IDEAS home Printed from https://ideas.repec.org/a/eee/ejores/v195y2009i1p186-204.html
   My bibliography  Save this article

The management of intrusion detection: Configuration, inspection, and investment

Author

Listed:
  • ÇakanyIldIrIm, Metin
  • Yue, Wei T.
  • Ryu, Young U.

Abstract

This paper analyzes intrusion detection decisions in the presence of multiple alarm types, which differ in occurrence probabilities, damage and investigation costs. Specifically, multi-period optimization models are used to study three critical decisions associated with intrusion detection: (i) Allocation of the investigation budget to different periods and to different alarm types; (ii) Configuration of an intrusion detection system (IDS), i.e. choosing a false alarm rate for a given IDS; and (iii) Allocation of an appropriate amount of the investigation budget in the presence of alternative investment opportunities. Three models that cascade onto each other are presented. We minimize the sum of security costs including damages, due to ignored alarms, the investigation cost and the undetected intrusion cost. We show that it can be optimal to ignore non-critical alarms in order to allocate more of the investigation budget to critical alarms that may occur in the future. We establish that the security costs decrease as the investigation budget increases. Our last model deals with security investments--in the form of an investigation budget. The investigation budget must be increased until the rate of increase in savings in security costs due to the additional budget are equal to the internal rate of return of an organization. These analyses are done with explicit (derived) cost functions, as opposed to implicit (assumed) cost functions. We conclude by providing additional managerial insights and numerical examples.

