TY - JOUR
T1 - Maintaining defender's reputation in anomaly detection against insider attacks
AU - Zhang, Nan
AU - Yu, Wei
AU - Fu, Xinwen
AU - Das, Sajal K.
N1 - Funding Information:
Manuscript received January 1, 2009; revised July 5, 2009. First published November 24, 2009; current version published June 16, 2010. This work was supported in part by the Air Force Office of Scientific Research under Grant FA9550-08-1-0260, by the National Science Foundation under Grants IIS-0326505, CNS-0721766, CNS-0721951, CNS-0722856, IIS-0845644, CNS-0852673, and CCF-0852674, and by the Texas Advanced Research Program under Grant 14-748779. This paper was recommended by Associate Editor T. Vasilakos.
PY - 2010/6
Y1 - 2010/6
N2 - We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.
AB - We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.
UR - http://www.scopus.com/inward/record.url?scp=77952581914&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77952581914&partnerID=8YFLogxK
U2 - 10.1109/TSMCB.2009.2033564
DO - 10.1109/TSMCB.2009.2033564
M3 - Article
C2 - 19933017
AN - SCOPUS:77952581914
VL - 40
SP - 597
EP - 611
JO - IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
JF - IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
SN - 1083-4419
IS - 3
M1 - 5340523
ER -