Please use this identifier to cite or link to this item:
Title: The Configuration and Detection Strategies for Information Security Systems
Authors: Öğüt, Hulisi
Keywords: Intrusion detection system
Base rate fallacyConfiguration policy
Issue Date: May-2013
Source: Öğüt, H. (2013). The configuration and detection strategies for information security systems. Computers & Mathematics with Applications, 65(9), 1234-1253.
Abstract: Intrusion Detection Systems (IDSs) have become an important element of the Information Technology (IT) security architecture by identifying intrusions from both insiders and outsiders. However, security experts questioned the effectiveness of IDSs recently. The criticism known as Base Rate fallacy states that when IDS raises an alarm, the event is more likely to be benign rather than intrusive since the proportion of benign activity is significantly larger than that of intrusive activity in the user population. In response to too many false alarms, system security officers (SSO) either ignore alarm signals or turn off the IDS as the information provided by IDS is very skeptical. To alleviate this problem of IDSs, Ogut et al. (2008) [6] suggest that the firm may choose to wait to get additional signal and to make better decision about user type. One of the limitations of their model is that configuration point at which IDSs operate (the false negative and false positive rates) is exogenously given. However, the firm trying to minimize expected cost should also make a decision regarding the configuration level of IDSs since these probabilities are one of the determinants of future cost. Therefore, we extend Ogut et al. (2008) [6] by considering configuration and waiting time decisions jointly in this paper. We formulate the problem as dynamic programming model and illustrate the solution procedure for waiting time and configuration decision under optimal policy when cost of undetected hacker activity follows step wise function. As it is difficult to obtain waiting time and configuration decision under optimal policy, we illustrate the solution procedures for under myopic policy and focus on the characteristics of configuration decision under myopic policy. Our numerical analysis suggested that configuration decision is as important as waiting time decision to decrease the cost of operating IDS. © 2012 Elsevier Ltd. All rights reserved.
Appears in Collections:İşletme Bölümü / Department of Management
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection

Show full item record

CORE Recommender


checked on Sep 23, 2022


checked on Sep 24, 2022

Page view(s)

checked on Dec 26, 2022

Google ScholarTM



Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.