| Summary: | 博士 === 國立中央大學 === 資訊管理研究所 === 98 === In intrusion detection systems (IDSs), a software sensor is installed in a host of network to identify intrusions and viruses in order to prevent from entering the host by analyzing system calls. Homeland security advisory system (HSAS) is developed by the U.S. government to set up alarm system of emergency operations centers (EOC) and decide when to raise the threat level of system. The HSAS facilitates the sensitivity of protection of various regional emergency agencies, as well as strengthens resource reallocation and deployment efficiency so as to improve the response agency’s capability against terrorist attacks. Because IDS and HSAS need to deploy a large scale of response nodes at overall region, these systems cannot fulfill the requirement of resources allocation while all targeted nodes are attacked by outside attackers, especially when the available resources are constrained. Thus, the concept of multi-agent system (MAS) is applied to construct these systems. These MASs are designed to deploy multiple response agents when face outside threat. The related works encounter scalability problem that MASs handle growing amounts of agent work in a graceful manner or a large number of agents. Therefore, an integrated model of noncooperative game and cooperative game is proposed to improve this problem and prioritize to allocate the resources of MAS so as to implement overall system security.
This dissertation proposes a two-stage model to connect the noncooperative game model with cooperative game model. In the first stage, the interactive behaviors between the outside attacker and the district response agent are modeled and analyzed as a noncooperative game, after which the outside threat value is derived from the Nash equilibrium. In the second stage, the interactive behaviors among agents are modeled as a cooperative game, and the threat value is utilized to compute the Shapley value of all response agents for several different threat levels. Then an acceptable resources allocation of response agents based on the expected marginal contribution creates a minimum set of resource deployment costs. The two-stage model is applied to three MAS cases, and the experimental results discussed. Two implications are suggested. First, based on the interactions between agent and attacker, the proposed model provides administrator decision-making that can predict which agent is more vulnerable to attack, and which agent is more robust against outside attacks. Second, the overall security situation of protective region is divided into a number of alert levels. The experimental results show that at a low level, the MAS advises emergency managers to redistribute the response resources to many agents in order to "nip attacks in the bud". When the alert level is raised to its highest level, emergency managers redistribute all resources to a small number of critical agents in order to "achieve the goal of resisting serious attacks and discarding less effective agent". Thus, the two-stage model enables to allocate resources efficiently in the overall system given resource constraints. In addition, this framework can be used to increase the emergency manager’s ability to immediately respond to outside multiple attacks.
|
|---|
