Making decisions about intrusion detection and/or prevention system (IDPS) enhancements are often limited to tool effectiveness (i.e., predictive performance). However, in many cases, the tools in an IDPS are operating in information environments, where the malicious behavior is difficult to discern, and computational resources are limited. We develop three novel IDPS performance models motivated by the return on investment (ROI) metric, where each model is designed to compare each tool’s relative contributions to the system-level performance over multiple scenarios and configurations. Each of our approaches combine statistical accuracy metrics and computational resource costs into one model to facilitate decision making on IDPS configurations.
Nandi O. Leslie, Lisa M. Marvel, Joshua Edwards, Kyra Comroe, Gregory Shearer, and Lawrence Knachel, "Modeling approaches for intrusion detection and prevention system return on investment," Proc. SPIE 10185, Cyber Sensing 2017, 1018502 (Presented at SPIE Defense + Security: April 11, 2017; Published: 1 May 2017); https://doi.org/10.1117/12.2258026.
Conference Presentations are recordings of oral presentations given at SPIE conferences and published as part of the conference proceedings. They include the speaker's narration along with a video recording of the presentation slides and animations. Many conference presentations also include full-text papers. Search and browse our growing collection of more than 14,000 conference presentations, including many plenary and keynote presentations.