Intrusion detection response model based on cost-analysis
-
摘要: 运用博弈论及信息安全技术有关理论,提出了一个基于成本分析的入侵响应投资模型,得出在此安全技术配置下博弈双方的最优策略,讨论了入侵响应的纳什均衡解,并通过成本分析从理论和实践两方面验证了此模型的合理性.针对现有入侵响应系统中不计成本就进行响应的问题,引入入侵损失和响应成本,通过比较二者关系,分析了系统管理员进行响应的条件成本,从而给出系统管理员灵活调整入侵响应的自适应策略,提高信息系统的安全性及抵抗攻击的能力,且避免不必要的资源浪费,实现信息保护和资源可用之间的平衡.Abstract: Applying the methodologies of game theory and network security, considering the decision interdependence of the players, a game model of intrusion response based on cost analysis was presented. The study showed the optimal strategies for the players in the deployment of security technique-Intrusion Detection System(IDS), discussed the Nash equilibrium solutions, and verified the model rationality by cost-analysis from the theoretic and empirical aspects. Focusing on the problem of intrusion response without considering cost now, the model was introduced damage cost and response cost. With comparison with the two kinds of cost, the conditional cost of responding was analyzed, thus an adaptive intrusion response strategy to system administrator was made. This method can illustrate the response policy of system administrator in the actual decision further, improve security and avoid wasting unnecessary resource, then achieve the balance between information protection and resource.
-
Key words:
- game theory /
- security of data /
- intrusion detection /
- intrusion response /
- cost analysis
-
[1] Rebecca T Mercuri. Security watch: analyzing security costs[J]. Communications of the ACM,2003,46(6):15-18 [2] Bistarelli S, Fioravanti F, Peretti P. Defense trees for economic evaluation of security investments Proceedings of the First International Conference on Availability, Reliability and Security (ARES-06) IEEE.Los Alamitos: The IEEE Computer Society, 2006:416-423 [3] Cremonini M, Martini P. Evaluating information security investments from attackers perspective: the Return-On-Attack (ROA) Proceedings of the Fourth Workshop on the Economics of Information Security. Cambridge: ,2005 [4] Gordon L,Loeb M. The economics of information security investment[J]. ACM Transactions on Information and System Security,2002,5(4):438-457 [5] Gordon L,Loeb M.Budgeting process for information security expenditures[J]. Communications of the ACM,2006,49(1):121-125 [6] Cavusoglu H, Mishra B, Raghunathan S. A model for evaluating IT security investments[J].Communications of the ACM,2004,47(7):87-92 [7] Cavusoglu H, Mishra B, Raghunathan S.The value of IDS in IT security architecture[J].Information Systems Research,2005,19(1):28-46 [8] Wenke Lee, Wei Fan, Matthew Miller,et al. Toward cost-sensitive modeling for intrusion detection and response[J].Journal of Computer Security,2002,10:5-22 [9] McHugh J, Christie A.C, Allen J. Defending yourself: The role of intrusion detection systems[J]. IEEE Software,2000,17(5):42-51 [10] NIST Publication 800-12.1996. An Introduction to Computer Security[S] [11] NorthcuttS.Intrusion detection:an analyst-handbook[M].Indianapolis: New Riders Publishing ,1999 -
点击查看大图
计量
- 文章访问数: 3636
- HTML全文浏览量: 230
- PDF下载量: 1109
- 被引次数: 0
下载:
