When Being Hot Is Not Cool: Monitoring Hot Lists for Information Security

Ji, Yonghua; Kumar, Subodha; Mookerjee, Vijay
December 2016
Information Systems Research;Dec2016, Vol. 27 Issue 4, p897
Academic Journal
We study operational and managerial problems arising in the context of security monitoring where sessions, rather than raw individual events, are monitored to prevent attacks. The objective of the monitoring problem is to maximize the benefit of monitoring minus the monitoring cost. The key trade-off in our model is that as more sessions are monitored, the attack costs should decrease. However, the monitoring cost would likely increase with the number of sessions being monitored. A key step in solving the problem is to derive the probability density of a system with n sessions being monitored with a session's age measured as the time elapsed since it last generated a suspicious event. We next optimize the number of sessions monitored by trading off the attack cost saved with the cost of monitoring. A profiling step is added prior to monitoring and a resulting two-dimensional optimization problem is studied. Through numerical simulation, we find that a simple size-based policy is quite robust for a very reasonable range of values and, under typical situations, performs almost as well as the two more sophisticated policies do. Also, we find that adopting a simplified policy without using the option of managing sessions using age threshold can greatly increase the ease of finding an optimal solution, and reduce operational overhead with little performance loss compared with a policy using such an option. The insights gained from the mechanics of profiling and monitoring are leveraged to suggest a socially optimal contract for outsourcing these activities in a reward-based contract. We also study penalty-based contracts. Such contracts (specifically, when the penalty is levied as a percentage of the monthly service fee) do not achieve the social optimum. We show how an appropriate penalty coefficient can be chosen to implement a socially optimal penalty-based contract. In addition, we provide a high-level comparison between reward- and penalty-based contracts. In a penalty-based contract, the setting of the fixed payment can be challenging because it requires additional knowledge of the total expected malicious event rate, which needs to be observed through a period of no monitoring.


Related Articles

  • Guest Editorial. Kundakcioglu, O. Erhun; Sanguineti, Marcello; Trafalis, Theodore B. // Computational Management Science;Jan2009, Vol. 6 Issue 1, p1 

    The article discusses various reports published within the issue, including one by Angelo Alessandri and colleagues on the estimation of nonparametric models using a finite data sample, one by Augusto Destrero and colleagues on the feature selection method for problems with high-dimensional...

  • BAT secures apps for global consolidation. Grant, Ian // Computer Weekly;7/24/2007, p1 

    The article reports that the British American Tobacco PLC (BAT) has se secured its networks and applications to protect itself against new computer threats, as it moves to web-enabled enterprise applications in Great Britain. The move, which involves outsourcing network and security management,...

  • Guarding Your Gateway. McClure, Dave // Association Management;Aug2001, Vol. 53 Issue 8, p60 

    Discusses the threats of the advent of Internet on the security of computer networks. Survey findings on the threat from computer crime and information security breaches; Categories of attacks on computer network and Web site; Hardware and software tools used to thwart attempts to hack the...

  • TRUST ME! Barrett, Randy // Interactive Week;8/20/2001, Vol. 8 Issue 32, p18 

    Reveals that goals to protect the United States' (U.S.) infrastructure from cyberattacks remain largely unrealized. Findings of the Computer Security Institute's `2001 Computer Crime and Security Survey'; Effort of the administration of U.S. President George W. Bush to fight cybercrimes; One...

  • Warding off DDoS attacks. Kerstetter, Jim // PC Week;02/21/2000, Vol. 17 Issue 8, p23 

    Highlights tools and services launched by vendors to prevent and fight distributed denial-of-service (DDoS) attacks by computer hackers. Free tools for tracking down zombies or servers co-opted by hackers in the process of launching DDoS attacks; Zombie Scan service for MyCIO.com customers;...

  • Research Concerning the Optimized Positional Synthesis of the Lynx 5 Robot System. Bădoiu, Dorin // Petroleum - Gas University of Ploiesti Bulletin, Technical Serie;2011, Vol. 63 Issue 2, p15 

    The paper presents a method that permits the calculus of the inverse geometric model of the Lynx 5 robot system when an optimization criterion is adopted. The optimization criterion imposes that the displacements of the motor axes of the robot system for achieving an imposed position of the...

  • KEYS TO THE CASTLE. Caisse, Kimberly // Network World;9/3/2001, Vol. 18 Issue 36, p37 

    Focuses on the popularity of outsourced network security in companies to protect their databases from hacker attacks in the United States. Importance of network security; Agreement of Bose Corp. with Genuity; Factor to consider in an outsourced security deal; Services offered by Internet...

  • Call the professionals/Managed services are appealing and time-saving, but providers must remain alert. Tanner, John C. // America's Network;2/1/2003, Vol. 107 Issue 2, p28 

    Focuses on the attempts of network providers to outsource security services. Association between economic value proposition and managed protection; Services offered by managed security; Ability to monitor the infrastructure through an intrusion protection system.

  • IT considers outsourcing security tasks. Seminerio, Maria // PC Week;11/01/99, Vol. 16 Issue 44, p63 

    Discusses the benefits and drawbacks of contracting out computer network security tasks such as public-key infrastructure (PKI) and digital certificates. Variety of services and software packages available to Internet companies; Cost of implementing the tasks; Customers' option of retaining PKI...

  • Users warming to outsourced intrusion detection. Messmer, Ellen // Network World;02/12/2001, Vol. 18 Issue 7, p36 

    Focuses on the outsourcing of computer network security services in the United States. Types of firms offering intrusion detection as an outsourced service; Experiences of Memorial Care of Los Angeles, California, in outsourcing intrusion detection services.


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics