Skip to Main Content
In this paper, we consider the problem of detecting intrusions initiated by cooperative malicious nodes in infrastructure-based networks. We achieve this objective by sampling a subset of the transmitted packets, between each intruder and the victim, over selected links or router interfaces. Here, the total sampling rate on all links must not exceed the sampling budget constraint. We build a game theoretic framework to model distributed network intrusions through multiple malicious nodes and a common victim node. To the best of our knowledge, there has not been any study for the case where the attack is distributed over cooperative intruders using game theory. Non-cooperative game theory is used to formally express the problem, where the two players are: (1) the intruders and (2) the intrusion detection system. Our game theoretic framework will guide the intruders to know their attack strategy and the IDS to have an optimal sampling strategy in order to detect these intrusion packets.