Toward cost-sensitive modeling for intrusion detection and response

Lee, Wenke; Fan, Wei; Miller, Matthew; Stolfo, Salvatore J.; Zadok, Erez

doi:10.3233/jcs-2002-101-202

Cited by 218 publications

(153 citation statements)

References 15 publications

Supporting

Mentioning

152

Contrasting

Order By: Relevance

“…Lee [10] pointed out that a natural tendency in developing an intrusion detection system (IDS) is trying to maximize its technical effectiveness while neglecting the cost-benefit trade-off. An IDS needs to be cost-effective because it should cost no more than the expected level of loss from intrusions.…”

Section: Decision Model Analysismentioning

confidence: 99%

See 1 more Smart Citation

Autonomous decision on intrusion detection with trained BDI agents

Orfila

Carbó

Ribagorda

2008

Computer Communications

View full text Add to dashboard Cite

In the context of computer security, the first step to respond to an intrusive incident is the detection of such activity in the monitored system. In recent years, research in intrusion detection has evolved to become a multi-discipline task that involves areas such as data mining, decision analysis, agent-based systems or cost-benefit analysis among others. We propose a multiagent IDS that considers decision analysis techniques in order to configure itself optimally according to the conditions faced. This IDS also provides a quantitative measure of the value of the response decision it can autonomously take. Results regarding the well known 1999 KDD dataset are shown.

show abstract

Section: Decision Model Analysismentioning

confidence: 99%

“…With respect to the response function, decision analysis [7,8] and cost-benefit modelling [9][10][11][12] are the most promising approaches. The former has been used to model the decision making process of taking actions against suspicious events and to evaluate IDS effectiveness.…”

Section: Introductionmentioning

confidence: 99%

Autonomous decision on intrusion detection with trained BDI agents

Orfila

Carbó

Ribagorda

2008

Computer Communications

View full text Add to dashboard Cite

show abstract

“…All sensor configurations are then tested to determine the global sensor configuration that satisfies all detection thresholds but has the lowest impact on resources. For the purposes of this implementation, resource impact is assessed by the sum of all resource costs of sensor configurations into a single value, which could be enhanced with a more thorough cost model [22] or use of the more advanced metrics previously discussed in Subsection 2.3. If a new sensor configuration is found, the IDS profile representing the new configuration is sent to the affected host-based agents.…”

Section: Response Agentmentioning

confidence: 99%

“…These rules modify the overall SAV of a state based on the presence or absence of particular event instances, and can be synergistic (i.e., two event instances result in a net SAV greater than their sum) or dyssynergistic (i.e., two event instances result in a net SAV less than their sum). Cost models based on risk analysis [22] can also be adapted to determine these values.…”

Section: Prevention and Recovery Response Modelmentioning

confidence: 99%

A Network-Based Response Framework and Implementation

Tylutki

Levitt

2009

Active and Programmable Networks

View full text Add to dashboard Cite

Abstract. As the number of network-based attacks increase, and system administrators become overwhelmed with Intrusion Detection System (IDS) alerts, systems that respond to these attacks are rapidly becoming a key area of research. Current response solutions are either localized to individual hosts, or focus on a refined set of possible attacks or resources, which emulate many features of low level IDS sensors.In this paper, we describe a modular network-based response framework that can incorporate existing response solutions and IDS sensors. This framework combines these components by uniting models that represent: events that affect the state of the system, the detection capabilities of sensors, the response capabilities of response agents, and the conditions that represent system policy. Linking these models provides a foundation for generating responses that can best satisfy policy, given the perceived system state and the capabilities of sensors and response agents.

show abstract

“…He found that in most cases such a rate is unattainable. Following that, researchers in [13] developed the techniques for building an intrusion detection system on the basis of cost-sensitive models. The first comprehensive study on the cost effectiveness of intrusion detection systems appeared in [5], which addresses the problem of finding the optimal configuration of a single intrusion detection system, and various combinations of multiple intrusion detection systems.…”

Section: Introductionmentioning

confidence: 99%

Analysis of Data Dependency Based Intrusion Detection System

Nugmanov

Panda

2009

Data and Applications Security XXIII

View full text Add to dashboard Cite

Abstract. This research focuses on analyzing the cost effectiveness of a database intrusion detection system that uses dependencies among data items to detect malicious transactions. The model suggested in this paper considers three main factors: the quality of intrusion detection, the probability of intrusion, and the cost structure of an organization whose data is protected by the intrusion detection system. We developed a step by step approach that helps in determining the optimal configuration expressed by the response strategy and the threshold value. The experimental results show that our model is capable of finding the optimal configuration while taking the cost structure of an organization into consideration.

show abstract

Toward cost-sensitive modeling for intrusion detection and response

Cited by 218 publications

References 15 publications

Autonomous decision on intrusion detection with trained BDI agents

Autonomous decision on intrusion detection with trained BDI agents

A Network-Based Response Framework and Implementation

Analysis of Data Dependency Based Intrusion Detection System

Contact Info

Product

Resources

About