Research on configuration of detection libraries of cooperative intrusion detection systems under incomplete information
This paper studies the configuration problem of cooperative intrusion detection systems(IDS)with information limitation in finite-time horizon.Aiming at the optimal configuration of the detection libraries when facing different types of attacks and the contradiction in the allocation process,a method of two-layer detection libraries allocation scheme is proposed.In the first layer,the decision-making process of each intrusion detection system and the corre-sponding attacker are studied.In the second layer,the contradiction of loading detection libraries is solved by a centralized resource allocation method based on sharing strategy.In addition,the problem of the first layer can be solved in two steps.Firstly,by virtue of the fact that the attacker is not aware of the state,which leads to the infor-mation asymmetry,a belief-based stochastic game is constructed.And the strategy solved by the backward recur-sion algorithm is a stationary Nash equilibrium(SNE)strategy of the belief-based stochastic game.Secondly,the optimal detection libraries allocation plan can be solved by a hybrid Markov decision process.The simulation results show that the proposed algorithm is effective in obtaining the optimal configuration of detection libraries when facing different types of attacks.
incomplete information gameMarkov decision processintrusion detection system(IDS)re-source allocationnetwork security
万方数据
维普
