Abstract
We address issues related to the establishment of defender's reputation in anomaly detection against insider attacks. We consider two types of attackers: smart insiders, which learn from historic attacks and adapt their strategies to avoid detection/punishment, and naïve attackers, which blindly launch their attacks. We introduce two novel reputation-establishment algorithms for systems with solely smart insiders and systems with both smart insiders and naïve attackers, respectively. Theoretical analysis and simulation results show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.
Original language | English (US) |
---|---|
Article number | 4724358 |
Pages (from-to) | 501-508 |
Number of pages | 8 |
Journal | Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS |
DOIs | |
State | Published - 2008 |
Event | 2008 14th IEEE International Conference on Parallel and Distributed Systems, ICPADS'08 - Melbourne, VIC, Australia Duration: Dec 8 2008 → Dec 10 2008 |
All Science Journal Classification (ASJC) codes
- Hardware and Architecture