Towards effective defense against insider attacks

The establishment of defender's reputation

Nan Zhang, Wei Yu, Xinwen Fu, Sajal K. Das

Research output: Contribution to journalConference article

2 Citations (Scopus)

Abstract

We address issues related to the establishment of defender's reputation in anomaly detection against insider attacks. We consider two types of attackers: smart insiders, which learn from historic attacks and adapt their strategies to avoid detection/punishment, and naïve attackers, which blindly launch their attacks. We introduce two novel reputation-establishment algorithms for systems with solely smart insiders and systems with both smart insiders and naïve attackers, respectively. Theoretical analysis and simulation results show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.

Original languageEnglish (US)
Article number4724358
Pages (from-to)501-508
Number of pages8
JournalProceedings of the International Conference on Parallel and Distributed Systems - ICPADS
DOIs
StatePublished - Dec 1 2008
Event2008 14th IEEE International Conference on Parallel and Distributed Systems, ICPADS'08 - Melbourne, VIC, Australia
Duration: Dec 8 2008Dec 10 2008

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture

Cite this

@article{3823656575814148bef71643e6756c74,
title = "Towards effective defense against insider attacks: The establishment of defender's reputation",
abstract = "We address issues related to the establishment of defender's reputation in anomaly detection against insider attacks. We consider two types of attackers: smart insiders, which learn from historic attacks and adapt their strategies to avoid detection/punishment, and na{\"i}ve attackers, which blindly launch their attacks. We introduce two novel reputation-establishment algorithms for systems with solely smart insiders and systems with both smart insiders and na{\"i}ve attackers, respectively. Theoretical analysis and simulation results show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.",
author = "Nan Zhang and Wei Yu and Xinwen Fu and Das, {Sajal K.}",
year = "2008",
month = "12",
day = "1",
doi = "10.1109/ICPADS.2008.85",
language = "English (US)",
pages = "501--508",
journal = "Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS",
issn = "1521-9097",

}

Towards effective defense against insider attacks : The establishment of defender's reputation. / Zhang, Nan; Yu, Wei; Fu, Xinwen; Das, Sajal K.

In: Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS, 01.12.2008, p. 501-508.

Research output: Contribution to journalConference article

TY - JOUR

T1 - Towards effective defense against insider attacks

T2 - The establishment of defender's reputation

AU - Zhang, Nan

AU - Yu, Wei

AU - Fu, Xinwen

AU - Das, Sajal K.

PY - 2008/12/1

Y1 - 2008/12/1

N2 - We address issues related to the establishment of defender's reputation in anomaly detection against insider attacks. We consider two types of attackers: smart insiders, which learn from historic attacks and adapt their strategies to avoid detection/punishment, and naïve attackers, which blindly launch their attacks. We introduce two novel reputation-establishment algorithms for systems with solely smart insiders and systems with both smart insiders and naïve attackers, respectively. Theoretical analysis and simulation results show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.

AB - We address issues related to the establishment of defender's reputation in anomaly detection against insider attacks. We consider two types of attackers: smart insiders, which learn from historic attacks and adapt their strategies to avoid detection/punishment, and naïve attackers, which blindly launch their attacks. We introduce two novel reputation-establishment algorithms for systems with solely smart insiders and systems with both smart insiders and naïve attackers, respectively. Theoretical analysis and simulation results show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.

UR - http://www.scopus.com/inward/record.url?scp=60649109009&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=60649109009&partnerID=8YFLogxK

U2 - 10.1109/ICPADS.2008.85

DO - 10.1109/ICPADS.2008.85

M3 - Conference article

SP - 501

EP - 508

JO - Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS

JF - Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS

SN - 1521-9097

M1 - 4724358

ER -