Suggested Citation

  • ÇakanyIldIrIm, Metin & Yue, Wei T. & Ryu, Young U., 2009. "The management of intrusion detection: Configuration, inspection, and investment," European Journal of Operational Research, Elsevier, vol. 195(1), pages 186-204, May.
    • Handle: RePEc:eee:ejores:v:195:y:2009:i:1:p:186-204
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0377-2217(08)00141-0
    Download Restriction: Full text for ScienceDirect subscribers only
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Huseyin Cavusoglu & Birendra Mishra & Srinivasan Raghunathan, 2005. "The Value of Intrusion Detection Systems in Information Technology Security Architecture," Information Systems Research, INFORMS, vol. 16(1), pages 28-46, March.
    2. Jacob W. Ulvila & John E. Gaffney, 2004. "A Decision Analysis Method for Evaluating Computer Intrusion Detection Systems," Decision Analysis, INFORMS, vol. 1(1), pages 35-50, March.
    3. Huseyin Cavusoglu & Srinivasan Raghunathan, 2004. "Configuration of Detection Software: A Comparison of Decision and Game Theory Approaches," Decision Analysis, INFORMS, vol. 1(3), pages 131-148, September.
    4. Fessi, B.A. & Hamdi, M. & Benabdallah, S. & Boudriga, N., 2007. "A decisional framework system for computer network intrusion detection," European Journal of Operational Research, Elsevier, vol. 177(3), pages 1824-1838, March.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Hulisi Ogut & Huseyin Cavusoglu & Srinivasan Raghunathan, 2008. "Intrusion-Detection Policies for IT Security Breaches," INFORMS Journal on Computing, INFORMS, vol. 20(1), pages 112-123, February.
    2. Huseyin Cavusoglu & Byungwan Koh & Srinivasan Raghunathan, 2010. "An Analysis of the Impact of Passenger Profiling for Transportation Security," Operations Research, INFORMS, vol. 58(5), pages 1287-1302, October.
    3. Xing Gao & Weijun Zhong & Shue Mei, 2013. "Information Security Investment When Hackers Disseminate Knowledge," Decision Analysis, INFORMS, vol. 10(4), pages 352-368, December.
    4. Huseyin Cavusoglu & Hasan Cavusoglu, 2007. "Assessing the Value of Network Security Technologies: The Impact of Configuration and Interaction on Value," Working Papers 07-19, NET Institute, revised Aug 2007.
    5. Xing Gao & Weijun Zhong & Shue Mei, 2015. "Security investment and information sharing under an alternative security breach probability function," Information Systems Frontiers, Springer, vol. 17(2), pages 423-438, April.
    6. Huseyin Cavusoglu & Srinivasan Raghunathan & Hasan Cavusoglu, 2009. "Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems," Information Systems Research, INFORMS, vol. 20(2), pages 198-217, June.
    7. Young U. Ryu & Hyeun-Suk Rhee, 2008. "Improving Intrusion Prevention Models: Dual-Threshold and Dual-Filter Approaches," INFORMS Journal on Computing, INFORMS, vol. 20(3), pages 356-367, August.
    8. Huseyin Cavusoglu & Young Kwark & Bin Mai & Srinivasan Raghunathan, 2013. "Passenger Profiling and Screening for Aviation Security in the Presence of Strategic Attackers," Decision Analysis, INFORMS, vol. 10(1), pages 63-81, March.
    9. Yonghua Ji & Subodha Kumar & Vijay Mookerjee, 2016. "When Being Hot Is Not Cool: Monitoring Hot Lists for Information Security," Information Systems Research, INFORMS, vol. 27(4), pages 897-918, December.
    10. Jun Zhuang & Vicki M. Bier, 2007. "Balancing Terrorism and Natural Disasters---Defensive Strategy with Endogenous Attacker Effort," Operations Research, INFORMS, vol. 55(5), pages 976-991, October.
    11. Rakesh K. Sarin & L. Robin Keller, 2013. "From the Editors: Probability Approximations, Anti-Terrorism Strategy, and Bull's-Eye Display for Performance Feedback," Decision Analysis, INFORMS, vol. 10(1), pages 1-5, March.
    12. Gao, Xing & Zhong, Weijun & Mei, Shue, 2013. "A game-theory approach to configuration of detection software with decision errors," Reliability Engineering and System Safety, Elsevier, vol. 119(C), pages 35-43.
    13. Bernardino, Wilton & Ospina, Raydonal & Souza, Filipe Costa de & Rêgo, Leandro & Pereira, Felipe, 2021. "Risk curves: A methodology to evaluate the risk of fraud by stock price manipulation based on game theory and detection software," Journal of Economics and Business, Elsevier, vol. 113(C).
    14. Chuanxi Cai & Shue Mei & Weijun Zhong, 2019. "Configuration of intrusion prevention systems based on a legal user: the case for using intrusion prevention systems instead of intrusion detection systems," Information Technology and Management, Springer, vol. 20(2), pages 55-71, June.
    15. Mehmet Eren Ahsen & Mehmet Ulvi Saygi Ayvaci & Srinivasan Raghunathan, 2019. "When Algorithmic Predictions Use Human-Generated Data: A Bias-Aware Classification Algorithm for Breast Cancer Diagnosis," Service Science, INFORMS, vol. 30(1), pages 97-116, March.
    16. Xing Gao & Weijun Zhong, 2015. "Information security investment for competitive firms with hacker behavior and security requirements," Annals of Operations Research, Springer, vol. 235(1), pages 277-300, December.
    17. Alain Bensoussan & Vijay Mookerjee & Wei T. Yue, 2020. "Managing Information System Security Under Continuous and Abrupt Deterioration," Production and Operations Management, Production and Operations Management Society, vol. 29(8), pages 1894-1917, August.
    18. Huseyin Cavusoglu & Srinivasan Raghunathan, 2004. "Configuration of Detection Software: A Comparison of Decision and Game Theory Approaches," Decision Analysis, INFORMS, vol. 1(3), pages 131-148, September.
    19. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    20. Xiaotong Li, 2022. "An evolutionary game‐theoretic analysis of enterprise information security investment based on information sharing platform," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(3), pages 595-606, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ejores:v:195:y:2009:i:1:p:186-204. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/eor .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.