Maintaining defender's reputation in anomaly detection against insider attacks

Nan Zhang, Wei Yu, Xinwen Fu, Sajal K. Das

Research output: Contribution to journalArticle

20 Citations (Scopus)

Abstract

We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.

Original languageEnglish (US)
Article number5340523
Pages (from-to)597-611
Number of pages15
JournalIEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Volume40
Issue number3
DOIs
StatePublished - Jun 1 2010

All Science Journal Classification (ASJC) codes

  • Control and Systems Engineering
  • Software
  • Information Systems
  • Human-Computer Interaction
  • Computer Science Applications
  • Electrical and Electronic Engineering

Cite this

@article{47c5f64a103546868092c79cc154258d,
title = "Maintaining defender's reputation in anomaly detection against insider attacks",
abstract = "We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.",
author = "Nan Zhang and Wei Yu and Xinwen Fu and Das, {Sajal K.}",
year = "2010",
month = "6",
day = "1",
doi = "10.1109/TSMCB.2009.2033564",
language = "English (US)",
volume = "40",
pages = "597--611",
journal = "IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics",
issn = "1083-4419",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "3",

}

Maintaining defender's reputation in anomaly detection against insider attacks. / Zhang, Nan; Yu, Wei; Fu, Xinwen; Das, Sajal K.

In: IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, Vol. 40, No. 3, 5340523, 01.06.2010, p. 597-611.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Maintaining defender's reputation in anomaly detection against insider attacks

AU - Zhang, Nan

AU - Yu, Wei

AU - Fu, Xinwen

AU - Das, Sajal K.

PY - 2010/6/1

Y1 - 2010/6/1

N2 - We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.

AB - We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.

UR - http://www.scopus.com/inward/record.url?scp=77952581914&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77952581914&partnerID=8YFLogxK

U2 - 10.1109/TSMCB.2009.2033564

DO - 10.1109/TSMCB.2009.2033564

M3 - Article

C2 - 19933017

AN - SCOPUS:77952581914

VL - 40

SP - 597

EP - 611

JO - IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

JF - IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

SN - 1083-4419

IS - 3

M1 - 5340523

ER -