False Positive Responses Optimization for Intrusion Detection System

Baayer, Jalal; Regragui, Boubker; Baayer, Aziz

doi:10.4236/jis.2014.52003

Cited by 3 publications

(2 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The literature does show that systems have flaws and that those very systems are hard to replace, ineffective, and vulnerable to increasing and sophisticated attacks from outside and especially inside [53]. IDS need to be adequately configured to perform as expected [13]. However, it does not mean that the security monitoring stops there.…”

Section: Ethical Behaviormentioning

confidence: 99%

“…It is also fundamental to keep in mind that the human element is a factor where system administrators need to analyze and improve practices to enhance IDS [68]. There is a great deal of opportunity to handle all the big challenges when it comes to better system definition and all associations to implement the right controls [13]. Some systems do currently use a static corresponding matching to decide what is best to deal with current penetration attempts [65].…”

Section: Secured System Developmentmentioning

confidence: 99%

See 1 more Smart Citation

Discovering New Cyber Protection Approaches from a Security Professional Prospective

Loukaka¹,

Rahman²

2017

IJCNC

View full text Add to dashboard Cite

Cybersecurity has become a very hot topic due to high profile breaches that occurred in the past years. Despite the implementation of current known pre-emptive methods such as intrusion detection systems, anti-viruses, and the use of firewalls, hackers still find sophisticated means to steal data or impair an organization by targeting their assets. It is important that security professionals need to "think outside the box" and use new tools and techniques to mitigate threats beyond current known detections and prevention technologies. It is imperative that our infrastructure and assets are impermeable from domestic and foreign attackers. Our best line of defense is the detection of any threats or vulnerability to prevent or minimize damages of our assets from domestic and foreign attackers.

show abstract

Section: Ethical Behaviormentioning

confidence: 99%

Section: Secured System Developmentmentioning

confidence: 99%

Discovering New Cyber Protection Approaches from a Security Professional Prospective

Loukaka¹,

Rahman²

2017

IJCNC

View full text Add to dashboard Cite

show abstract

A Systematic Mapping Study on Intrusion Response Systems

Rezapour,

GhasemiGol,

Takabi

2024

IEEE Access

View full text Add to dashboard Cite

When Being Hot Is Not Cool: Monitoring Hot Lists for Information Security

Kumar

Mookerjee

2016

Information Systems Research

View full text Add to dashboard Cite

We study operational and managerial problems arising in the context of security monitoring where sessions, rather than raw individual events, are monitored to prevent attacks. The objective of the monitoring problem is to maximize the benefit of monitoring minus the monitoring cost. The key trade-off in our model is that as more sessions are monitored, the attack costs should decrease. However, the monitoring cost would likely increase with the number of sessions being monitored. A key step in solving the problem is to derive the probability density of a system with n sessions being monitored with a session’s age measured as the time elapsed since it last generated a suspicious event. We next optimize the number of sessions monitored by trading off the attack cost saved with the cost of monitoring. A profiling step is added prior to monitoring and a resulting two-dimensional optimization problem is studied. Through numerical simulation, we find that a simple size-based policy is quite robust for a very reasonable range of values and, under typical situations, performs almost as well as the two more sophisticated policies do. Also, we find that adopting a simplified policy without using the option of managing sessions using age threshold can greatly increase the ease of finding an optimal solution, and reduce operational overhead with little performance loss compared with a policy using such an option. The insights gained from the mechanics of profiling and monitoring are leveraged to suggest a socially optimal contract for outsourcing these activities in a reward-based contract. We also study penalty-based contracts. Such contracts (specifically, when the penalty is levied as a percentage of the monthly service fee) do not achieve the social optimum. We show how an appropriate penalty coefficient can be chosen to implement a socially optimal penalty-based contract. In addition, we provide a high-level comparison between reward- and penalty-based contracts. In a penalty-based contract, the setting of the fixed payment can be challenging because it requires additional knowledge of the total expected malicious event rate, which needs to be observed through a period of no monitoring.

show abstract

False Positive Responses Optimization for Intrusion Detection System

Cited by 3 publications

References 32 publications

Discovering New Cyber Protection Approaches from a Security Professional Prospective

Discovering New Cyber Protection Approaches from a Security Professional Prospective

A Systematic Mapping Study on Intrusion Response Systems

When Being Hot Is Not Cool: Monitoring Hot Lists for Information Security

Contact Info

Product

Resources

About