Managing Information System Security Under Continuous and Abrupt Deterioration
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
Original language | English |
---|---|
Pages (from-to) | 1894-1917 |
Number of pages | 24 |
Journal / Publication | Production and Operations Management |
Volume | 29 |
Issue number | 8 |
Online published | 4 May 2020 |
Publication status | Published - Aug 2020 |
Link(s)
Abstract
In this study, we focus on the maintenance of an intrusion detection system (IDS) that attempts to discriminate between benign and malicious traffic arriving at a firm. An attack is more likely to successfully harm the firm if the ability of its IDS to discriminate between malicious and benign traffic is low, implying loopholes or vulnerabilities in the firm’s security. A novel aspect of this study is the modeling of both continuous degradation in system discrimination ability (drift) and the arrival of abrupt shocks that can suddenly lower discrimination ability. We model shocks to arrive randomly and cause a random decrease in discrimination ability. Furthermore, we prove the existence of a steady-state level of discrimination ability that firms should strive to reach and maintain. When discrimination ability is below this steady-state level, full effort must be exerted to reach it. We also compare our model with alternative settings, examine the impact of parameter estimation error, and study scenarios in which the arrival rate of malicious traffic is a function of the steady-state discrimination ability chosen by the firm.
Research Area(s)
- discrimination ability, intrusion detection systems, receiver operating characteristics curve, security systems, shocks
Citation Format(s)
Managing Information System Security Under Continuous and Abrupt Deterioration. / Bensoussan, Alain; Mookerjee, Vijay; Yue, Wei T.
In: Production and Operations Management, Vol. 29, No. 8, 08.2020, p. 1894-1917.
In: Production and Operations Management, Vol. 29, No. 8, 08.2020, p. 1894-1917.
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review