Managing Information System Security Under Continuous and Abrupt Deterioration

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

12 Scopus Citations
View graph of relations

Author(s)

Detail(s)

Original languageEnglish
Pages (from-to)1894-1917
Number of pages24
Journal / PublicationProduction and Operations Management
Volume29
Issue number8
Online published4 May 2020
Publication statusPublished - Aug 2020

Abstract

In this study, we focus on the maintenance of an intrusion detection system (IDS) that attempts to discriminate between benign and malicious traffic arriving at a firm. An attack is more likely to successfully harm the firm if the ability of its IDS to discriminate between malicious and benign traffic is low, implying loopholes or vulnerabilities in the firm’s security. A novel aspect of this study is the modeling of both continuous degradation in system discrimination ability (drift) and the arrival of abrupt shocks that can suddenly lower discrimination ability. We model shocks to arrive randomly and cause a random decrease in discrimination ability. Furthermore, we prove the existence of a steady-state level of discrimination ability that firms should strive to reach and maintain. When discrimination ability is below this steady-state level, full effort must be exerted to reach it. We also compare our model with alternative settings, examine the impact of parameter estimation error, and study scenarios in which the arrival rate of malicious traffic is a function of the steady-state discrimination ability chosen by the firm.

Research Area(s)

  • discrimination ability, intrusion detection systems, receiver operating characteristics curve, security systems, shocks