Title :
Detection of attack strategies
Author :
Alsuhibany, Suliman A. ; Morisset, Charles ; Van Moorsel, Aad
Author_Institution :
Centre for Cybercrime & Comput. Security, Newcastle Univ., Newcastle upon Tyne, UK
Abstract :
An intrusion and attack detection system usually focuses on classifying a record as either normal or abnormal. In some cases such as insider attacks, attackers rely on feedback from the attacked system, which enables them to gradually manipulate their attempts in order to avoid detection. This paper proposes the notion of accumulative manipulation that can be observed through a number of attempts accomplished by the attacker, which forms the basis of the Attacker Learning Curve (ALC). Based on a controlled experiment, we first show that the ALC for three different attack strategies are consistent between two different groups of subjects. We then define a strategy detection mechanism, which is experimentally shown to be accurate more than 70% of the time.
Keywords :
learning (artificial intelligence); security of data; ALC; attack detection system; attack strategy detection mechanism; attacked system; attacker learning curve; intrusion detection; Security; Thesauri; Attacker Learning Curve; Intrusion Detection; Strategy Detection; Supervised Learning; Unsupervised Learning;
Conference_Titel :
Risks and Security of Internet and Systems (CRiSIS), 2013 International Conference on
Conference_Location :
La Rochelle
DOI :
10.1109/CRiSIS.2013.6766353
