摘要
为了实现对信息系统安全的纵深防御,从经济管理角度出发,将多个IDS和人工调查技术相组合,利用博弈论研究了其最优配置与策略.研究结果显示,组织部署多个IDS可从一定程度上提高整体入侵检测率,从而减少入侵,降低组织人工调查率.但随着入侵检测率的提高,系统误报率也得到提高,这必然导致人工调查成本增加,从而影响组织期望收益,因此部署多个IDS时的期望收益并不总是高于部署单个IDS.当人工调查成本小于等于1时,检测率提高程度倒数与误报率提高程度倒数之差小于0则部署多个IDS时期望收益较大;当人工调查成本大于1且较高时,同时取决于上述倒数差和另一个因子,两者保持异号时则部署多个IDS时期望收益较大.
In order to defend an organization's information system in depth, the optimal configura- tions and strategy of several intrusion detection systems (IDSs) and manual investigation portfolio are studied with the game-theoretic method from the perspective of economics and management. The results show that when the organization deploys several IDSs together with manual investigation, the whole intrusion detection rate is improved at some degree, and intrusions and manual investigations are decreased. Though the detection rate is improved, the false positive rate is also increased, which results in higher costs of manual investigation and the decrease in the expected payoff for the organi- zation. Therefore, the payoff for the organization to deploy several IDSs is not always higher than that to deploy single one. When the cost of a manual investigation is below or equal to 1 and the difference between the reciprocal of detection rate improvement and that of false rate improvement is negative, the payoff of deploying several IDSs is higher than that of deploying single one. When the cost of manual investigation is above 1 and high enough, the payoff of deploying several IDSs de- pends on both the difference above and the other factor, and it is higher when both of the two factors are kept in opposite sign.
出处
《东南大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2015年第4期811-816,共6页
Journal of Southeast University:Natural Science Edition
基金
国家自然科学基金资助项目(71071033)
江苏省普通高校研究生科研创新计划资助项目(CXLX13_124)
关键词
信息系统安全
纵深防御
入侵检测系统
人工调查
检测率
information system security
defend in depth
intrusion detection system
manual inves-tigation
detection rate
