Adaptive information systems control: A reliability-based approach
Journal of Management Information Systems
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Simple, state-based approaches to program-based anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection
IEEE Transactions on Computers
Honeypots for Distributed Denial of Service Attacks
WETICE '02 Proceedings of the 11th IEEE International Workshops on Enabling Technologies: nfrastructure for Collaborative Enterprises
Security agility in response to intrusion detection
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Evaluating the Impact of Automated Intrusion Response Mechanisms
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Intrusion damage control and assessment: a taxonomy and implementation of automated responses to intrusive behavior
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Relevant Data Expansion for Learning Concept Drift from Sparsely Labeled Data
IEEE Transactions on Knowledge and Data Engineering
The Value of Intrusion Detection Systems in Information Technology Security Architecture
Information Systems Research
Risk analysis for information technology
Journal of Management Information Systems
Journal of Management Information Systems - Special section: The impacts of business process change on organizational performance
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Poaching and the Misappropriation of Information: Transaction Risks of Information Exchange
Journal of Management Information Systems
Information Exploitation and Interorganizational Systems Ownership
Journal of Management Information Systems
Evaluating and Tuning Predictive Data Mining Models Using Receiver Operating Characteristic Curves
Journal of Management Information Systems
Journal of Management Information Systems
Journal of Management Information Systems
Understanding the Value of Countermeasure Portfolios in Information Systems Security
Journal of Management Information Systems
Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment
Journal of Management Information Systems
Investments in Information Security: A Real Options Perspective with Bayesian Postaudit
Journal of Management Information Systems
Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers
Journal of Management Information Systems
Security metrics and security investment models
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Detecting complex account fraud in the enterprise: The role of technical and non-technical controls
Decision Support Systems
Information Systems Research
Safe Contexts for Interorganizational Collaborations Among Homeland Security Professionals
Journal of Management Information Systems
Goals and Practices in Maintaining Information Systems Security
International Journal of Information Security and Privacy
Hi-index | 0.00 |
Intrusion prevention requires effective identification of and response to malicious events. In this paper, we model two important managerial decisions involved in the intrusion prevention process: the configuration of the detection component, and the response by the reaction component. The configuration decision affects the number of alarms the firm has to investigate. It is well known that the traditional intrusion detection system generates too many false alarms. The response decision determines whether alarms are going to be investigated or rejected outright. By jointly optimizing these two decision variables, a firm may apply different strategies in protecting its informational assets: slow but accurate, rapid but inaccurate, or a mixture of the two strategies. We use the optimal control approach to study the problem. Unlike previous literature, which studied the problem with a static model, in our model, the decision on balancing the desire to detect all malicious events with the opportunity costs required to do so is time dependent. Furthermore, we show how the choice of an optimal mixture of reactive and proactive responses depends on the values of cost parameters and investigation rate parameters. We find that in our model, a high damage cost does not immediately translate to a preference of proactive response, or a high false rejection cost does not translate to a preference of reactive response. The dynamics of the problem, such as how fast alarms accumulate and how fast they can be cleared, also affect the decisions.