Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems

Cavusoglu, Huseyin; Raghunathan, Srinivasan; Cavusoglu, Hasan

doi:10.1287/isre.1080.0180

Cited by 74 publications

(44 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Probability of detection is P D, probability of false negative is 1−P D ; Probability of false positive is P F. P D = P (classified as attacker | attacking transaction); P F = P (classified as attacker | normal transaction); [10]. Because of the inaccuracy inherent in the IDS, manual investigations from a human security expert are necessary to verify the signal given by the IDS.…”

Section: Strategies and Notationsmentioning

confidence: 99%

A game-theory approach to manage decision errors

Cai

Mei

Zhong

2016

MATEC Web of Conferences

View full text Add to dashboard Cite

Abstract. With the fast development of modern computer and networks, information communication between firms and users becomes more complex. Recently, a game-theory approach has been widely used to investigate this issue. However, for firms and users, inaccuracies (defined as decision errors) persist in the gap between strategic decisions and actual actions. This paper, based on game theory, analyses the effects of decision errors on optimal equilibrium strategy of the firm and the user. Precisely speaking, we analysed how the firm and the user adjust their strategy accordingly to compensate for the mistakes caused by decision errors. Besides, we demonstrated that decision errors are not necessarily bad for the firm, and put forward the optimal methods of managing decision errors.

show abstract

Section: Strategies and Notationsmentioning

confidence: 99%

A game-theory approach to manage decision errors

Cai

Mei

Zhong

2016

MATEC Web of Conferences

View full text Add to dashboard Cite

show abstract

“…The academic research community, in contrast, has aimed to shift focus on providing specific guidance about security investments, though in many cases this guidance is in very specific security contexts, such as whether or not to deploy a firewall or an IDS, and how to configure it if deployed [113,107,32,29,31,33]. The corresponding approaches are either decision theoretic, modeling threats as unaffected by mitigation policies [113,107,32], or game theoretic, accounting for the impact of security policies on attackers' incentives [32,29,31,33].…”

Section: Literature Reviewmentioning

confidence: 99%

“…The corresponding approaches are either decision theoretic, modeling threats as unaffected by mitigation policies [113,107,32], or game theoretic, accounting for the impact of security policies on attackers' incentives [32,29,31,33].…”

Section: Literature Reviewmentioning

confidence: 99%

“…For example, the standard approach to security risk management in the industry is to consider consequences in terms of asset value, consequence of a threat on that value, and frequency of threat, but either treats assets as independent, or abstracts away the complex interdependencies in a single cost/value measure [72]. Research in IT security management has largely been in line with this framework [113,107,32,29,43,31,88,30,33,15]. The strands that explicitly model interdependent risk focus on spillover effects among many organizations or entities, rather than policy to secure interdependent assets [73,89].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Strategic analysis of complex security scenarios.

Vorobeychik¹

2012

View full text Add to dashboard Cite

Many advanced technical tools are available to prevent attacks on national infrastructure. Nevertheless, while traditional analyses of security problems have succeeded in producing good technical solutions, they have often ignored the human factor integral to these problems. Human attackers (who may be individuals or state-level attackers) expend substantial effort to breach security because they have the incentive for doing so. People involved in implementing security follow individual incentives, which need not align with global security concerns; consequently, desired security solutions are often implemented poorly, or not at all. This complex interplay between individual incentives and global (organizational and/or national) goals can be modeled and analyzed using game theoretic techniques. By analyzing not only what is possible, but also what is motivated, a holistic approach to security problems can be developed, informing policy and providing tools to policy makers.We study game theoretic models that unify several current incentive-based approaches to security, and develop simulation-based and mathematical optimization methods for analyzing such models that exploit the high-performance computing capabilities at Sandia. Our first model studies security in interdependent settings, offering a scalable local search heuristic to approximate optimal security decisions in general, and a linear programming approach, coupled with simulations of consequences, to optimally compute security in an important special case. Our second class of models addresses security patrolling problems when an adversary gets to observe the patrol location. We present a general framework, based on stochastic games, for computing optimal security policies in such settings, and present more scalable tools that apply in the important special cases. Our third contribution is a model of security that involves many defenders, but only models nonadaptive attackers (or natural disasters, inadvertent errors, etc). In this model, we demonstrate that the security decisions of many players result in global security configuration that is not very far from optimal, and is much more resilient to environment changes that an optimal solution. This positive effect dissipates, however, when the number of decision makers becomes too large.3

show abstract

“…In the following paragraphs, we give a brief overview of the literature on IT security before describing the methodology and the analysis sections. The IT security literature is extensive, covering such manifold topics as information sharing among peers [11], disclosure of vulnerabilities in software [16], disclosure of security breaches [23], technical capabilities against outside attacks [2] and technical capabilities against opportunistic employees [12]. Several published reviews of the ITsec literature provide comprehensive meta-analyses of technical and behavioral ITsec research [25], of the deterrence approach in compliance [8], and of the different approaches to increase employee compliance to ITsec policies [1].…”

Section: Introduction and Literature Backgroundmentioning

confidence: 99%