Security protection design for deception and real system regimes: A model and analysis

Security protection design for deception and real system regimes: A model and analysis

In this paper, we model a possible deception system with the explicit purpose of enticing unauthorized users and restricting their access to the real system. The proposed model represents a system designer’s defensive actions against intruders in a way that maximizes the difference between the intru...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:European journal of operational research 2010-03, Vol.201 (2), p.545-556
Hauptverfasser: Ryu, C., Sharman, R., Rao, H.R., Upadhyaya, S.
Format: Artikel
Sprache:eng
Schlagworte:
Applied sciences
Cybersecurity
Deception system
Decision analysis
Decision analysis Information security Deception system Economic model
Decision theory. Utility theory
Economic model
Economics
Exact sciences and technology
General aspects
Information security
Operational research and scientific management
Operational research. Management science
Studies
Systems design
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, we model a possible deception system with the explicit purpose of enticing unauthorized users and restricting their access to the real system. The proposed model represents a system designer’s defensive actions against intruders in a way that maximizes the difference between the intruders’ cost and the system designer’s cost of system protection. Under the assumption of a dual entity system, the proposed model shows that intruders differ in behavior depending on the system’s vulnerability at the time of intrusion as well as depending on their own economic incentives. The optimal results of the proposed model provide the system designer with insights on how to configure the level of protection for the two systems.
ISSN:0377-2217
1872-6860
DOI:10.1016/j.ejor.2009.03.022