The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Using information security as a response to competitor analysis systems
Communications of the ACM
Sustaining Availability of Web Services under Distributed Denial of Service Attacks
IEEE Transactions on Computers
Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks
Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security: Advanced Communications and Multimedia Security
Honeypots: Catching the Insider Threat
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities
IEEE Transactions on Knowledge and Data Engineering
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Reputation-based framework for high integrity sensor networks
Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Security Policies to Mitigate Insider Threat in the Document Control Domain
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
Towards a Theory of Insider Threat Assessment
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Distributed privacy preserving information sharing
VLDB '05 Proceedings of the 31st international conference on Very large data bases
Detecting Intra-enterprise Scanning Worms based on Address Resolution
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
A Bayesian game approach for intrusion detection in wireless ad hoc networks
GameNets '06 Proceeding from the 2006 workshop on Game theory for communications and networks
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Game Theoretic Analysis of Cooperation Stimulation and Security in Autonomous Mobile Ad Hoc Networks
IEEE Transactions on Mobile Computing
Security and Cooperation in Wireless Networks: Thwarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing
gPath: a game-theoretic path selection algorithm to protect Tor's anonymity
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Game theory meets network security and privacy
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
We address issues related to establishing a defender's reputation in anomaly detection against two types of attackers: 1) smart insiders, who learn from historic attacks and adapt their strategies to avoid detection/punishment, and 2) naïve attackers, who blindly launch their attacks without knowledge of the history. In this paper, we propose two novel algorithms for reputation establishment--one for systems solely consisting of smart insiders and the other for systems in which both smart insiders and naïve attackers are present. The theoretical analysis and performance evaluation show that our reputation-establishment algorithms can significantly improve the performance of anomaly detection against insider attacks in terms of the tradeoff between detection and false positives.