Entry Ryu:2008:EID from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Ryu:2008:EID,
  author =       "Young U. Ryu and Hyeun-Suk Rhee",
  title =        "Evaluation of Intrusion Detection Systems Under a
                 Resource Constraint",
  journal =      j-TISSEC,
  volume =       "11",
  number =       "4",
  pages =        "20:1--20:??",
  month =        jul,
  year =         "2008",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/1380564.1380566",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Tue Aug 5 19:37:22 MDT 2008",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "An intrusion detection system plays an important role
                 in a firm's overall security protection. Its main
                 purpose is to identify potentially intrusive events and
                 alert the security personnel to the danger. A typical
                 intrusion detection system, however, is known to be
                 imperfect in detection of intrusive events, resulting
                 in high false-alarm rates. Nevertheless, current
                 intrusion detection models unreasonably assume that
                 upon alerts raised by a system, an information security
                 officer responds to all alarms without any delay and
                 avoids damages of hostile activities. This assumption
                 of responding to all alarms with no time lag is often
                 impracticable. As a result, the benefit of an intrusion
                 detection system can be overestimated by current
                 intrusion detection models. In this article, we extend
                 previous models by including an information security
                 officer's alarm inspection under a constraint as a part
                 of the process in determining the optimal intrusion
                 detection policy. Given a potentially hostile
                 environment for a firm, in which the intrusion rates
                 and costs associated with intrusion and security
                 officers' inspection can be estimated, we outline a
                 framework to establish the optimal operating points for
                 intrusion detection systems under security officers'
                 inspection constraint. The optimal solution to the
                 model will provide not only a basis of better
                 evaluation of intrusion detection systems but also
                 useful insights into operations of intrusion detection
                 systems. The firm can estimate expected benefits for
                 running intrusion detection systems and establish a
