Maintaining defender's reputation in anomaly detection against insider attacks

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

Volumn 40, Issue 3, 2010, Pages 597-611

  Zhang, Nan ^a   Yu, Wei ^b   Fu, Xinwen ^c   Das, Sajal K ^d  

^a George Washington University   (United States)

^b TOWSON UNIVERSITY   (United States)

^c University of Massachusetts Lowell   (United States)

^d The University of Texas at Arlington   (United States)

Author keywords

Anomaly detection; Game theory; Insider attack

Indexed keywords

ANOMALY DETECTION; FALSE POSITIVE; INSIDER ATTACK; NOVEL ALGORITHM; PERFORMANCE EVALUATION;

ALGORITHMS; GAME THEORY;

SECURITY OF DATA;

ALGORITHM; ARTICLE; COMPUTER SECURITY; DECISION SUPPORT SYSTEM; FRAUD; GAME; THEORETICAL MODEL;

ALGORITHMS; COMPUTER SECURITY; DECISION SUPPORT TECHNIQUES; FRAUD; GAME THEORY; MODELS, THEORETICAL;

EID: 77952581914     PISSN: 10834419     EISSN: None     Source Type: Journal    
DOI: 10.1109/TSMCB.2009.2033564     Document Type: Article

References (32)

1. A. Liu, C. Martin, T. Hetherington, and S. Matzner, "AI lessons learned from experiments in insider threat detection, " in Proc. AAAI Spring Symp., 2006, pp. 49-55.
2. J. B. Colombe and G. Stephens, "Statistical profiling and visualization for detection of malicious insider attacks on computer networks, " in Proc. ACM Workshop Visualization Data Mining Comput. Security, 2004, pp. 138-142.
3. A. Liu, C. Martin, T. Hetherington, and S. Matzner, "A comparison of system call feature representations for insider threat detection, " in Proc. IEEE Workshop Inf. Assurance, 2005, pp. 340-347.
4. P. Liu, W. Zang, and M. Yu, "Incentive-based modeling and inference of attacker intent, objectives, and strategies, " ACM Trans. Inf. Syst. Secur., vol. 8, no. 1, pp. 78-118, Feb. 2005.
5. J. Xu and W. Lee, "Sustaining availability of web services under distributed denial of service attacks, " IEEE Trans. Comput., vol. 52, no. 2, pp. 195-208, Feb. 2003.
6. L. A. Gordon and M. P. Loeb, "Using information security as a response to competitor analysis systems, " Commun. ACM, vol. 44, no. 9, pp. 70-75, Sep. 2001.
7. L. Buttyan and J. P. Hubaux, Security and Cooperation in Wireless Networks. Cambridge, MA: Cambridge Univ. Press, 2007.
8. W. Yu and K. J. R. Liu, "Game theoretic analysis of cooperation stimulation and security in autonomous mobile ad hoc networks, " IEEE Trans. Mobile Comput., vol. 6, no. 5, pp. 459-473, May 2007.
9. T. Alpcan and T. Basar, "A game theoretic analysis of intrusion detection in access control systems, " in Proc. 43rd IEEE Conf. Decision Control, 2004, pp. 1568-1573.
10. Y. Liu, C. Comaniciu, and H. Man, "A Bayesian game approach for intrusion detection in wireless ad hoc networks, " in Proc. Workshop Game Theory Commun. Netw., 2006, Article No. 4.
11. P. Michiardi and R. Molva, "Core: A collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks, " in Proc. IFIP TC6/TC11 6th Joint Working Conf. Commun. Multimed. Security, 2002, pp. 107-121.
12. N. Zhang and W. Zhao, "Distributed privacy preserving information sharing, " in Proc. VLDB, 2005, pp. 889-900.
13. T. Alpcan and T. Basar, "An intrusion detection game with limited observations, " in Proc. 12th Int. Symp. Dyn. Games Appl., 2006.
14. D. Fudenberg and D. K. Levine, "Reputation and equilibrium selection in games with a patient player, " Econometrica, vol. 57, no. 4, pp. 759-778, 1989.
15. N. Zhang, W. Yu, X. Fu, and S. K. Das, "On the establishment of defender's reputation against insider attacks, " Dept. Comput. Sci., George Washington Univ., Washington, DC, Tech. Rep. TR-GWU-CS-09-002, 2009.
16. H. Kim and B. Karp, "Autograph: Toward automated, distributed worm signature detection, " in Proc. USENIX SECURITY, 2004, pp. 271-286.
17. A. Lakhina, M. Crovella, and C. Diot, "Diagnosing network-wide traffic anomalies, " in Proc. SIGCOMM, 2004, pp. 219-230.
18. S. Axelsson, "The base-rate fallacy and its implications for the difficulty of intrusion detection, " in Proc. CCS, 1999, pp. 1-7.
19. D. Fudenberg and J. Tirole, Game Theory. Cambridge, MA: MIT Press, 1991.
20. A. C. Tamhane and D. D. Dunlop, Statistics and Data Analysis: From Elementary to Intermediate. Englewood Cliffs, NJ: Prentice-Hall, 2000.
21. R. Chinchani, A. Iyer, H. Q. Ngo, and S. Upadhyaya, "Towards a theory of insider threat assessment, " in Proc. DSN, 2005, pp. 108-117.
22. P. Thompson, "Weak models for insider threat detection, " Proc. SPIE, pp. 40-48, 2004.
23. L. Spitzner, "Honeypots: Catching the insider threat, " in Proc. ACSAC, 2003, pp. 170-179.
24. S. Pramanik, V. Sankaranarayanan, and S. Upadhyaya, "Security policies to mitigate insider threat in the document control domain, " in Proc. ACSAC, 2004, pp. 304-313.
25. P. Ning and K. Sun, "How to misuse AODV: A case study of insider attacks against mobile ad-hoc routing protocols, " Ad Hoc Netw., vol. 3, no. 6, pp. 795-819, 2005.
26. D. Whyte, P. C. Van Oorschot, and E. Kranakis, "Detecting intraenterprise scanning worms based on address resolution, " in Proc. ACSAC, 2005, pp. 371-380.
27. K. Lye and J. M. Wing, "Game strategies in network security, " Int. J. Inf. Secur., vol. 4, no. 1/2, pp. 71-86, 2005.
28. D. Buike, "Towards a game theory model of information warfare, " M. S. thesis, Airforce Inst. Technol., Wright-Patterson AFB, OH, 1999.
29. L. S. Sherwood and R. B. Bhattacharjee, "Cooperative peer groups in NICE, " in Proc. INFOCOM, 2003, pp. 1272-1282.
30. L. Xiong and L. Liu, "PeerTrust: Supporting reputation-based trust in peer-to-peer communities, " IEEE Trans. Knowl. Data Eng., vol. 16, no. 7, pp. 443-459, Jul. 2004.
31. S. Ganeriwal and M. B. Srivastava, "Reputation-based framework for high integrity sensor networks, " in Proc. SASN, 2004, pp. 66-77.
32. D. Fudenberg and D. M. Kreps, "Reputation in the simultaneous play of multiple opponents, " Rev. Econ. Stud., vol. 54, no. 4, pp. 541-568, Oct. 1987.