Optimizing Operating Cost of an Intrusion Detection System

Abstract

Very often it so happens that the cost of operating an Intrusion Detection System (IDS) exceeds the cost of purchasing the IDS itself. In such cases, regular operation and maintenance of the system becomes expensive. Thus, it becomes essential to reduce the operating cost of the IDS without compromising on the performance and reliability of the IDS. Apart from the initial cost of procuring the IDS, other costs include cost of accessories required and cost of administration etc. In this paper we calculate the cost benefit tradeoffs of an IDS. We propose a method to determine the optimum operating point of the IDS. In an effort to solve the problems of the previously proposed metrics, we propose a decision tree based approach to calculate the cost of operating an IDS in a mobile ad hoc network. Mathematically and programmatically we deduce the minimum operating point of operation of an IDS and generate the receiver operating characteristic curve of the IDS. To further ascertain this, we use available network packet capture data and calculate the minimum operating cost of an IDS. The main motive behind this paper is to show that the cost of operating an IDS in a MANET can be minimized and hence the effectiveness and performance of the IDS can be maximized.

Share and Cite:

U. Banerjee and K. Arya, "Optimizing Operating Cost of an Intrusion Detection System," International Journal of Communications, Network and System Sciences, Vol. 6 No. 1, 2013, pp. 29-36. doi: 10.4236/ijcns.2013.61004.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] R. Rachwald, “Advanced Persistent Threat (APT) Meets Industrialization—Imperva Data Security Blog,” 2010. http://blog.imperva.com/2010/11/trend-1-advancedpersistentthreat-apt-meets-industrialization.html
[2] “TrendLabs 2010 Annual Report.” http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt_threat-trnds-1h2010.pdf
[3] R. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. McClung, D. Weber, S. H. Webster, D. Wyschograd, R. K. Cunningham and M. A. Zissman, “Evaluating Intrusion Detection Systems: The 1998 DARPA Off-Line Intrusion Detection Evaluation,” Proceedings of DARPA Information Survivability Conference and Exposition, Hilton Head, 25-27 January 2000, pp. 12-26.
[4] R. Durst, T. Champion, B. Witten, E. Miller and L. Spagnuolo, “Testing and Evaluating Computer Intrusion Detection Systems,” ACM, Vol. 42, No. 7, 1999, pp. 53-61. doi:10.1145/306549.306571
[5] J. McHugh, A. Christie and J. Allen, “Defending Yourself: The Role of Intrusion Detection Systems,” IEEE Software, Vol. 17, No. 5, 2000, pp. 42-51. doi:10.1109/52.877859
[6] S. Stolfo, W. Fan, W. Lee, A. Prodromidis and P. Chan, “Costbased Modeling for Fraud and Intrusion Detection: Results from the JAM Project,” Proceedings of DARPA Information Survivability Conference and Exposition, Los Alamitos, Vol. 2, 2000, pp. 130-144.
[7] A. Karygiannis, E. Antonakakis and A. Apostolopoulos, “Detecting Critical Nodes for MANET Intrusion Detection Systems,” Proceedings of 2nd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, Spain, June 2006, pp. 7-15.
[8] T. Holz, “Security Measurements and Metrics for Networks,” Lecture Notes in Computer Science, Vol. 4909, 2008, pp. 157-165.
[9] I. Graf, R. Lippmann, R. Cunningham, D. Fried, K. Kendall, S. Webster and M. Zissman, “Results of DARPA 1998 Offline Intrusion Detection Evaluation,” Proceedings of the Workshop on Recent Advances in Intrusion Detection (RAID-1999), West Layefette, September 1999, pp. 7-9.
[10] W. Lee and S. Stolfo, “A Framework for Constructing Features and Models for Intrusion Detection Systems,” ACM Transactions on Information and System Security, Vol. 3, No. 4, 2000, pp. 227-261. doi:10.1145/382912.382914
[11] J. Gaffney and J. Ulvila, “Evaluation of Intrusion Detectors: A Decision Theory Approach,” Proceedings of 2001 IEEE Symposium on Security and Privacy, Oakland, 14-16 May 2001, pp. 50-61.
[12] W. K. Lee, W. Fan, M. Miller, S. J. Stolfo and F. Zadok, “Toward Cost-Sensitive Modeling for Intrusion Detection and Response,” Journal of Computer Security, Vol. 10, No. 1-2, 2002, pp. 5-22.
[13] N. Puketza, K. Zhang, M. Chung, B. Mukherjee and R. A. Olsson, “A Methodology for Testing Intrusion Detection Systems,” IEEE Transactions on Software Engineering, Vol. 22, No. 10, 1996, pp. 719-729. doi:10.1109/32.544350
[14] N. Puketza, M. Chung, R. A. Olsson and B. Mukherjee, “A Software Platform for Testing Intrusion Detection Systems,” IEEE Software, Vol. 14, No. 5, 1997, pp. 43-51. doi:10.1109/52.605930
[15] R. Lippmann, J. W. Haines, D. J. Fried, J. Korba and K. Das, “The 1999 DARPA Off-Line Intrusion Detection Evaluation,” Springer, Berlin Heidelberg, New York, 2000, pp. 162-182.
[16] “WireShark: Network Analyzer,” www.wireshark.org
[17] “Weka: A Machine Learning Workbench,” www.cs.waikato.ac.raz/ml/weka
[18] A. Grgio, R. Santos and A. Montes, “Evaluation of Data Mining Techniques for Suspicious Network Activity Classification Using Honeypots Data,” Proceedings of SPIE, Vol. 6570, 2007, pp. 1-10.
[19] Rune Hammersland, “ROC in Assessing IDS Quality,” 2007. http://rune.hammersland.net/tekst/roc.pdf
[20] J. McHugh, “Testing Intrusion Detection Systems,” ACM Transactions on Information and System Security, Vol. 3, No. 4, 2000, pp. 262-294. doi:10.1145/382912.382923

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.