                 basis for increase in security personnel to relax
                 security officers' inspection constraint.",
  acknowledgement = ack-nhfb,
  articleno =    "20",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
  keywords =     "computer security; intrusion detection; optimal
                 inspection rates; optimal operating points",
}

Related entries

activity, 2(1)65, 12(1)4, 12(2)13, 15(4)17, 16(4)14, 17(3)12
alarm, 6(4)443, 11(4)17
alert, 2(4)354, 7(2)274, 10(1)4, 11(3)12, 12(3)16
all, 1(1)93, 2(2)159, 2(3)332, 2(4)416, 10(1)4, 10(2)5, 10(4)2, 10(4)4, 11(2)1, 11(2)3, 11(2)4, 11(2)5, 11(2)6, 11(3)13, 11(4)18, 11(4)22, 12(2)10, 12(3)18, 13(1)10, 13(3)25, 13(3)28, 13(4)38, 13(4)41, 14(1)6, 14(1)14, 14(3)27, 15(1)4, 15(2)9, 15(3)14, 15(4)16, 15(4)17, 16(1)4, 17(1)2, 17(3)9, 17(3)11, 18(1)2, 18(2)5
any, 1(1)66, 1(1)93, 2(4)390, 9(4)461, 10(3)10, 10(3)12, 10(4)1, 10(4)4, 11(2)4, 11(2)6, 11(3)13, 11(3)16, 12(1)3, 12(1)5, 12(1)6, 12(2)8, 12(2)9, 12(2)10, 12(3)14, 12(3)18, 12(3)19, 12(4)20, 13(1)10, 13(3)28, 13(4)33, 13(4)39, 14(1)6, 14(1)8, 14(1)9, 14(4)32, 15(1)2, 15(2)9, 15(2)10, 15(4)17, 16(2)6, 16(2)7, 16(3)12, 16(4)13, 16(4)15, 17(2)8, 17(3)9, 17(3)11, 18(1)1
article, 10(1)3, 11(1)3, 11(1)4, 11(2)5, 11(3)12, 11(3)14, 11(3)15, 11(3)16, 11(4)22, 11(4)23, 12(1)1, 12(1)2, 12(1)4, 12(1)6, 12(2)8, 12(2)10, 12(2)13, 12(3)14, 12(3)16, 12(3)17, 12(3)19, 12(4)21, 12(4)22, 13(3)22, 13(3)24, 13(3)25, 13(3)27, 13(3)28, 13(4)29, 13(4)31, 13(4)32, 13(4)34, 13(4)36, 13(4)41, 14(1)2, 14(1)3, 14(1)4, 14(1)10, 14(1)13, 14(1)14, 14(3)23, 14(3)25, 14(4)30, 15(2)9, 15(2)10, 15(3)11, 15(3)12, 15(3)13, 15(4)15, 15(4)16, 15(4)17, 16(1)1, 16(1)4, 16(2)6, 16(2)7, 16(2)8, 16(3)10, 16(4)14, 16(4)15, 17(2)8, 17(3)9, 17(3)11, 17(3)12, 17(4)13, 17(4)16, 18(1)3, 18(2)5, 18(2)7, 18(3)9, 18(3)10, 18(3)11, 18(4)12, 18(4)14
associated, 1(1)26, 2(1)105, 10(4)2, 12(3)18, 13(3)26, 13(4)33, 15(3)13, 16(4)15
assume, 11(3)12, 11(3)15, 15(3)12, 17(1)2
assumption, 2(3)230, 2(3)332, 3(3)161, 9(2)181, 11(2)3, 11(2)6, 12(1)1, 12(1)3, 12(2)9, 12(4)21, 13(4)38, 15(1)4, 15(3)12, 16(1)4, 16(2)5, 16(4)13, 18(3)10
avoid, 12(2)11, 12(3)16, 12(3)17
basis, 2(1)34, 2(3)295, 10(4)2, 11(4)22, 12(1)2, 13(3)27, 14(1)8, 16(4)14
benefit, 9(2)181, 9(4)461, 10(1)3, 10(3)11, 10(4)4, 11(4)23, 12(2)13, 13(4)31, 14(1)7, 14(1)9, 16(1)1, 16(3)11
better, 10(4)5, 11(1)4, 11(4)23, 13(4)40, 17(1)1, 17(4)14, 17(4)15, 18(1)1, 18(3)10
computer, 1(1)66, 2(1)34, 2(1)105, 2(2)159, 2(3)230, 2(3)269, 2(3)332, 2(4)354, 2(4)416, 10(2)5, 12(2)7, 13(2)11, 15(1)1, 15(2)9, 16(2)5, 17(2)6
