Abstract
We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.
| Original language | English (US) |
|---|---|
| Article number | 5340523 |
| Pages (from-to) | 597-611 |
| Number of pages | 15 |
| Journal | IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics |
| Volume | 40 |
| Issue number | 3 |
| DOIs | |
| State | Published - Jun 1 2010 |
All Science Journal Classification (ASJC) codes
- Control and Systems Engineering
- Software
- Information Systems
- Human-Computer Interaction
- Computer Science Applications
- Electrical and Electronic Engineering
Cite this
}
Maintaining defender's reputation in anomaly detection against insider attacks. / Zhang, Nan; Yu, Wei; Fu, Xinwen; Das, Sajal K.
In: IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, Vol. 40, No. 3, 5340523, 01.06.2010, p. 597-611.Research output: Contribution to journal › Article
TY - JOUR
T1 - Maintaining defender's reputation in anomaly detection against insider attacks
AU - Zhang, Nan
AU - Yu, Wei
AU - Fu, Xinwen
AU - Das, Sajal K.
PY - 2010/6/1
Y1 - 2010/6/1
N2 - We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.
AB - We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) nave attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishmentone for systems solely consisting of smart insiders and the other for systems in which both smart insiders and nave attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.
UR - http://www.scopus.com/inward/record.url?scp=77952581914&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77952581914&partnerID=8YFLogxK
U2 - 10.1109/TSMCB.2009.2033564
DO - 10.1109/TSMCB.2009.2033564
M3 - Article
C2 - 19933017
AN - SCOPUS:77952581914
VL - 40
SP - 597
EP - 611
JO - IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
JF - IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
SN - 1083-4419
IS - 3
M1 - 5340523
ER -