Maintaining defender's reputation in anomaly detection against insider attacks

Nan Zhang; Wei Yu; Xinwen Fu; Sajal K. Das

doi:10.1109/TSMCB.2009.2033564

Maintaining defender's reputation in anomaly detection against insider attacks

Nan Zhang, Wei Yu, Xinwen Fu, Sajal K. Das

College of Information Sciences and Technology

Research output: Contribution to journal › Article

23 Scopus citations

Abstract

We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.

Original language	English (US)
Article number	5340523
Pages (from-to)	597-611
Number of pages	15
Journal	IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Volume	40
Issue number	3
DOIs	https://doi.org/10.1109/TSMCB.2009.2033564
State	Published - Jun 1 2010

All Science Journal Classification (ASJC) codes

Control and Systems Engineering
Software
Information Systems
Human-Computer Interaction
Computer Science Applications
Electrical and Electronic Engineering

Access to Document

10.1109/TSMCB.2009.2033564

Fingerprint Dive into the research topics of 'Maintaining defender's reputation in anomaly detection against insider attacks'. Together they form a unique fingerprint.

Cite this

Zhang, N., Yu, W., Fu, X., & Das, S. K. (2010). Maintaining defender's reputation in anomaly detection against insider attacks. IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, 40(3), 597-611. [5340523]. https://doi.org/10.1109/TSMCB.2009.2033564

@article{47c5f64a103546868092c79cc154258d,

title = "Maintaining defender's reputation in anomaly detection against insider attacks",

abstract = "We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.",

author = "Nan Zhang and Wei Yu and Xinwen Fu and Das, {Sajal K.}",

year = "2010",

month = jun,

day = "1",

doi = "10.1109/TSMCB.2009.2033564",

language = "English (US)",

volume = "40",

pages = "597--611",

journal = "IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics",

issn = "1083-4419",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - Maintaining defender's reputation in anomaly detection against insider attacks

AU - Zhang, Nan

AU - Yu, Wei

AU - Fu, Xinwen

AU - Das, Sajal K.

PY - 2010/6/1

Y1 - 2010/6/1

N2 - We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.

AB - We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.

UR - http://www.scopus.com/inward/record.url?scp=77952581914&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77952581914&partnerID=8YFLogxK

U2 - 10.1109/TSMCB.2009.2033564

DO - 10.1109/TSMCB.2009.2033564

M3 - Article

C2 - 19933017

AN - SCOPUS:77952581914

VL - 40

SP - 597

EP - 611

JO - IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

JF - IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

SN - 1083-4419

IS - 3

M1 - 5340523

ER -