 - Shanghai, China
Duration: Dec 15 2009Dec 18 2009

Other

Other48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009
CountryChina
CityShanghai
Period12/15/0912/18/09

Fingerprint

Intrusion detection
Intrusion Detection
Configuration
Information systems
Information Systems
Iterative methods
Learning algorithms
Game
Q-learning
Zero-sum
Stochastic Games
Q-function
Non-cooperative Game
Detectors
Optimal Policy
System Performance
Learning Algorithm
Trivial
Trade-offs
Detector

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Modeling and Simulation
  • Control and Optimization

Cite this

Zhu, Q., & Başar, T. (2009). Dynamic policy-based IDS configuration. In Proceedings of the 48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009 (pp. 8600-8605). [5399894] https://doi.org/10.1109/CDC.2009.5399894

Dynamic policy-based IDS configuration. / Zhu, Quanyan; Başar, Tamer.

Proceedings of the 48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009. 2009. p. 8600-8605 5399894.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Zhu, Q & Başar, T 2009, Dynamic policy-based IDS configuration. in Proceedings of the 48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009., 5399894, pp. 8600-8605, 48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009, Shanghai, China, 12/15/09. https://doi.org/10.1109/CDC.2009.5399894
Zhu Q, Başar T. Dynamic policy-based IDS configuration. In Proceedings of the 48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009. 2009. p. 8600-8605. 5399894 https://doi.org/10.1109/CDC.2009.5399894
Zhu, Quanyan ; Başar, Tamer. / Dynamic policy-based IDS configuration. Proceedings of the 48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009. 2009. pp. 8600-8605
@inproceedings{31b2c96eeb664ae69720fa3d04aa3b30,
title = "Dynamic policy-based IDS configuration",
abstract = "Intrusion Detection System (IDS) is an important security enforcement tool in modern networked information systems. Obtaining an optimal IDS configuration for effective detection of attacks is far from trivial. There exists a tradeoff between security enforcement levels and the performance of information systems. It is critical to configure an IDS in a dynamic and iterative fashion to balance the security overhead and system performance. In this paper, we use noncooperative game approaches to address this problem. We first build a fundamental game framework to model the zero-sum interactions between the detector and the attacker. Building on this platform, we then formulate a stochastic game model in which the transitions between system states are determined by the actions chosen by both players. An optimal policy-based configuration can be found by minimizing a discounted cost criterion, using an iterative method. In addition, we propose a Q-learning algorithm to find the optimal game values when the transitions between system states are unknown. We show the convergence of the algorithm to the optimal Q-function and illustrate the concepts by simulation.",
author = "Quanyan Zhu and Tamer Başar",
year = "2009",
doi = "10.1109/CDC.2009.5399894",
language = "English (US)",
isbn = "9781424438716",
pages = "8600--8605",
booktitle = "Proceedings of the 48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009",

}

TY - GEN

T1 - Dynamic policy-based IDS configuration

AU - Zhu, Quanyan

AU - Başar, Tamer

PY - 2009

Y1 - 2009

N2 - Intrusion Detection System (IDS) is an important security enforcement tool in modern networked information systems. Obtaining an optimal IDS configuration for effective detection of attacks is far from trivial. There exists a tradeoff between security enforcement levels and the performance of information systems. It is critical to configure an IDS in a dynamic and iterative fashion to balance the security overhead and system performance. In this paper, we use noncooperative game approaches to address this problem. We first build a fundamental game framework to model the zero-sum interactions between the detector and the attacker. Building on this platform, we then formulate a stochastic game model in which the transitions between system states are determined by the actions chosen by both players. An optimal policy-based configuration can be found by minimizing a discounted cost criterion, using an iterative method. In addition, we propose a Q-learning algorithm to find the optimal game values when the transitions between system states are unknown. We show the convergence of the algorithm to the optimal Q-function and illustrate the concepts by simulation.

AB - Intrusion Detection System (IDS) is an important security enforcement tool in modern networked information systems. Obtaining an optimal IDS configuration for effective detection of attacks is far from trivial. There exists a tradeoff between security enforcement levels and the performance of information systems. It is critical to configure an IDS in a dynamic and iterative fashion to balance the security overhead and system performance. In this paper, we use noncooperative game approaches to address this problem. We first build a fundamental game framework to model the zero-sum interactions between the detector and the attacker. Building on this platform, we then formulate a stochastic game model in which the transitions between system states are determined by the actions chosen by both players. An optimal policy-based configuration can be found by minimizing a discounted cost criterion, using an iterative method. In addition, we propose a Q-learning algorithm to find the optimal game values when the transitions between system states are unknown. We show the convergence of the algorithm to the optimal Q-function and illustrate the concepts by simulation.

UR - http://www.scopus.com/inward/record.url?scp=77950838880&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77950838880&partnerID=8YFLogxK

U2 - 10.1109/CDC.2009.5399894

DO - 10.1109/CDC.2009.5399894

M3 - Conference contribution

AN - SCOPUS:77950838880

SN - 9781424438716

SP - 8600

EP - 8605

BT - Proceedings of the 48th IEEE Conference on Decision and Control held jointly with 2009 28th Chinese Control Conference, CDC/CCC 2009

ER -