Toward Cost-Sensitive Modeling for Intrusion Detection and Response

Wenke Lee; Wei Fan; Matthew Miller; Salvatore Stolfo; Erez Zadok

On Saturday, May 7, Academic Commons will undergo planned system upgrades from 11:30 am until 9:30 pm North American Eastern Daylight Time. During this maintenance some downloads may be unavailable.
Toward Cost-Sensitive Modeling for Intrusion Detection and Response
Lee, Wenke
Fan, Wei
Miller, Matthew
Stolfo, Salvatore
Zadok, Erez
Computer Science
Permanent URL:
Presented at Workshop on Intrusion Detection Systems ("WIDS"), 7th ACM Conference on Computer and Communications Security, 1 November 2000, Athens, Greece.
Intrusion detection systems (IDSs) must maximize the realization of security goals while minimizing costs. In this paper, we study the problem of building cost-sensitive intrusion detection models. We examine the major cost factors associated with an IDS, which include development cost, operational cost, damage cost due to successful intrusions, and the cost of manual and automated response to intrusions. These cost factors can be qualified according to a defined attack taxonomy and site-specific security policies and priorities. We define cost models to formulate the total expected cost of an IDS. We present cost-sensitive machine learning techniques that can produce detection models that are optimized for user-defined cost metrics. Empirical experiments show that our cost-sensitive modeling and deployment techniques are effective in reducing the overall cost of intrusion detection.
Computer science
Item views:
text | xml
Suggested Citation:
Wenke Lee, Wei Fan, Matthew Miller, Salvatore Stolfo, Erez Zadok, 2000, Toward Cost-Sensitive Modeling for Intrusion Detection and Response, Columbia University Academic Commons, http://hdl.handle.net/10022/AC:P:8726.

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use | Copyright