Optimal Thresholds for Intrusion Detection Systems

Aron Laszka, Waseem Abbas, S. Shankar Sastry, Yevgeniy Vorobeychik, Xenofon Koutsoukos

Research output: Contribution to conferencePaperpeer-review

22 Scopus citations

Abstract

In recent years, we have seen a number of successful attacks against high-profile targets, some of which have even caused severe physical damage. These examples have shown us that resourceful and determined attackers can penetrate virtually any system, even those that are secured by the \air-gap."Consequently, in order to minimize the impact of stealthy attacks, defenders have to focus not only on strengthening the first lines of defense but also on deploying effective intrusiondetection systems. Intrusion-detection systems can play a key role in protecting sensitive computer systems since they give defenders a chance to detect and mitigate attacks before they could cause substantial losses. However, an oversensitive intrusion-detection system, which produces a large number of false alarms, imposes prohibitively high operational costs on a defender since alarms need to be manually investigated. Thus, defenders have to strike the right balance between maximizing security and minimizing costs. Optimizing the sensitivity of intrusion detection systems is especially challenging in the case when multiple interdependent computer systems have to be defended against a strategic attacker, who can target computer systems in order to maximize losses and minimize the probability of detection. We model this scenario as an attacker-defender security game and study the problem of finding optimal intrusion detection thresholds.

Original languageEnglish (US)
Pages72-81
Number of pages10
DOIs
StatePublished - 2016
EventSymposium and Bootcamp on the Science of Security, HotSos 2016 - Pittsburgh, United States
Duration: Apr 19 2016Apr 21 2016

Conference

ConferenceSymposium and Bootcamp on the Science of Security, HotSos 2016
Country/TerritoryUnited States
CityPittsburgh
Period4/19/164/21/16

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Optimal Thresholds for Intrusion Detection Systems'. Together they form a unique fingerprint.

Cite this