Abstract: Intrusion detection is an important part of the information security research, and the network-based intrusion detection system accomplish the detection by examine the network packets. Since sampling entails incurring network costs for real-time packet sampling and packet examination hardware, we would like to develop a network packet sampling strategy to effectively detect network intrusions while not exceeding the velocity of the packet examination. We consider this problem in a game theoretic framework and introduce sampling schemes that are optimal in this game theoretic setting by the Minimax theorem and the max-flow min-cut theorem. According to the limitation and scarcity of this single intrusion node method, We introduce a method of risk management and extend the solution to more complex cases to solve the choice of sampling strategy while facing more various environments. At last, we provide an empirical study to exemplify our improved method.

Key words: Intrusion detection, sampling strategy, game theoretic approach, risk management.