Optimizing Operating Cost of an Intrusion Detection System

  title={Optimizing Operating Cost of an Intrusion Detection System},
  author={Usha Banerjee and K. V. Arya},
  journal={Int'l J. of Communications, Network and System Sciences},
Very often it so happens that the cost of operating an Intrusion Detection System (IDS) exceeds the cost of purchasing the IDS itself. In such cases, regular operation and maintenance of the system becomes expensive. Thus, it becomes essential to reduce the operating cost of the IDS without compromising on the performance and reliability of the IDS. Apart from the initial cost of procuring the IDS, other costs include cost of accessories required and cost of administration etc. In this paper we… Expand
Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability
Considering an IDS in the context of its intrinsic ability to detect intrusions at the least expected cost, findings revealed that the optimal operating point is the most suitable for the given IDS. Expand
In today's world, where every organization relay on computer systems and stores it's all critical information on the computer systems via online and off-line systems. Critical information is beingExpand


Toward Cost-Sensitive Modeling for Intrusion Detection and Response
This paper defines cost models to formulate the total expected cost of an IDS, and presents cost-sensitive machine learning techniques that can produce detection models that are optimized for user-defined cost metrics. Expand
Evaluation of intrusion detectors: a decision theory approach
  • J. Gaffney, J. Ulvila
  • Computer Science
  • Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001
  • 2001
It is demonstrated that the value of an intrusion detection system and the optimal operation of that system depend not only on the system's ROC curve, but also on cost metrics and the hostility of the operating environment as summarized by the probability of intrusion. Expand
A framework for constructing features and models for intrusion detection systems
A novel framework, MADAM ID, for Mining Audit Data for Automated Models for Instrusion Detection, which uses data mining algorithms to compute activity patterns from system audit data and extracts predictive features from the patterns. Expand
Cost-based modeling for fraud and intrusion detection: results from the JAM project
There is clear evidence that state-of-the-art commercial fraud detection systems can be substantially improved in stopping losses due to fraud by combining multiple models of fraudulent transaction shared among banks. Expand
ROC in Assessing IDS Quality
For assessing the quality of IDS systems, we first need to define a couple of terms. When an IDS is looking at the network traffic (or events on the host for host based IDSes), it tries to decide ifExpand
A Methodology for Testing Intrusion Detection Systems
The authors present the details of the methodology, including strategies for test-case selection and specific testing procedures, and an overview of the software platform that has been used to create user-simulation scripts for testing experiments. Expand
Testing Intrusion Detection Systems
This ITL Bulletin summarizes NISTIR 7007, An over­ view of issues in Testing Intrusion Detec­ tion Systems, by Peter Mell and Vincent Hu of NIST’s Information Technol­ ogy Laboratory, and Richard Lipp­ mann, Josh Haines, and Marc Zissman of the Massachusetts Institute of Tech­ nology Lincoln Laboratory. Expand
Evaluation of data mining techniques for suspicious network activity classification using honeypots data
This work applies and evaluates some data mining techniques in a reduced number of attributes on some log data sets acquired from a real network and a honeypot, in order to classify traffic logs as normal or suspicious. Expand
Results of the DARPA 1998 Offline Intrusion Detection Evaluation
Results suggest that future intrusion detection research should move towards developing algorithms that find new attacks and away from older approaches that focus on creating rules to find attack signatures. Expand
Detecting critical nodes for MANET intrusion detection systems
A method for determining conditions under which critical nodes should be monitored is presented, the details of a critical node test implementation are described, experimental results are presented, and a new approach for conserving the limited resources of an ad hoc network IDS is offered. Expand