Abstract
We address issues related to the establishment of defender's reputation in anomaly detection against insider attacks. We consider two types of attackers: smart insiders, which learn from historic attacks and adapt their strategies to avoid detection/punishment, and naïve attackers, which blindly launch their attacks. We introduce two novel reputation-establishment algorithms for systems with solely smart insiders and systems with both smart insiders and naïve attackers, respectively. Theoretical analysis and simulation results show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.
| Original language | English (US) |
|---|---|
| Article number | 4724358 |
| Pages (from-to) | 501-508 |
| Number of pages | 8 |
| Journal | Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS |
| DOIs | |
| State | Published - 2008 |
| Event | 2008 14th IEEE International Conference on Parallel and Distributed Systems, ICPADS'08 - Melbourne, VIC, Australia Duration: Dec 8 2008 → Dec 10 2008 |
All Science Journal Classification (ASJC) codes
- Hardware and Architecture