资源描述:
《maintaining defender's reputation in anomaly detection against insider attacks》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、IEEETRANSACTIONSONSYSTEMS,MAN,ANDCYBERNETICSPARTB:CYBERNETICS,VOL.40,NO.3,JUNE2010597MaintainingDefendersReputationinAnomalyDetectionAgainstInsiderAttacksNanZhang,WeiYu,XinwenFu,andSajalK.DasAbstractWeaddressissuesrelatedtoestablishingadefendersexistingresearchbelongstothiscategory.Unfortunately,the
2、reputationinanomalydetectionagainsttwotypesofattackers:stateoftheartcannotyetprovideasatisfiablesolution[3][5].1)smartinsiders,wholearnfromhistoricattacksandadapttheirTheotherapproachisnottorevisetheexistinganomalyde-strategiestoavoiddetection/punishment,and2)naïveattackers,tectiontechniquesbuttobuil
3、duponthemnovelgame-theoreticwhoblindlylaunchtheirattackswithoutknowledgeofthehistory.techniquestoexploittheweaknessoftheobjectiveofinsideInthispaper,weproposetwonovelalgorithmsforreputationestablishmentoneforsystemssolelyconsistingofsmartinsidersattackers[6],particularlythefearofdetection.Wefocusont
4、hisandtheotherforsystemsinwhichbothsmartinsidersandnaïveapproachinthispaper.attackersarepresent.ThetheoreticalanalysisandperformanceSignificantresearchhasbeendoneonthegame-theoreticevaluationshowthatourreputation-establishmentalgorithmsmodelingofintrusiondetectionandnetworksecuritysystemscansignifican
5、tlyimprovetheperformanceofanomalydetection[6][12].Ithasfrequentlybeenobservedthatanattackersagainstinsiderattacksintermsofthetradeoffbetweendetectionstrategydependsonnotonlyitsownobjectivebutalsotheandfalsepositives.toughnessofthedefender(i.e.,thedefenderswillingnessIndexTermsAnomalydetection,gameth
6、eory,insiderattack.toenforcesecurity,evenattheexpenseoffalsepositives).However,tothebestofourknowledge,meagerattentionhasI.INTRODUCTIONbeenpaidontheestablishmentandmaintenanceofadefendersreputationoftoughnesstoforcetheattackerstoabandontheirNSIDERattacksarelaunchedbymalicioususerswhoareattacks.Tradi
7、tionally,thereputationconceptwasintroducedIentrustedwithauthorized(i.e.,insider)accessofasystem.tomodelthetrustworthinessofasuspiciousparty(fromtheFromstealingcorporatedatatopropagatingmalware,itisper
