【摘要】：以IDSs和人工調(diào)查技術(shù)組合為例,通過構(gòu)建博弈模型,分析了基于風(fēng)險偏好的信息系統(tǒng)安全技術(shù)選擇與配置策略,認為組織信息系統(tǒng)安全技術(shù)的選擇與配置不僅受其自身風(fēng)險偏好影響,同時還受黑客風(fēng)險偏好影響。研究結(jié)論顯示:組織在黑客期望收益很低時對風(fēng)險厭惡型黑客的人工調(diào)查率更高,而在黑客期望收益很高時對風(fēng)險中立型黑客的調(diào)查率更高;黑客在組織人工調(diào)查成本較低時更傾向于入侵風(fēng)險中立型組織,在人工調(diào)查成本很高時更愿意入侵風(fēng)險厭惡型組織;多IDSs的防護效率并非總是優(yōu)于單IDS,組織在兩者之間選擇時取防護效率高者,而不受風(fēng)險偏好影響。
[Abstract]:Taking the combination of IDSs and artificial investigation technology as an example, the selection and configuration strategy of information system security technology based on risk preference is analyzed by constructing a game model. It is considered that the choice and configuration of organizational information system security technology is influenced not only by its own risk preference, but also by the hacker's risk preference. The results show that the investigation rate of risk-averse hackers is higher when the expected income of hackers is very low, and the investigation rate of risk-neutral hackers is higher when the expected returns of hackers are very high. Hackers are more inclined to intrusion risk neutral organization when the cost of organizing artificial investigation is low, and more willing to intrude risk aversion organization when the cost of manual investigation is very high. The protection efficiency of multiple IDSs is not always better than that of single IDS, organization, but is not affected by risk preference.
【作者單位】： 揚州大學(xué)商學(xué)院;東南大學(xué)經(jīng)濟管理學(xué)院;
【基金】：國家自然科學(xué)基金資助項目(71071033) 揚州大學(xué)人文社科研究基金項目(xjj2016-38)
【分類號】：TP309

【相似文獻】

相關(guān)期刊論文 前10條

1 劉兵;李大賽;葛培培;李Z，

本文編號：2414080