基于风险偏好的信息系统安全技术策略研究
发布时间:2019-01-23 18:20
【摘要】:以IDSs和人工调查技术组合为例,通过构建博弈模型,分析了基于风险偏好的信息系统安全技术选择与配置策略,认为组织信息系统安全技术的选择与配置不仅受其自身风险偏好影响,同时还受黑客风险偏好影响。研究结论显示:组织在黑客期望收益很低时对风险厌恶型黑客的人工调查率更高,而在黑客期望收益很高时对风险中立型黑客的调查率更高;黑客在组织人工调查成本较低时更倾向于入侵风险中立型组织,在人工调查成本很高时更愿意入侵风险厌恶型组织;多IDSs的防护效率并非总是优于单IDS,组织在两者之间选择时取防护效率高者,而不受风险偏好影响。
[Abstract]:Taking the combination of IDSs and artificial investigation technology as an example, the selection and configuration strategy of information system security technology based on risk preference is analyzed by constructing a game model. It is considered that the choice and configuration of organizational information system security technology is influenced not only by its own risk preference, but also by the hacker's risk preference. The results show that the investigation rate of risk-averse hackers is higher when the expected income of hackers is very low, and the investigation rate of risk-neutral hackers is higher when the expected returns of hackers are very high. Hackers are more inclined to intrusion risk neutral organization when the cost of organizing artificial investigation is low, and more willing to intrude risk aversion organization when the cost of manual investigation is very high. The protection efficiency of multiple IDSs is not always better than that of single IDS, organization, but is not affected by risk preference.
【作者单位】: 扬州大学商学院;东南大学经济管理学院;
【基金】:国家自然科学基金资助项目(71071033) 扬州大学人文社科研究基金项目(xjj2016-38)
【分类号】:TP309
[Abstract]:Taking the combination of IDSs and artificial investigation technology as an example, the selection and configuration strategy of information system security technology based on risk preference is analyzed by constructing a game model. It is considered that the choice and configuration of organizational information system security technology is influenced not only by its own risk preference, but also by the hacker's risk preference. The results show that the investigation rate of risk-averse hackers is higher when the expected income of hackers is very low, and the investigation rate of risk-neutral hackers is higher when the expected returns of hackers are very high. Hackers are more inclined to intrusion risk neutral organization when the cost of organizing artificial investigation is low, and more willing to intrude risk aversion organization when the cost of manual investigation is very high. The protection efficiency of multiple IDSs is not always better than that of single IDS, organization, but is not affected by risk preference.
【作者单位】: 扬州大学商学院;东南大学经济管理学院;
【基金】:国家自然科学基金资助项目(71071033) 扬州大学人文社科研究基金项目(xjj2016-38)
【分类号】:TP309
【相似文献】
相关期刊论文 前10条
1 刘兵;李大赛;葛培培;李Z,
本文编号:2414080
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2414080.html
