Monday, August 22, 2011
Game Theory Improves Detection of Security Breaches
Network attackers are becoming more adept at breaching even the most advanced firewalls. Now, using models from game theory an information technologist has created an anti-hacking tool that is more effective than traditional approaches. An added bonus: Unlike other methods, the new tool identifies attacks in real time.With several major IT security concerns in recent months, many companies are seeking protection beyond traditional methods like firewalls and log analysis. At Iona College in New Rochelle, N.Y., a researcher has applied game theory to models of security breaches to create a better defense mechanism for networks. Already, the approach has proven more effective than traditional technologies.
Information technologist Heechang Shin recently published his results in the "International Journal of Business Continuity and Risk Management." According to Shin, the vast growth in the types and numbers of devices—including smartphones, iPods and tablet PCs—connected to networks has created vulnerability across information systems. These devices are a major cause of the uptick in network attacks.
Security breaches can lead to significant service disruptions for users, and they can also cost as much as 1 percent of annual sales per incident, Shin says. “That number amounts to tens of millions of dollars for the average publicly listed company,” Shin said in a statement.
Using the game-theory model of defensive forecasting, Shin has created an anti-hacking tool that identifies security breaches in real time. The tool compares network reality to a forecasted breach and alerts network operators when the two match up.
While traditional security methods—such as log analysis—detect breaches after they have occurred, Shin’s tool monitors real-time data to identify problems immediately. This allows for a quick response to breaches, thereby reducing the damage to service and profits that attackers can cause.
The tool is able to identify a wide variety of attack types, including denial of service attacks, attacks by insiders and probing attacks.
A standard classification method for network attack identification, according to Shin, is the data set based on a support vector machine and created from the dump data of the simulation of an average U.S. Air Force LAN to a network intrusion system.
When compared to the SVM-based tool, Shin’s game-theory tool is just as effective, but works in real time.