constraint, 2(1)65, 3(4)207, 6(4)501, 7(3)392, 9(2)162, 10(1)2, 10(2)5, 10(2)7, 10(4)2, 11(1)3, 11(2)6, 11(3)14, 12(2)8, 12(2)10, 12(3)19, 13(1)5, 13(3)22, 13(3)25, 13(4)40, 14(4)32, 15(2)10, 15(3)13, 15(4)15, 16(1)3, 16(1)4, 16(4)17, 17(1)3, 17(2)8, 18(2)6
cost, 4(1)72, 9(4)461, 12(2)13, 13(3)22, 14(1)2, 14(1)12, 14(2)17, 16(4)16, 17(3)11, 18(1)2, 18(2)5, 18(2)7
current, 2(1)34, 2(1)65, 2(2)177, 2(4)390, 11(4)18, 11(4)22, 12(2)8, 12(2)10, 13(3)20, 13(4)35, 15(3)12, 16(3)10, 16(4)13, 16(4)16, 17(1)1, 17(1)2, 17(2)6, 17(3)9
damage, 2(3)295, 10(4)6, 12(2)12
danger, 11(2)3, 17(1)1
delay, 11(4)19, 11(4)23, 18(2)5
detection, 2(2)159, 2(3)295, 3(1)1, 3(3)186, 3(4)227, 3(4)262, 4(4)407, 5(3)203, 6(2)173, 6(4)443, 7(4)591, 9(1)61, 10(1)4, 11(2)2, 11(3)12, 11(3)15, 11(4)19, 12(2)11, 12(2)12, 12(2)13, 12(4)22, 13(2)12, 13(4)30, 14(1)13, 14(3)27, 15(2)6, 15(3)11, 15(4)17, 17(4)13, 17(4)15, 18(1)2, 18(2)7, 18(3)9
determining, 11(3)16, 16(1)4
environment, 6(4)566, 11(1)4, 12(3)14, 13(4)34, 15(3)13, 16(4)15
establish, 9(4)391, 11(3)14, 11(4)17, 11(4)19, 15(2)6, 16(3)12
estimate, 14(1)13, 15(4)18, 17(3)12
estimated, 16(4)16
evaluation, 2(3)295, 3(4)262, 10(1)3, 11(1)3, 11(4)22, 12(2)8, 12(2)11, 12(4)20, 13(2)14, 13(3)24, 13(3)25, 16(1)1, 16(1)2, 16(3)9, 16(4)13, 16(4)17, 17(4)14, 18(1)1
event, 2(2)159, 10(1)4, 12(1)1, 12(3)17, 17(2)8, 18(2)7
expected, 15(2)10, 16(2)5, 17(3)11
extend, 2(4)354, 2(4)390, 9(4)461, 10(1)2, 12(1)5, 13(3)24, 14(1)8, 14(3)26, 15(1)4, 16(1)4, 16(2)5, 16(3)9, 16(3)10, 17(2)5, 17(2)7, 17(4)15
framework, 2(3)295, 3(4)227, 6(1)71, 6(3)404, 7(2)175, 8(2)187, 9(2)181, 9(4)391, 10(1)2, 10(3)10, 11(1)3, 11(3)12, 11(4)19, 12(1)2, 12(1)4, 12(1)5, 12(3)19, 12(4)21, 13(3)24, 13(3)28, 14(1)9, 14(1)11, 14(2)21, 14(4)31, 15(2)10, 15(3)12, 15(3)14, 15(4)17, 16(1)2, 16(3)9, 16(4)15, 16(4)17, 17(1)3, 17(2)5, 17(2)7, 17(3)11, 17(3)12, 17(4)13, 17(4)14, 17(4)15, 18(1)4, 18(3)10, 18(4)12
given, 1(1)3, 1(1)93, 2(1)3, 2(1)105, 10(1)2, 10(2)5, 10(4)1, 11(2)3, 11(4)19, 12(1)2, 12(1)5, 12(1)6, 12(3)14, 12(4)20, 13(1)10, 13(3)26, 14(3)26, 15(2)10, 15(3)12, 15(4)15, 16(1)3, 16(1)4, 17(3)12
high, 1(1)3, 11(3)13, 11(3)15, 11(4)18, 12(2)11, 14(4)31, 15(2)7, 15(3)12, 16(2)6, 16(2)8, 16(3)11, 17(1)1, 17(3)11, 17(4)16, 18(2)7, 18(4)12
hostile, 7(2)242, 11(3)14, 11(4)22, 15(2)9
however, 2(3)269, 10(2)5, 10(2)8, 11(2)6, 11(3)15, 11(4)18, 11(4)22, 13(3)20, 13(3)22, 13(4)35, 13(4)38, 13(4)39, 14(1)14, 14(3)24, 14(4)28, 14(4)29, 15(2)10, 16(2)7, 16(3)11, 17(1)2, 17(1)4, 17(3)12, 17(4)15, 18(1)1, 18(2)7, 18(4)13
identify, 11(2)2, 11(3)12, 11(3)15, 11(3)16, 11(4)18, 12(1)4, 12(4)20, 12(4)22, 13(4)35, 14(1)13, 15(4)18, 16(2)7, 17(4)13, 18(4)13
important, 1(1)3, 1(1)66, 2(3)295, 10(2)8, 11(3)14, 11(4)18, 12(1)4, 13(3)26, 13(3)27, 13(4)36, 14(4)28, 15(3)12, 15(4)18, 16(1)4, 17(3)11
