Network security configurations

A nonzero-sum stochastic game approach

Quanyan Zhu, Tembine Hamidou, Tamer Başar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper, we study a network security configuration problem. More specifically, we consider distributed intrusion detection systems in a network subject to possible simultaneous attacks launched by a number of attackers. We formulate an N + M-person nonzero-sum stochastic game to capture the interactions among detection systems in the network as well as their interactions against exogenous intruders. We show the existence of stationary Nash equilibrium of the game and a value iteration method to attain an ε-Nash equilibrium. Mimicking the concept of Shannon's capacity in information theory, we propose the notion of security capacity as the largest achievable payoff to an agent at an equilibrium to yield performance limits on the network security. Furthermore, we discuss a mathematical programming approach to characterize the equilibrium as well as the feasibility of a given security target.

Original languageEnglish (US)
Title of host publicationProceedings of the 2010 American Control Conference, ACC 2010
Pages1059-1064
Number of pages6
StatePublished - 2010
Event2010 American Control Conference, ACC 2010 - Baltimore, MD, United States
Duration: Jun 30 2010Jul 2 2010

Other

Other2010 American Control Conference, ACC 2010
CountryUnited States
CityBaltimore, MD
Period6/30/107/2/10

Fingerprint

Network security
Mathematical programming
Information theory
Intrusion detection

ASJC Scopus subject areas

  • Control and Systems Engineering

Cite this

Zhu, Q., Hamidou, T., & Başar, T. (2010). Network security configurations: A nonzero-sum stochastic game approach. In Proceedings of the 2010 American Control Conference, ACC 2010 (pp. 1059-1064). [5530765]

Network security configurations : A nonzero-sum stochastic game approach. / Zhu, Quanyan; Hamidou, Tembine; Başar, Tamer.

Proceedings of the 2010 American Control Conference, ACC 2010. 2010. p. 1059-1064 5530765.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Zhu, Q, Hamidou, T & Başar, T 2010, Network security configurations: A nonzero-sum stochastic game approach. in Proceedings of the 2010 American Control Conference, ACC 2010., 5530765, pp. 1059-1064, 2010 American Control Conference, ACC 2010, Baltimore, MD, United States, 6/30/10.
Zhu Q, Hamidou T, Başar T. Network security configurations: A nonzero-sum stochastic game approach. In Proceedings of the 2010 American Control Conference, ACC 2010. 2010. p. 1059-1064. 5530765
Zhu, Quanyan ; Hamidou, Tembine ; Başar, Tamer. / Network security configurations : A nonzero-sum stochastic game approach. Proceedings of the 2010 American Control Conference, ACC 2010. 2010. pp. 1059-1064
@inproceedings{316e9a4289f242baa86bfbf226dbcbd9,
title = "Network security configurations: A nonzero-sum stochastic game approach",
abstract = "In this paper, we study a network security configuration problem. More specifically, we consider distributed intrusion detection systems in a network subject to possible simultaneous attacks launched by a number of attackers. We formulate an N + M-person nonzero-sum stochastic game to capture the interactions among detection systems in the network as well as their interactions against exogenous intruders. We show the existence of stationary Nash equilibrium of the game and a value iteration method to attain an ε-Nash equilibrium. Mimicking the concept of Shannon's capacity in information theory, we propose the notion of security capacity as the largest achievable payoff to an agent at an equilibrium to yield performance limits on the network security. Furthermore, we discuss a mathematical programming approach to characterize the equilibrium as well as the feasibility of a given security target.",
author = "Quanyan Zhu and Tembine Hamidou and Tamer Başar",
year = "2010",
language = "English (US)",
isbn = "9781424474264",
pages = "1059--1064",
booktitle = "Proceedings of the 2010 American Control Conference, ACC 2010",

}

TY - GEN

T1 - Network security configurations

T2 - A nonzero-sum stochastic game approach

AU - Zhu, Quanyan

AU - Hamidou, Tembine

AU - Başar, Tamer

PY - 2010

Y1 - 2010

N2 - In this paper, we study a network security configuration problem. More specifically, we consider distributed intrusion detection systems in a network subject to possible simultaneous attacks launched by a number of attackers. We formulate an N + M-person nonzero-sum stochastic game to capture the interactions among detection systems in the network as well as their interactions against exogenous intruders. We show the existence of stationary Nash equilibrium of the game and a value iteration method to attain an ε-Nash equilibrium. Mimicking the concept of Shannon's capacity in information theory, we propose the notion of security capacity as the largest achievable payoff to an agent at an equilibrium to yield performance limits on the network security. Furthermore, we discuss a mathematical programming approach to characterize the equilibrium as well as the feasibility of a given security target.

AB - In this paper, we study a network security configuration problem. More specifically, we consider distributed intrusion detection systems in a network subject to possible simultaneous attacks launched by a number of attackers. We formulate an N + M-person nonzero-sum stochastic game to capture the interactions among detection systems in the network as well as their interactions against exogenous intruders. We show the existence of stationary Nash equilibrium of the game and a value iteration method to attain an ε-Nash equilibrium. Mimicking the concept of Shannon's capacity in information theory, we propose the notion of security capacity as the largest achievable payoff to an agent at an equilibrium to yield performance limits on the network security. Furthermore, we discuss a mathematical programming approach to characterize the equilibrium as well as the feasibility of a given security target.

UR - http://www.scopus.com/inward/record.url?scp=77957824022&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77957824022&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9781424474264

SP - 1059

EP - 1064

BT - Proceedings of the 2010 American Control Conference, ACC 2010

ER -