Optimal configuration of intrusion detection systems

Autor: Inna Smirnova, Birendra K. Mishra
Rok vydání: 2021
Předmět:
Zdroj: Information Technology and Management. 22:231-244
ISSN: 1573-7667
1385-951X
DOI: 10.1007/s10799-020-00319-z
Popis: An important requirement of an intrusion detection system (IDS) is that it be effective and efficient; that is, it should detect a large percentage of intrusions, while still keeping the false alarm rate at an acceptable level. In order to meet this requirement, the model and algorithm used by the IDS need to be calibrated or configured. The optimal configuration depends on several factors. The first factor is the quality profile of the IDS as indicated by its ROC (receiver operating characteristics), curve that relates the detection accuracy and the false alarm rate. The shape of the ROC curve depends on the detection technology used by the IDS. The second factor is the cost structure of the firm using the IDS. The third factor is the strategic behavior of hackers. A hacker’s behavior is influenced by the likelihood that (s)he will be caught, which, in turn, is dependent on the configuration of the IDS. In this article, we present an economic optimization model based on game theory that provides insights into optimal configuration of IDS. We present analytical as well as computational results. Our work extends the growing literature on the economics of information security. The main innovation of our approach is the inclusion of strategic interactions between IDS, firm, and hackers in the determination of optimal configuration and algorithm to do so.
Databáze: OpenAIRE
Externí odkaz:
Nepřihlášeným uživatelům se plný text nezobrazuje