Intrusion detection : a game theoretic approach

In this thesis, we consider the problems of detecting intrusions initiated by cooperative malicious nodes and multiple malicious packets initiated by a smart intruder. Detection is accomplished by sampling a subset of the transmitted packets over selected network links or router interfaces. Given a total sampling budget, our framework aims at developing a network packet sampling strategy to effectively reduce the success chances of an intruder. We consider two different scenarios: (1) A well informed intruder divides her attack over multiple packets in order to increase her chances of successfully intruding a target domain. (2) Different cooperating intruders distribute the attack among themselves each sending the attack fragments to the target node. Each of the packets containing a fragment of the attack is transmitted through a different path using multi-path routing, where each path is selected with a different probability. To the best of our knowledge, there has not been any work done for the case where the attack is split over multiple packets or distributed over cooperative intruders using game theory. We formulate the game theoretic problem, and develop optimal sampling schemes