We present a distributed self-organized model for collaboration of multiple heterogeneous IDS sensors. The distributed model is based on a game-theoretical approach that optimizes behavior of each IDS sensor with respect to other sensors in highly dynamic environments. We propose a general formalization of the problem of distributed collaboration as a game between defenders and attackers and introduce e-FIRE, a solution concept suitable for solving this game in highly dynamic environments. Our experimental evaluation of the proposed collaboration model on real network traffic clearly shows improvements in the detection capabilities of all IDS sensors, allowing each system to specialize on particular network activities while not reducing the overall effectiveness. The concept of opponent aware, self-coordinating and strategically reasoning Network Intrusion Detection Networks allows effective collaboration of individual system defenders that may match a market-based collaboration structures of the attackers.
展开▼
