Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.11851/6923
Full metadata record
DC FieldValueLanguage
dc.contributor.authorÖgüt, Hulisi-
dc.contributor.authorÇavuşoğlu, Hüseyin-
dc.contributor.authorRaghunathan, Şrinivaşan-
dc.date.accessioned2021-09-11T15:44:18Z-
dc.date.available2021-09-11T15:44:18Z-
dc.date.issued2008en_US
dc.identifier.citationWorkshop on Informational Technology and Systems (WITS 2003) -- 2003 -- Seattle, WAen_US
dc.identifier.issn1091-9856-
dc.identifier.issn1526-5528-
dc.identifier.urihttps://doi.org/10.1287/ijoc.1070.0222-
dc.identifier.urihttps://hdl.handle.net/20.500.11851/6923-
dc.description.abstractIntrusion-detection systems (IDSs) form an important component of IT security architectures, but the low proportion of hackers in the user population severely limits the usefulness of IDSs. Thus, even when the IDS is good, an intrusion signal may not imply that the user is more likely to be a hacker than a normal user. Ignoring the low base rate for the proportion of hackers results in acting on every intrusion signal, which is costly because of the high rate of false alarms. This problem is known as the base-rate fallacy in IDSs. On the other hand, ignoring intrusion signals renders IDSs useless. We propose and analyze waiting-time policies, which specify a response to signals from IDSs. We formulate the problem as a stochastic dynamic programming model and derive the optimal waiting time before acting upon an intrusion signal. Because the optimal policy is difficult to implement in many situations, we also derive and theoretically analyze a myopic policy. Our simulations suggest that the behavior of the myopic policy is qualitatively similar to that of the optimal policy. Further, the myopic policy performs better than other policies often used in practice, such as the Bayes policy and m-strike policies. The myopic policy can be implemented easily in a decision support system that supplements an IDS to mitigate the base-rate fallacy and to improve the value of the IDS.en_US
dc.language.isoenen_US
dc.publisherInformsen_US
dc.relation.ispartofInforms Journal On Computingen_US
dc.rightsinfo:eu-repo/semantics/closedAccessen_US
dc.subjectIT securityen_US
dc.subjectdynamic programmingen_US
dc.subjectstochastic model applicationsen_US
dc.subjectdecision analysisen_US
dc.titleIntrusion-detection policies for IT security breachesen_US
dc.typeConference Objecten_US
dc.departmentFaculties, Faculty of Economics and Administrative Sciences, Department of Managementen_US
dc.departmentFakülteler, İktisadi ve İdari Bilimler Fakültesi, İşletme Bölümütr_TR
dc.identifier.volume20en_US
dc.identifier.issue1en_US
dc.identifier.startpage112en_US
dc.identifier.endpage123en_US
dc.authorid0000-0002-7982-3602-
dc.identifier.wosWOS:000254140400011en_US
dc.identifier.scopus2-s2.0-61349169100en_US
dc.institutionauthorÖğüt, Hulusi-
dc.identifier.doi10.1287/ijoc.1070.0222-
dc.relation.publicationcategoryKonferans Öğesi - Uluslararası - Kurum Öğretim Elemanıen_US
dc.relation.conferenceWorkshop on Informational Technology and Systems (WITS 2003)en_US
dc.identifier.scopusqualityQ1-
item.fulltextNo Fulltext-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.languageiso639-1en-
item.cerifentitytypePublications-
item.openairetypeConference Object-
item.grantfulltextnone-
Appears in Collections:İşletme Bölümü / Department of Management
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection
Show simple item record



CORE Recommender

SCOPUSTM   
Citations

13
checked on Apr 20, 2024

WEB OF SCIENCETM
Citations

10
checked on Apr 20, 2024

Page view(s)

26
checked on Apr 22, 2024

Google ScholarTM

Check




Altmetric


Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.