including, 2(2)177, 2(3)295, 10(2)6, 10(3)11, 10(4)1, 11(2)2, 11(3)14, 11(4)22, 12(2)12, 12(3)14, 12(3)19, 13(4)32, 14(1)13, 15(2)6, 15(3)12, 16(2)5, 16(2)7, 16(4)17, 18(1)1, 18(1)4
increase, 12(3)18, 14(1)3, 15(1)5, 15(3)11, 16(2)8, 18(4)14
insights, 10(4)1, 10(4)6, 14(1)4, 18(1)1
inspection, 16(2)7
intrusion, 2(2)159, 3(1)1, 3(3)186, 3(4)227, 3(4)262, 4(4)407, 6(2)173, 6(4)443, 7(2)274, 7(4)591, 10(1)4, 11(3)12, 11(4)19, 13(4)30, 18(2)7
known, 10(3)11, 10(4)1, 10(4)3, 11(2)1, 11(2)3, 11(2)4, 13(1)10, 13(3)27, 13(4)33, 14(1)7, 14(3)27, 17(1)2, 17(2)7, 18(1)1
main, 10(2)5, 10(2)8, 11(3)13, 13(3)27, 13(4)41
Nevertheless, 13(1)10
not, 1(1)26, 2(1)65, 2(2)177, 2(3)230, 2(3)269, 2(4)390, 9(4)421, 10(1)3, 10(4)2, 11(1)3, 11(1)4, 11(2)2, 11(2)4, 11(2)5, 11(3)12, 11(3)13, 11(3)15, 11(3)16, 11(4)19, 11(4)22, 12(1)1, 12(1)2, 12(1)3, 12(1)6, 12(2)10, 12(2)11, 12(2)13, 12(3)14, 12(4)22, 13(1)10, 13(3)28, 13(4)33, 13(4)35, 13(4)36, 13(4)37, 13(4)39, 13(4)40, 14(3)23, 14(3)27, 14(4)28, 14(4)29, 14(4)31, 15(2)6, 15(2)9, 15(2)10, 15(3)12, 15(3)13, 16(1)1, 16(2)5, 16(2)6, 16(3)9, 16(3)12, 16(4)13, 16(4)15, 16(4)16, 17(1)2, 17(3)10, 17(4)15, 18(1)1, 18(3)9, 18(4)13
officer, 10(1)4
often, 2(1)65, 10(1)4, 10(2)8, 10(3)10, 10(3)12, 11(1)2, 11(3)12, 16(2)5, 17(1)2, 17(1)4
only, 2(3)230, 2(3)295, 10(4)3, 11(1)3, 11(2)4, 11(3)13, 12(1)2, 12(1)3, 12(2)13, 12(3)19, 12(4)21, 13(1)10, 13(3)25, 13(3)28, 13(4)35, 13(4)37, 13(4)39, 14(1)5, 14(1)11, 14(3)26, 14(4)31, 15(2)9, 15(4)16, 15(4)18, 16(1)3, 16(2)6, 16(2)7, 16(3)9, 16(3)10, 16(4)13, 17(3)9, 17(4)15, 18(2)5, 18(2)8
operating, 2(2)138, 2(2)177, 2(3)295, 2(4)354, 4(1)72, 5(1)36, 12(3)14, 13(1)10, 13(4)30, 14(1)6, 14(1)8, 14(3)24, 15(4)16, 17(4)14, 18(2)5, 18(3)11
operation, 1(1)93, 2(4)416, 6(3)365, 9(4)421, 10(3)11, 11(4)23, 12(2)10, 12(3)14, 12(3)18, 13(1)9, 13(1)10, 14(1)13, 14(4)31, 16(3)12, 16(4)14, 18(1)2
optimal, 2(3)230, 11(3)12, 11(3)15, 12(1)6, 13(3)22, 13(3)27
outline, 2(1)105
overall, 17(3)10
part, 2(3)332, 10(3)9, 10(4)4, 11(2)2, 12(1)1, 13(1)10, 15(2)8, 15(2)9, 16(4)15, 17(2)6, 17(4)16
personnel, 11(2)2
play, 13(4)37, 15(2)6
point, 9(4)421, 11(1)3, 11(2)2, 12(1)6, 14(1)3, 14(4)30, 16(4)17
potentially, 10(4)4, 16(3)12, 18(2)7, 18(4)12
previous, 1(1)3, 1(1)93, 2(2)138, 11(2)3, 12(3)16, 12(3)18, 13(1)10, 13(3)25, 14(1)3, 14(1)4, 15(2)9, 15(2)10, 16(2)5, 16(4)13, 16(4)15, 16(4)17, 17(3)12
process, 1(1)26, 2(1)65, 9(4)421, 10(3)9, 10(4)4, 11(1)2, 11(1)4, 11(4)18, 12(2)11, 12(3)14, 13(1)10, 13(3)25, 13(4)36, 15(3)13, 16(2)5, 16(2)7, 17(2)6, 17(4)14, 18(1)3
protection, 1(1)3, 1(1)26, 1(1)66, 1(1)93, 2(1)3, 2(1)34, 2(1)105, 2(2)138, 2(2)177, 2(3)230, 2(3)295, 2(4)354, 2(4)390, 10(1)3, 10(3)9, 12(2)9, 12(2)11, 13(3)22, 14(3)24, 15(1)2, 15(2)8, 16(2)6
