Toward Cost-Sensitive Modeling for Intrusion Detection and Response

Intrusion Detection Systems (IDSs) must maximize the realization of security goals while minimizing costs. This paper studies the problem of building cost-sensitive intrusion detection models. The paper examines the major cost factors associated with an IDS, which include development cost, operational cost, damage cost due to successful intrusions, and the cost of manual and automated response to intrusions. These cost factors can be qualified according to a defined attack taxonomy and site-specific security policies and priorities. Cost models to formulate the total expected cost of an IDS is defined, and present cost-sensitive machine learning techniques that can produce detection models that are optimized for user-defined cost metrics.