[1]方玲,仲伟俊,梅姝娥.多入侵检测系统与人工调查组合的安全技术管理策略[J].东南大学学报(自然科学版),2015,45(4):811-816.[doi:10.3969/j.issn.1001-0505.2015.04.034]
 Fang Ling,Zhong Weijun,Mei Shue.Security technology management strategy of multi-intrusion detection systems and manual investigation portfolio[J].Journal of Southeast University (Natural Science Edition),2015,45(4):811-816.[doi:10.3969/j.issn.1001-0505.2015.04.034]
点击复制

多入侵检测系统与人工调查组合的安全技术管理策略()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
45
期数:
2015年第4期
页码:
811-816
栏目:
经济与管理
出版日期:
2015-07-20

文章信息/Info

Title:
Security technology management strategy of multi-intrusion detection systems and manual investigation portfolio
作者:
方玲仲伟俊梅姝娥
东南大学经济管理学院, 南京 211189
Author(s):
Fang Ling Zhong Weijun Mei Shu’e
School of Economics and Management, Southeast University, Nanjing 211189, China
关键词:
信息系统安全 纵深防御 入侵检测系统 人工调查 检测率
Keywords:
information system security defend in depth intrusion detection system manual investigation detection rate
分类号:
C931.6;F272.3
DOI:
10.3969/j.issn.1001-0505.2015.04.034
摘要:
为了实现对信息系统安全的纵深防御,从经济管理角度出发,将多个IDS和人工调查技术相组合,利用博弈论研究了其最优配置与策略.研究结果显示,组织部署多个IDS可从一定程度上提高整体入侵检测率,从而减少入侵,降低组织人工调查率.但随着入侵检测率的提高,系统误报率也得到提高,这必然导致人工调查成本增加,从而影响组织期望收益,因此部署多个IDS时的期望收益并不总是高于部署单个IDS.当人工调查成本小于等于1时,检测率提高程度倒数与误报率提高程度倒数之差小于0则部署多个IDS时期望收益较大;当人工调查成本大于1且较高时,同时取决于上述倒数差和另一个因子,两者保持异号时则部署多个IDS时期望收益较大.
Abstract:
In order to defend an organization’s information system in depth, the optimal configurations and strategy of several intrusion detection systems(IDSs)and manual investigation portfolio are studied with the game-theoretic method from the perspective of economics and management. The results show that when the organization deploys several IDSs together with manual investigation, the whole intrusion detection rate is improved at some degree, and intrusions and manual investigations are decreased. Though the detection rate is improved, the false positive rate is also increased, which results in higher costs of manual investigation and the decrease in the expected payoff for the organization. Therefore, the payoff for the organization to deploy several IDSs is not always higher than that to deploy single one. When the cost of a manual investigation is below or equal to 1 and the difference between the reciprocal of detection rate improvement and that of false rate improvement is negative, the payoff of deploying several IDSs is higher than that of deploying single one. When the cost of manual investigation is above 1 and high enough, the payoff of deploying several IDSs depends on both the difference above and the other factor, and it is higher when both of the two factors are kept in opposite sign.

参考文献/References:

[1] Liao H J, Lin C H R, Lin Y C, et al. Intrusion detection system: a comprehensive review[J]. Journal of Network & Computer Applications, 2013, 36(1): 16-24.
[2] Xenakis C, Panos C, Stavrakakis I. A comparative evaluation of intrusion detection architectures for mobile ad hoc networks[J]. Computers & Security, 2011, 30(1): 63-80.
[3] Farooqi A H, Khan F A, Wang J, et al. A novel intrusion detection framework for wireless sensor networks[J]. Personal and Ubiquitous Computing, 2013, 17(5): 907-919.
[4] Modi C, Patel D, Borisaniya B, et al. A survey of intrusion detection techniques in Cloud[J]. Journal of Network and Computer Applications, 2013, 36(1): 42-57.
[5] Wu S X, Banzhaf W. The use of computational intelligence in intrusion detection systems: a review[J]. Applied Soft Computing, 2010, 10(1): 1-35.
[6] Cavusoglu H, Mishra B, Raghunathan S. The value of intrusion detection systems information technology security architecture[J]. Information Systems Research, 2005, 16(1): 28-46.
[7] 李天目,仲伟俊,梅姝娥.入侵防御系统管理和配置的检查博弈分析[J].系统工程学报,2008,23(5):589-595.
  Li Tianmu, Zhong Weijun, Mei Shu’e. Inspection game analysis of intrusion prevention system management and configuration[J]. Journal of Systems Engineering, 2008, 23(5): 589-595.(in Chinese)
[8] Liu S, Zhang D Y, Chu X, et al. A game theoretic approach to optimize the performance of host-based IDS[C]//IEEE International Conference on Wireless & Mobile Computing, Networking & Communication. Avignon, France, 2008: 448-453.
[9] Chen L, Leneutre J. A game theoretical framework on intrusion detection in heterogeneous networks[J]. IEEE Transactions on Information Forensics and Security, 2009, 4(2): 165-178.
[10] Elshoush H T, Osman I M. Alert correlation in collaborative intelligent intrusion detection systems—a survey[J]. Applied Soft Computing, 2011, 11(7): 4349-4365.
[11] Ö(ˇoverg)üt H. The configuration and detection strategies for information security systems[J]. Computers & Mathematics with Applications, 2013, 65(9): 1234-1253.
[12] Cavusoglu H, Raghunathan S, Cavusoglu H. Configuration of and interaction between information security technologies: the case of firewalls and intrusion detection systems[J]. Information Systems Research, 2009, 20(2): 198-217.
[13] Zhao L R, Mei S E, Zhong W J. Optimal configuration of firewall,IDS and vulnerability scan by game theory[J]. Journal of Southeast University: English Edition, 2011, 27(2): 144-147.
[14] 赵柳榕,梅姝娥,仲伟俊.基于风险偏好的两种信息安全技术配置策略[J].系统工程学报,2014,29(3):324-333.
  Zhao Liurong, Mei Shu’e, Zhong Weijun. Configuration strategy of two information security technologies based on risk preference[J]. Journal of Systems Engineering, 2014, 29(3): 324-333.(in Chinese)
[15] Feng Q M, Sahin H D, Kapur K C. Designing airport checked-baggage-screening strategies considering system capability and reliability[J]. Reliability Engineering and System Safety, 2009, 94(2): 618-627.
[16] Toosi A N, Kahani M. A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers [J]. Computer Communications, 2007, 30(10): 2201-2212.

备注/Memo

备注/Memo:
收稿日期: 2015-01-13.
作者简介: 方玲(1985—),女,博士生;梅姝娥(联系人),女,博士,教授,博士生导师,meishu’e@seu.edu.cn.
基金项目: 国家自然科学基金资助项目(71071033)、江苏省普通高校研究生科研创新计划资助项目(CXLX13_124).
引用本文: 方玲,仲伟俊,梅姝娥.多入侵检测系统与人工调查组合的安全技术管理策略[J].东南大学学报:自然科学版,2015,45(4):811-816. [doi:10.3969/j.issn.1001-0505.2015.04.034]
更新日期/Last Update: 2015-07-20