Indices of Power in Optimal IDS Default Configuration: Theory and Examples

TL;DR

This paper introduces a game theory approach using indices of power to optimize default IDS configurations under resource constraints, enhancing protection by quantifying library influence based on attack graphs.

Contribution

It applies Shapley value and Banzhaf-Coleman index to configure IDS optimally at default, considering attack graphs and resource limitations.

Findings

Effective IDS configurations can be achieved using game-theoretic indices.

The approach balances resource use and protection level.

Quantitative influence measures improve default setup decisions.

Abstract

Intrusion Detection Systems (IDSs) are becoming essential to protecting modern information infrastructures. The effectiveness of an IDS is directly related to the computational resources at its disposal. However, it is difficult to guarantee especially with an increasing demand of network capacity and rapid proliferation of attacks. On the other hand, modern intrusions often come as sequences of attacks to reach some predefined goals. It is therefore critical to identify the best default IDS configuration to attain the highest possible overall protection within a given resource budget. This paper proposes a game theory based solution to the problem of optimal signature-based IDS configuration under resource constraints. We apply the concepts of indices of power, namely, Shapley value and Banzhaf-Coleman index, from cooperative game theory to quantify the influence or contribution of libraries in an IDS with respect to given attack graphs. Such valuations take into consideration the knowledge on common attack graphs and experienced system attacks and are used to configure an IDS optimally at its default state by solving a knapsack optimization problem.