期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

信息安全技术投资的自适应模型 被引量:4

Adaptive model of information security technique investment
下载PDF
导出
摘要 根据攻防双方信息不对称现象,结合不完全信息博弈论及信息安全的有关理论,构建一个基于成本-收益的信息安全技术选择的投资博弈模型,得出在两种不同的安全技术配置下(仅使用防火墙或防火墙与入侵检测系统共用)博弈双方的最优策略.通过对用户攻击率、系统响应率和入侵给系统带来的损失及系统的响应成本进行分析比较,探讨了安全技术的价值,从而给出能动态调整安全技术的自适应入侵响应策略.最后通过实例进一步验证了相关结论. Focusing on the asymmetric information between attacker and defender, by applying the methodologies of game theory with incomplete information and network security, a game model of information security technique selections based on cost-benefit is constructed. The study shows the optimal strategies for the players in the deployment of two kinds of security techniques (only deploy firewall or both deploy firewall and intrusion detection systems(IDSs)). Then, by analyzing and comparing with hacking probability, investigation rate, the damage and response cost, the value of security techniques in an organization's IT security architecture is assessed, and thus an adaptive intrusion response strategy is made. Finally, the relative conclusion is illustrated further by an example.
作者 董红 邱菀华 吕俊杰 张雯
机构地区 北京航空航天大学经济管理学院 西北工业大学计算机学院
出处 《控制与决策》 EI CSCD 北大核心 2008年第5期535-540,共6页 Control and Decision
基金 国家自然科学基金项目(70372011) 高校博士点专项科研基金项目(20030006009)
关键词 信息安全 不完全信息博弈 防火墙 入侵检测系统 成本效益 Information security Incomplete information game Firewall Intrusion detection systems Cost-benefit
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献17

  • 1Anderson R. Why information security is hard-An economic perspective [C]. Proc of the 17th Annual Computer Security Applications Conf. New Orleans, 2001: 358-361.
  • 2Campbell K, Gordon L, Loeb M, et al. The economic cost of publicly announced information security breaches: Empirical evidence from the stock market[J].J of Computer Security, 2003, 11(3): 431-448.
  • 3Gordon L, Loeb M, Lucyshyn W. Information security expendituresand real options: A wait-and-see approach [J]. Computer Security, 2003, 19(2): 1-7.
  • 4Gordon L, Loeb M, Lucyshyn W. Sharing information on computer systems security: An economic analysis[J]. J of Accounting Public Policy, 2003, 22(6): 461- 485.
  • 5Gordon L, Loeb M. The economics of information security investment[J]. ACM Trans IS Security, 2002, 5(4) : 438-457.
  • 6Hoo K J S. How much is enough? A risk management approach to computer security [D]. San Franciso: Stanford University, 2000.
  • 7Lee W, Fan W, Miller M, et al. Toward cost-sensitive modeling for intrusion detection and response[J].J of Computer Security, 2001, 10(1): 5-22.
  • 8Meadows C. A cost-based framework for analysis of denial of service in networks [J]. J of Computer Security, 2001, 9(1/2): 143-164.
  • 9Wei H, Frinke D, Carter O, et al. Cost-benefit analysis for network intrusion detection system [C]. CSI 28th Annual Computer Security Conf. Washingten, 2001: 29-31.
  • 10Gordon L A , Loeb M P. Budgeting process for information security expenditures[J]. Communication of the ACM, 2006, 49(1) : 121-125.

同被引文献27

  • 1Bodin L D,Gordon L A,Loeb M EEvaluating information security investments using the analytic hierarchy process[J].Communications of the ACM, 2005,48 (2) : 78-83.
  • 2Gordon L,Loeb M.Budgeting process for information security expenditures[J].Communications of the ACM, 2006, 49 (1) : 121-125.
  • 3Xu X Z.The SIR method:A superiority and inferiority ranking method for multiple criteria decision making[J].European Journal of Operation Research, 2001 ( 131 ) : 587-602.
  • 4Anderson R.Why information security is hard:An economic perspective[C]//Proceedings of the 17th Annual Computer Security Applications Conference,New Orleans,LA,2001:559-566.
  • 5Gordon L,Loeb M,Lucyshyn W.Sharing information on computer systems security:An economic analysis[J].Acc Public Policy, 2003,22(6) :461-485.
  • 6Mercuri R T.Security watch:Analyzing security costs[J].Communications of the ACM,2003,46(6) : 15-18.
  • 7Bistarelli S, Fioravanti F, Peretti RDefense trees for economic evaluation of security investments[C]//Proceedings of the First International Conference on Availability,Reliability and Security, Vienna, 2006: 416-423.
  • 8Cremonini M, Martini EEvaluating information security investments from attackers perspective: The Return-On-Attack (ROA) [C]// Proceedings of the Fourth Workshop on the Economics of Information Security,2005.
  • 9Butler S A.Security attribute evaluation method: A cost-benefit approach[C]//Proc of International Conference on Software Engineering, 2002 : 232-240.
  • 10Hoo K J S.How much is enough? A risk management approach to computer security[D].Stanford University,2000.

引证文献4

二级引证文献11

控制与决策
2008年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部