[1] Zhao Liurong, Mei Shue, Zhong Weijun,. Optimal configuration of firewall, IDS and vulnerability scanby game theory [J]. Journal of Southeast University (English Edition), 2011, 27 (2): 144-147. [doi:10.3969/j.issn.1003-7985.2011.02.006]

Copy

Optimal configuration of firewall, IDS and vulnerability scanby game theory()

基于博弈论的防火墙、入侵检测系统和漏洞扫描技术的最优配置

Share：

Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]

Volumn:

27

Issue:

2011 2

Page:

144-147

Research Field:

Economy and Management

Publishing date:

2011-06-30

Info

Title:

Optimal configuration of firewall, IDS and vulnerability scanby game theory

基于博弈论的防火墙、入侵检测系统和漏洞扫描技术的最优配置

Author(s):

Zhao Liurong;  Mei Shu’e;  Zhong Weijun

School of Economics and Management, Southeast University, Nanjing 211189, China

赵柳榕;  梅姝娥;  仲伟俊

东南大学经济管理学院, 南京 211189

Keywords:

economics of information systems;  firewall;  intrusion detection system(IDS);  vulnerability scan;  security portfolio strategy

信息安全经济学;  防火墙;  入侵检测系统;  漏洞扫描;  安全组合策略

PACS:

C931

DOI:

10.3969/j.issn.1003-7985.2011.02.006

Abstract:

The integrated linkage control problem based on attack detection is solved with the analyses of the security model including firewall, intrusion detection system(IDS)and vulnerability scan by game theory. The Nash equilibrium for two portfolios of only deploying IDS and vulnerability scan and deploying all the technologies is investigated by backward induction. The results show that when the detection rates of IDS and vulnerability scan are low, the firm will not only inspect every user who raises an alarm, but also a fraction of users that do not raise an alarm; when the detection rates of IDS and vulnerability scan are sufficiently high, the firm will not inspect any user who does not raise an alarm, but only inspect a fraction of users that raise an alarm. Adding firewall into the information system impacts on the benefits of firms and hackers, but does not change the optimal strategies of hackers, and the optimal investigation strategies of IDS are only changed in certain cases. Moreover, the interactions between IDS & vulnerability scan and firewall & IDS are discussed in detail.

为了解决基于攻击检测的综合联动控制问题, 用博弈论方法对防火墙、入侵检测系统(IDS)和漏洞扫描技术的安全组合模型进行分析.采用逆序归纳法研究了仅配置IDS和漏洞扫描技术组合、配置所有技术组合的Nash均衡.结果表明, 当IDS和漏洞扫描技术检测率较低时, 公司不仅需要监测每个报警的用户, 还需监测未报警的一部分用户;当IDS和漏洞扫描技术检测率足够高时, 公司无需监测未报警用户, 只需监测一部分报警的用户.在信息系统中增加配置防火墙会影响公司和黑客的收益, 但黑客的最优策略没有变化, IDS的最优调查策略仅在一定情况下会改变.此外, 讨论了IDS与漏洞扫描、防火墙与IDS的配置交互问题.

References:

[1] Holden G. Guide to firewalls and network security: with intrusion detection and VPNs [M]. Boston: Course Technology, 2004.
[2] Gouda M G, Liu A X. Firewall design: consistency, completeness, and compactness [C]//Proc of the 24th Int Conf on Distributed Computing Systems. Tokyo, Japan, 2004:320-327.
[3] Gal-Or E, Ghose A. The economic incentives for sharing security information [J]. Information Systems Research, 2005, 16(2):186-208.
[4] Lye K W, Wing J M. Game strategies in network security[J]. International Journal of Information Security, 2005, 4(1):71-86.
[5] Cavusoglu H, Raghunathan S. Configuration of detection software: a comparison of decision and game theory approaches [J]. Decision Analysis, 2004, 1(3):131-148.
[6] Piessens F. Taxonomy of causes of software vulnerabilities in internet software[C]//Proc of the 13th Int Symp on Software Reliability Engineering. Annapolis, ML, USA, 2002: 47-52.
[7] Zhu Jianming, Raghunathan S. Evaluation model of information security technologies based on game theoretic [J]. Chinese Journal of Computers, 2009, 32(4):828-834.(in Chinese)
[8] Cavusoglu H, Raghunathan S, Cavusoglu H. Configuration of and interaction between information security technologies: the case of firewalls and intrusion detection systems [J]. Information Systems Research, 2009, 20(2):198-217.
[9] Zhang Hongqi. Information security technology [M]. Beijing: Higher Education Press, 2008: 339-358.(in Chinese)
[10] Cavusoglu H, Mishra H, Raghunathan S. The value of intrusion detection systems(IDSs)in information technology security [J]. Information Systems Research, 2005, 16(1):28-46.
[11] Gordon L A, Loeb M P. The economics of information security investment [J]. ACM Transactions on Information and System Security, 2002, 5(4):438-457.

Memo

Memo:

Biographies: Zhao Liurong(1986—), female, graduate; Mei Shue(corresponding author), female, doctor, professor, meishue@seu.edu.cn.
Foundation items: The National Natural Science Foundation of China(No.71071033), the Innovation Project of Jiangsu Postgraduate Education(No.CX10B_058Z).
Citation: Zhao Liurong, Mei Shu’e, Zhong Weijun.Optimal configuration of firewall, IDS and vulnerability scan by game theory[J].Journal of Southeast University(English Edition), 2011, 27(2):144-147.[doi:10.3969/j.issn.1003-7985.2011.02.006]

Common functions