Optimal Monitoring Policy for a Server System with Multiple Types of Attacks  
Author Mitsuhiro Imaizumi

 

Co-Author(s) Mitsutaka Kimura

 

Abstract Cyber attacks on the Internet have become a prob- lem in recent years, and they have been becoming more sophisticated, complicated and diversi ed. In terms of this problem, a single security measure is not enough, and it is effective to combine multiple security measures. Generally, attacks are monitored by mul- tiple security tools such as Firewall, IDS and WAF. There are host-based tools which enable server mon- itoring by installing software. In terms of host-based tools, if the check is performed frequently, the over- head of system processing becomes larger. Therefore, it is necessary to perform checking under appropriate management policy. This paper formulates stochas- tic models for a server system with multiple security tools to check and monitor multiple types of attacks. Cyber attacks are detected by random checking and periodical checking. The total expected costs until cyber attacks are detected are derived and optimal policies which minimize them are discussed. Finally, numerical examples are given.

 

Keywords Security, WAF, IDS, Inspection, Expected Cost
   
    Article #:  RQD2024-69
 

Proceedings of 29th ISSAT International Conference on Reliability & Quality in Design
August 8-10, 2024