Research On Detection Resource Allocation Of IDS Based On Game Theory

With the expansion of the field of computer network application,the network brings convenience to people's lives,but also brings some network security problems to people's lives.At the same time,various types of network attacks emerge in endlessly and the strategies of network attackers are improved,so it is difficult for a single intrusion detection system to identify complex network attacks.Multiple intrusion detection systems can improve the detection performance of the entire network security by sharing their detection resources,and the detection resources of the IDS may have an unreasonable allocation.Game theory can effectively simulate the confrontation process between attacks and IDSs in the network attack,and get the strategy of optimizing the detection resource allocation at the same time.Therefore,it is of great significance to study the allocation of IDSs resources based on game theory.The work of this paper is as follows:Considering the unreasonable detection resources allocation of IDSs in intrusion detection networks,this paper proposes a two-layer cooperative IDS detection resource allocation scheme based on shared strategy for stochastic game.In the first layer of our proposed framework,we model the interaction of IDSs and corresponding attackers through a game based on sharing strategies,and then we obtain the IDS's resource updating strategy through this model.Considering the network delay problem,we propose a resource allocation scheme based on distributed incentive mechanism in the second layer,where we allocate detection resources according to the results generated by the proposed game.Based on experimental analysis,our proposed scheme can achieve efficient detection resource allocation between IDSs,which is superior to other resource allocation methods.In view of the possible cooperation between attackers and the dynamic changes of attack strategies,this paper proposes an IDS detection resource allocation scheme based on evolutionary game to detect more intelligent attackers.Firstly,according to the degree of change of IDS detection resources,this paper proposes three detection resource strategies of IDS.The three strategies include that IDS does not change its detection resources,IDS changes its own detection resources or IDS changes its own detection resources.Then the paper constructs a corresponding evolutionary game model based on the three detection resource strategies of IDS,and IDS obtains the detection library update strategy through this model.In the detection resource update stage of IDSs,a centralized resource allocation scheme is proposed.Finally,the simulation experiments and related data verify that IDS detection resource allocation scheme based on evolutionary game can better cope with coordinated attacks.