Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.11851/1885
Full metadata record
DC FieldValueLanguage
dc.contributor.authorÖğüt, Hulisi-
dc.date.accessioned2019-07-10T14:40:09Z-
dc.date.available2019-07-10T14:40:09Z-
dc.date.issued2013-05-
dc.identifier.citationÖğüt, H. (2013). The configuration and detection strategies for information security systems. Computers & Mathematics with Applications, 65(9), 1234-1253.en_US
dc.identifier.urihttps://doi.org/10.1016/j.camwa.2012.05.015-
dc.identifier.urihttps://hdl.handle.net/20.500.11851/1885-
dc.description.abstractIntrusion Detection Systems (IDSs) have become an important element of the Information Technology (IT) security architecture by identifying intrusions from both insiders and outsiders. However, security experts questioned the effectiveness of IDSs recently. The criticism known as Base Rate fallacy states that when IDS raises an alarm, the event is more likely to be benign rather than intrusive since the proportion of benign activity is significantly larger than that of intrusive activity in the user population. In response to too many false alarms, system security officers (SSO) either ignore alarm signals or turn off the IDS as the information provided by IDS is very skeptical. To alleviate this problem of IDSs, Ogut et al. (2008) [6] suggest that the firm may choose to wait to get additional signal and to make better decision about user type. One of the limitations of their model is that configuration point at which IDSs operate (the false negative and false positive rates) is exogenously given. However, the firm trying to minimize expected cost should also make a decision regarding the configuration level of IDSs since these probabilities are one of the determinants of future cost. Therefore, we extend Ogut et al. (2008) [6] by considering configuration and waiting time decisions jointly in this paper. We formulate the problem as dynamic programming model and illustrate the solution procedure for waiting time and configuration decision under optimal policy when cost of undetected hacker activity follows step wise function. As it is difficult to obtain waiting time and configuration decision under optimal policy, we illustrate the solution procedures for under myopic policy and focus on the characteristics of configuration decision under myopic policy. Our numerical analysis suggested that configuration decision is as important as waiting time decision to decrease the cost of operating IDS. © 2012 Elsevier Ltd. All rights reserved.en_US
dc.language.isoenen_US
dc.relation.ispartofComputers & Mathematics with Applicationsen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectIntrusion detection systemen_US
dc.subjectBase rate fallacyConfiguration policyen_US
dc.titleThe Configuration and Detection Strategies for Information Security Systemsen_US
dc.typeArticleen_US
dc.departmentFaculties, Faculty of Economics and Administrative Sciences, Department of Managementen_US
dc.departmentFakülteler, İktisadi ve İdari Bilimler Fakültesi, İşletme Bölümütr_TR
dc.identifier.volume65-
dc.identifier.issue9-
dc.identifier.startpage1234-
dc.identifier.endpage1253-
dc.identifier.wosWOS:000320291500002en_US
dc.identifier.scopus2-s2.0-84877788370en_US
dc.institutionauthorÖğüt, Hulisi-
dc.identifier.doi10.1016/j.camwa.2012.05.015-
dc.authorscopusid24484220300-
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanıen_US
item.openairetypeArticle-
item.languageiso639-1en-
item.grantfulltextnone-
item.fulltextNo Fulltext-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.cerifentitytypePublications-
Appears in Collections:İşletme Bölümü / Department of Management
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection
Show simple item record



CORE Recommender

SCOPUSTM   
Citations

5
checked on Dec 21, 2024

WEB OF SCIENCETM
Citations

3
checked on Nov 9, 2024

Page view(s)

156
checked on Dec 23, 2024

Google ScholarTM

Check




Altmetric


Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.