To do: a trade-off study between efficiency (performance) and security level in intrusion detection network system

General idea: In intrusion detection network system (IDNS), each IDS could be viewed as a sensor which operate independently on their network. We will do an analytical study on a trade-off between security level and efficiency in IDNS. We will define our metrics for each notion, for example, efficiency may relate to the total resource consumption with respect to the allowed resource capacity. The performance of the whole system heavily relies on a trade-off between security enforcement and the usability of a system due to the size of signature database (since most of the existing IDS is signature-based not anomaly based system) and the number of the IDS configured on the network level (not the physical level). The performance of the system will degrade when more security is applied at all times, while the system is prone to attacks when the enforcement of security is overlooked. Hence, interesting questions arise : 1)whether there exists a solution that is both efficient and secure, which means it could be solved subject to a certain constraint. 2)whether there exists a trade-off relation between these two indexes, which remains a challenge in this field. I want to find a complete and generally applicable way to analyze this problem, and get their inside relation. It may lead to some fundamental limits in multi-tier secure networked control system design. In addition, if possible we can get the upper bound and lower bound for them.