As pointed out by Dorothy Denning, cost analysis (and risk assessment in general) is not an exact science because precise measurement of relevant factors is often impossible [8]. Cost-benefit analysis and modeling, however informal or incomplete, is often very helpful for an organization to determine appropriate protection mechanisms. The study of cost-sensitive modeling for intrusion detection is both challenging and extremely important. Our main contributions to this study are in the development of a framework for analyzing cost factors and building cost-sensitive models. In doing so, we offer a better understanding of the development and deployment of cost-effective IDSs.
One limitation of our current modeling techniques is that when cost metrics change, it is necessary to reconstruct new cost-sensitive models. For future work, we will study methods for building dynamic models that do not require re-training. These techniques will help reduce the cost of re-learning models due to changes in intra-site cost metrics and deployment at diverse sites with inherently different cost models.
We will also study how to incorporate uncertainty of cost analysis due to incomplete or imprecise estimation, especially in the case of anomaly detection systems, in the process of cost-sensitive modeling. We will also perform rigorous studies and experiments in a real-word environment to further refine our cost analysis and modeling approaches.