A decisional framework system for computer network intrusion detection

This paper presents a multi-attribute decisional framework for computer network intrusion detection. First, a cost model that allows to estimate accurately the damage resulting from a security incident is described. Then, a multi-attribute optimization algorithm is applied to select the optimal deci...

Full description

Saved in:
Bibliographic Details
Published in:European journal of operational research 2007-03, Vol.177 (3), p.1824-1838
Main Authors: Fessi, B.A., Hamdi, M., Benabdallah, S., Boudriga, N.
Format: Article
Language:English
Subjects:
Computer networks
Cost estimates
Cybersecurity
Incident response
Intrusion detection
Multi-attribute decision theory
Optimization algorithms
Studies
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper presents a multi-attribute decisional framework for computer network intrusion detection. First, a cost model that allows to estimate accurately the damage resulting from a security incident is described. Then, a multi-attribute optimization algorithm is applied to select the optimal decision based on alternatives to remedy such incidents. The major interest is that the proposed approach can be applied in collaborative reactive intrusion detection where human experts are assisted by automated tools to find the best response. The approach would allow the possibility to assess the performance of the whole system depending on the performance of each constituents’ leading to a definition of optimality conditions on the introduced framework.
ISSN:0377-2217
1872-6860
DOI:10.1016/j.ejor.2005.10.020