ABSTRACT

Intrusion Detection Systems (IDSs) are crucial security mechanisms widely deployed for critical network protection. However, conventional IDSs become incompetent due to the rapid growth in network size and the sophistication of large scale aŠacks. To mitigate this problem, Collaborative IDSs (CIDSs) have been proposed in literature. In CIDSs, a number of IDSs exchange their intrusion alerts and other relevant data so as to achieve beŠer intrusion detection performance. Nevertheless, the required information exchange may result in privacy leakage, especially when these IDSs belong to di‚erent self-interested organizations. In order to obtain a quantitative understanding of the fundamental tradeo‚ between the intrusion detection accuracy and the organizations’ privacy, a repeated two-layer single-leader multi-follower game is proposed in this work. Based on our game-theoretic analysis, we are able to derive the expected behaviors of both the aŠacker and the IDSs and obtain the utility-privacy tradeo‚ curve. In addition, the existence of Nash equilibrium (NE) is proved and an asynchronous dynamic update algorithm is proposed to compute the optimal collaboration strategies of IDSs. Finally, simulation results are shown to validate the analysis.

INTRODUCTION

Considering that complete prevention of cyber-aŠacks is extremely dicult, if not impossible, Intrusion Detection Systems (IDSs) have been introduced as an e‚ective second line of defense to minimize the damage caused by these aŠacks. However, conventional IDSs are not scalable to large networks due to the huge amount of trac activities. In the meantime, the development of sophisticated largescale aŠacks renders the performance of an individual IDS rarely satisfactory. To mitigate this problem, Collaborative IDSs (CIDSs) have been proposed in literature (see, e.g., [7, 9] and the references therein).