Detection of attack strategies

Author

Alsuhibany, Suliman A. ; Morisset, Charles ; Van Moorsel, Aad

Author_Institution

Centre for Cybercrime & Comput. Security, Newcastle Univ., Newcastle upon Tyne, UK

fYear

2013

fDate

23-25 Oct. 2013

Firstpage

1

Lastpage

8

Abstract

An intrusion and attack detection system usually focuses on classifying a record as either normal or abnormal. In some cases such as insider attacks, attackers rely on feedback from the attacked system, which enables them to gradually manipulate their attempts in order to avoid detection. This paper proposes the notion of accumulative manipulation that can be observed through a number of attempts accomplished by the attacker, which forms the basis of the Attacker Learning Curve (ALC). Based on a controlled experiment, we first show that the ALC for three different attack strategies are consistent between two different groups of subjects. We then define a strategy detection mechanism, which is experimentally shown to be accurate more than 70% of the time.

Keywords

learning (artificial intelligence); security of data; ALC; attack detection system; attack strategy detection mechanism; attacked system; attacker learning curve; intrusion detection; Security; Thesauri; Attacker Learning Curve; Intrusion Detection; Strategy Detection; Supervised Learning; Unsupervised Learning;

fLanguage

English

Publisher

ieee

Conference_Titel

Risks and Security of Internet and Systems (CRiSIS), 2013 International Conference on

Conference_Location

La Rochelle

Type

conf

DOI

10.1109/CRiSIS.2013.6766353

Filename

6766353