Intrusion detection systems (IDSs) must maximize the realization of
security goals while minimizing costs. In this paper, we study the
problem of building cost-sensitive intrusion detection models. We
examine the major cost factors associated with an IDS, which include
development cost, operational cost, damage cost due to successful
intrusions, and the cost of manual and automated response to
intrusions. These cost factors can be qualified according to a
defined attack taxonomy and site-specific security policies and
priorities. We define cost models to formulate the total expected
cost of an IDS. We present cost-sensitive machine learning techniques
that can produce detection models that are optimized for user-defined
cost metrics. Empirical experiments show that our cost-sensitive
modeling and deployment techniques are effective in reducing the
overall cost of intrusion detection.