Abstract
In this study, we focus on the maintenance of an intrusion detection system (IDS) that attempts to discriminate between benign and malicious traffic arriving at a firm. An attack is more likely to successfully harm the firm if the ability of its IDS to discriminate between malicious and benign traffic is low, implying loopholes or vulnerabilities in the firm’s security. A novel aspect of this study is the modeling of both continuous degradation in system discrimination ability (drift) and the arrival of abrupt shocks that can suddenly lower discrimination ability. We model shocks to arrive randomly and cause a random decrease in discrimination ability. Furthermore, we prove the existence of a steady‐state level of discrimination ability that firms should strive to reach and maintain. When discrimination ability is below this steady‐state level, full effort must be exerted to reach it. We also compare our model with alternative settings, examine the impact of parameter estimation error, and study scenarios in which the arrival rate of malicious traffic is a function of the steady‐state discrimination ability chosen by the firm.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
