Maintaining defender's reputation in anomaly detection against insider attacks

Nan Zhang, Wei Yu, Xinwen Fu, Sajal K. Das

Research output: Contribution to journalArticle

23 Scopus citations

Abstract

We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.

Original languageEnglish (US)
Article number5340523
Pages (from-to)597-611
Number of pages15
JournalIEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Volume40
Issue number3
DOIs
StatePublished - Jun 1 2010

All Science Journal Classification (ASJC) codes

  • Control and Systems Engineering
  • Software
  • Information Systems
  • Human-Computer Interaction
  • Computer Science Applications
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Maintaining defender's reputation in anomaly detection against insider attacks'. Together they form a unique fingerprint.

  • Cite this