【摘要】：以IDSs和人工調(diào)查技術(shù)組合為例,通過構(gòu)建博弈模型,分析了基于風(fēng)險(xiǎn)偏好的信息系統(tǒng)安全技術(shù)選擇與配置策略,認(rèn)為組織信息系統(tǒng)安全技術(shù)的選擇與配置不僅受其自身風(fēng)險(xiǎn)偏好影響,同時(shí)還受黑客風(fēng)險(xiǎn)偏好影響。研究結(jié)論顯示:組織在黑客期望收益很低時(shí)對(duì)風(fēng)險(xiǎn)厭惡型黑客的人工調(diào)查率更高,而在黑客期望收益很高時(shí)對(duì)風(fēng)險(xiǎn)中立型黑客的調(diào)查率更高;黑客在組織人工調(diào)查成本較低時(shí)更傾向于入侵風(fēng)險(xiǎn)中立型組織,在人工調(diào)查成本很高時(shí)更愿意入侵風(fēng)險(xiǎn)厭惡型組織;多IDSs的防護(hù)效率并非總是優(yōu)于單IDS,組織在兩者之間選擇時(shí)取防護(hù)效率高者,而不受風(fēng)險(xiǎn)偏好影響。
[Abstract]:Taking the combination of IDSs and artificial investigation technology as an example, the selection and configuration strategy of information system security technology based on risk preference is analyzed by constructing a game model. It is considered that the choice and configuration of organizational information system security technology is influenced not only by its own risk preference, but also by the hacker's risk preference. The results show that the investigation rate of risk-averse hackers is higher when the expected income of hackers is very low, and the investigation rate of risk-neutral hackers is higher when the expected returns of hackers are very high. Hackers are more inclined to intrusion risk neutral organization when the cost of organizing artificial investigation is low, and more willing to intrude risk aversion organization when the cost of manual investigation is very high. The protection efficiency of multiple IDSs is not always better than that of single IDS, organization, but is not affected by risk preference.
【作者單位】： 揚(yáng)州大學(xué)商學(xué)院;東南大學(xué)經(jīng)濟(jì)管理學(xué)院;
【基金】：國(guó)家自然科學(xué)基金資助項(xiàng)目(71071033) 揚(yáng)州大學(xué)人文社科研究基金項(xiàng)目(xjj2016-38)
【分類號(hào)】：TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 劉兵;李大賽;葛培培;李Z，

本文編號(hào)：2414080