A cost-based analysis of intrusion detection system configuration under active or passive response

Decision Support Systems

Volumn 50, Issue 1, 2010, Pages 21-31

  Yue, Wei T ^a   Çakanyildirim, Metin ^b  

^a CITY UNIVERSITY OF HONG KONG   (Hong Kong)

^b UNIVERSITY OF TEXAS AT DALLAS   (United States)

Author keywords

IDS configuration; Information security; Intrusion response; Investigation capacity

Indexed keywords

CLOSED FORM; COST-BASED ANALYSIS; COSTS AND BENEFITS; IDS CONFIGURATION; INFORMATION ASSETS; INFORMATION FLOWS; INFORMATION SECURITY; INTRUSION DETECTION SYSTEMS; INTRUSION RESPONSE; INVESTIGATION CAPACITY; JOINT DECISIONS; NUMERICAL STUDIES; OPTIMAL CONFIGURATIONS; OPTIMAL DECISIONS; VARIOUS CONFIGURATION;

ALARM SYSTEMS; COMPUTER CRIME; COST BENEFIT ANALYSIS; OPTIMIZATION;

INTRUSION DETECTION;

EID: 78049461565     PISSN: 01679236     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.dss.2010.06.001     Document Type: Article

References (27)

1. "Ernst and Young 2006 global information security survey: Achieving success in a globalized world, is yuor way secure?" Ernst and Young" White Paper, 2006.
2. E. A. Fisch, "Intrusion damage control and assessment: A taxonomy and implementation of automated responses to intrusive behavior", PhD Dissertation, Texas A&M University, 1996.
3. S. Axelsson The base-rate fallacy and the difficulty of intrusion detection ACM Transactions on Information and System Security vol. 3 no. 3 2000 186 205
4. R. Bace, and P. Mell "Intrusion detection systems (IDS)," National Institute of Standards and Technology (NIST), Technology Administration, U.S. Department of Commerce, Special Publication 800-31 2001
5. I. Balepin, S. Maltsev, J. Rowe, and K. Levitt Specification-based intrusion detection for automated response Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003), Pittsburg, PA September 8-10 2003 136 154
6. C.A. Carver Jr., and U.W. Pooch An intrusion response taxonomy and its role in automatic intrusion response Proceedings of the 2000 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY June 6-7 2000 11 20
7. H. Cavusoglu, and S. Raghunathan Configuration of detection software: a comparison of decision and game theory approaches Decision Analysis 1 3 2004 131 148
8. C. Endorf, E. Schultz, and J. Mellander Intrusion Detection & Prevention 2004 Osborne/McGraw-Hill Emeryville, CA
9. J.E. Gaffney Jr., and J.W. Ulvila A decision analysis method for evaluating computer intrusion detection systems In Ecision Analysis 1 1 2004 35 50
10. J. Koziol Intrusion Detection with Snort 2003 Sams Publishing Indianapolis, IN
11. W. Lee, and S.J. Stolfo A framework for constructing features and models for intrusion detection systems ACM Transactions on Information and System Security 3 4 2000 227 261
12. W. Lee, W. Fan, M. Miller, S.J. Stolfo, and E. Zadok Toward cost-sensitive modeling for intrusion detection and response Journal of Computer Security 10 2002 5 22 (Pubitemid 34531411)
13. S.M. Lewandowski, D.J.V. Hook, G.C. O'Leary, J.W. Haines, and L.M. Rossey Survivable autonomic response architecture Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX'01), vol. 1, Anaheim CA 2001 77 88
14. R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, and M.A. Zissman Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX), vol. 2 2000 1012 1026
15. R.P. Lippmann, J.W. Haines, D.J. Fried, J. Korba, and K. Das The 1999 DARPA off-line intrusion detection evaluation Computer Networks 34 4 2000 579 595
16. E. Messmer Security Debate Rages Intrusion-Detection Critics and Backers still Sparring Months after Gartner Salvo 2003 Network World, Tech. Rep.
17. C.C. Michael, and A. Ghosh Simple, state-based approaches to program-based anomaly detection ACM Transactions on Information and System Security 5 3 2002 203 237
18. A. Orebaugh, and E. Cole Intrusion prevention and active response: implementing an open source defense Sys Admin: The Journal for UNIX and LINUX Systems Administrators 14 3 2005 20 25
19. N. Provos A virtual honeypot framework Proceedings of the 13th USENIX Security Symposium, San Diego, CA August 9-13 2004 11 20
20. S. Ross Introduction to Probability Models Fifth ed. 1993 Academic Press San Diego, CA
21. N.C. Rowe, J.B. Michael, M. Auguston, and R. Riehle Software decoys for software counterintelligence IAnewsletter 5 1 2002 10 12
22. G. Stoneburner, A. Goguen, and A. Feringa Risk management guide for information technology systems Tech. Rep., National Institute of Standards and Technology (NIST), Technology Administration, U.S. Department of Commerce, Special Publication 800-30 2002
23. P.-N. Tan, M. Steinbach, and V. Kumar Introduction to Data Mining 2005 Not Published yet-accessible at http://www-users.cs.umn.edu/kumar/dmbook/index. php
24. T. Toth, and C. Kruegel Evaluating the impact of automated intrusion response mechanisms Proceedings of 18th Annual Computer Security Applications Conference Dec 9-13, 2002 301 310
25. J.W. Ulvila, and J.E. Gaffney Jr. A decision analysis method for evaluating computer intrusion detection systems Decision Analysis 1 1 2004 35 50
26. N. Weiler Honeypots for distributed denial of service attacks 11th IEEE WET ICE Workshop on Enterprise Security (WETICE'02) June 10-12 2002 CMU Pittsburg, PA 109 114
27. Q.C.N. Ye, S.M. Emran, and S. Vilbert Multivariate statistical analysis of audit trails for host-based intrusion detection IEEE Transactions on Computers 51 7 2002 810 820 (Pubitemid 34835448)