• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Decision support systems >A cost-based analysis of intrusion detection system configuration under active or passive response
【24h】

A cost-based analysis of intrusion detection system configuration under active or passive response

机译:基于主动或被动响应的入侵检测系统配置的基于成本的分析

获取原文
获取原文并翻译 | 示例
       
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

This paper studies the joint decisions of IDS configuration and alarm investigation capacity under active and passive responses. In active response, alarm events are blocked immediately, whereas alarm events are allowed to access the information assets in the passive response. Despite facilitating information flow, passive response exposes the assets to attacks while the security analysts investigate the alarms. On the other hand, active response may unnecessarily delay the benign traffic since alarm events are blocked. We find closed-form formulas for the optimal investigation capacity and show the optimal configuration under active response is smaller than under passive response. We also provide expressions that can be used to evaluate security costs and benefits under various configurations, capacities and responses. Numerical studies are done to illustrate the sensitivity of the optimal decisions.
机译:本文研究了主动和被动响应下IDS配置和警报调查能力的联合决策。在主动响应中,警报事件将立即被阻止,而警报事件则被允许访问被动响应中的信息资产。尽管有利于信息流,但是被动响应使资产受到攻击,而安全分析师则调查警报。另一方面,由于警报事件被阻止,主动响应可能会不必要地延迟良性流量。我们找到了具有最佳调查能力的闭式公式,并显示了在主动响应下的最佳配置小于在被动响应下的最佳配置。我们还提供了可用于评估各种配置,容量和响应下的安全成本和收益的表达式。数值研究表明了最优决策的敏感性。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号