provide, 1(1)3, 1(1)93, 2(1)3, 2(1)34, 2(1)65, 2(1)105, 2(3)230, 2(4)390, 7(2)319, 10(1)3, 10(2)8, 10(3)10, 10(4)2, 10(4)6, 11(1)3, 11(1)4, 11(2)2, 11(3)12, 11(3)13, 11(4)17, 11(4)23, 12(1)2, 12(1)3, 12(2)8, 12(2)9, 12(3)14, 12(3)15, 12(3)16, 12(4)22, 13(3)22, 13(3)24, 13(4)31, 13(4)34, 13(4)38, 13(4)41, 14(1)4, 14(1)7, 14(1)8, 14(3)25, 14(4)28, 15(2)6, 15(2)10, 15(4)17, 15(4)18, 16(1)3, 16(2)5, 16(3)9, 16(3)11, 16(4)17, 17(2)5, 17(3)11, 17(3)12, 17(4)16, 18(1)1, 18(1)2, 18(2)5, 18(2)7, 18(4)13, 18(4)14
purpose, 10(3)9, 10(4)4, 12(2)11, 13(3)22, 13(3)24, 14(1)14, 16(3)10, 16(4)17, 17(1)3, 17(3)12, 18(1)1
rate, 1(1)3, 10(4)1, 11(3)15, 12(4)22, 13(4)35, 14(1)5, 15(2)7, 15(4)16, 16(2)8, 18(4)14
resource, 2(3)332, 9(4)391, 10(4)4, 11(1)2, 11(1)3, 11(1)4, 11(2)2, 11(3)14, 11(4)19, 12(1)1, 12(1)6, 12(4)22, 13(3)20, 14(1)7, 14(1)10, 15(4)18, 17(1)2, 17(3)9, 18(2)6
responding, 15(2)10
result, 1(1)3, 1(1)26, 2(3)230, 2(4)390, 9(2)162, 10(1)3, 10(1)4, 10(2)5, 10(2)6, 10(3)9, 10(3)11, 10(4)2, 10(4)5, 11(2)3, 11(2)5, 11(3)13, 11(3)15, 11(4)18, 11(4)21, 11(4)22, 12(1)4, 12(2)9, 12(3)14, 12(3)17, 13(1)10, 13(3)22, 13(3)24, 13(3)25, 13(4)33, 13(4)35, 14(1)2, 14(1)14, 14(2)19, 15(1)5, 15(2)7, 15(2)8, 15(3)12, 15(3)13, 15(3)14, 15(4)15, 16(1)2, 16(1)3, 16(2)5, 16(2)6, 16(2)7, 16(3)10, 16(3)11, 16(4)14, 16(4)17, 17(2)7, 17(3)9, 17(3)10, 17(3)12, 17(4)14, 18(1)4, 18(2)5, 18(2)6, 18(3)9, 18(3)11, 18(4)12, 18(4)13
resulting, 2(1)34, 10(1)2, 10(4)2, 15(1)4, 15(1)5, 15(2)10, 15(3)13, 15(4)15, 16(3)10, 16(4)17, 17(2)7
role, 2(1)3, 2(1)65, 2(1)105, 2(2)177, 9(2)113, 10(1)2, 10(2)5, 10(4)2, 11(1)3, 12(1)1, 12(3)15, 13(3)20, 13(3)27, 13(4)36, 13(4)40, 15(3)13, 15(4)15, 15(4)18
running, 10(4)4, 12(2)10, 12(3)14, 13(1)10, 15(2)6, 15(4)16, 16(2)5, 16(4)13
solution, 9(2)162, 10(4)1, 11(1)2, 11(1)4, 12(1)3, 12(1)6, 12(3)16, 12(3)18, 12(4)21, 13(3)22, 13(3)25, 13(3)27, 13(3)28, 15(2)7, 16(2)6, 16(3)11, 17(1)4, 17(3)9, 17(3)10, 17(3)11, 18(1)1, 18(1)3
time, 2(1)105, 2(3)332, 2(4)390, 2(4)416, 9(4)461, 10(1)3, 10(2)8, 11(2)3, 11(2)4, 11(2)5, 11(3)13, 11(4)17, 11(4)21, 11(4)23, 12(2)8, 12(3)17, 12(3)18, 12(3)19, 12(4)20, 12(4)21, 12(4)22, 13(4)37, 13(4)39, 14(1)2, 14(1)11, 14(1)14, 14(3)26, 14(4)31, 15(2)7, 15(3)12, 15(4)17, 16(1)4, 16(4)13, 16(4)14, 16(4)17, 17(3)9, 17(3)10, 17(3)11, 17(4)13, 18(1)2, 18(1)4, 18(3)10
typical, 10(2)8, 15(1)3, 16(1)2, 16(2)8
upon, 2(2)177, 11(2)4, 12(2)8, 12(2)9, 12(2)11, 12(4)20, 13(4)39, 15(1)4, 18(3)10
useful, 10(3)9, 12(1)5, 12(1)6, 12(4)20, 13(4)39, 14(1)14, 15(2)10, 18(2)5, 18(3)10, 18(3)11
will, 1(1)93, 2(2)159, 2(3)269, 10(4)1, 11(3)12, 12(1)3, 12(2)10, 12(2)11