Detection of attack strategies

Suliman A. Alsuhibany; Charles Morisset; Aad Van Moorsel

doi:10.1109/CRiSIS.2013.6766353

Detection of attack strategies

Suliman A. Alsuhibany
, Charles Morisset
, Aad Van Moorsel

Computer Science

Research output: Contribution to conference (unpublished) › Paper › peer-review

Abstract

An intrusion and attack detection system usually focuses on classifying a record as either normal or abnormal. In some cases such as insider attacks, attackers rely on feedback from the attacked system, which enables them to gradually manipulate their attempts in order to avoid detection. This paper proposes the notion of accumulative manipulation that can be observed through a number of attempts accomplished by the attacker, which forms the basis of the Attacker Learning Curve (ALC). Based on a controlled experiment, we first show that the ALC for three different attack strategies are consistent between two different groups of subjects. We then define a strategy detection mechanism, which is experimentally shown to be accurate more than 70% of the time.

Original language	English
DOIs	https://doi.org/10.1109/CRiSIS.2013.6766353
Publication status	Published - 2013
Event	2013 8th International Conference on Risks and Security of Internet and Systems, CRiSIS 2013 - La Rochelle, France Duration: 23 Oct 2013 → 25 Oct 2013

Conference

Conference	2013 8th International Conference on Risks and Security of Internet and Systems, CRiSIS 2013
Country/Territory	France
City	La Rochelle
Period	23/10/13 → 25/10/13

Keywords

Attacker Learning Curve
Intrusion Detection
Strategy Detection
Supervised Learning
Unsupervised Learning

ASJC Scopus subject areas

Computer Networks and Communications
Safety, Risk, Reliability and Quality

Access to Document

10.1109/CRiSIS.2013.6766353

Cite this

@conference{2390e08c352b4d61a82e5193879fd5ef,

title = "Detection of attack strategies",

abstract = "An intrusion and attack detection system usually focuses on classifying a record as either normal or abnormal. In some cases such as insider attacks, attackers rely on feedback from the attacked system, which enables them to gradually manipulate their attempts in order to avoid detection. This paper proposes the notion of accumulative manipulation that can be observed through a number of attempts accomplished by the attacker, which forms the basis of the Attacker Learning Curve (ALC). Based on a controlled experiment, we first show that the ALC for three different attack strategies are consistent between two different groups of subjects. We then define a strategy detection mechanism, which is experimentally shown to be accurate more than 70\% of the time.",

keywords = "Attacker Learning Curve, Intrusion Detection, Strategy Detection, Supervised Learning, Unsupervised Learning",

author = "Alsuhibany, \{Suliman A.\} and Charles Morisset and \{Van Moorsel\}, Aad",

year = "2013",

doi = "10.1109/CRiSIS.2013.6766353",

language = "English",

note = "2013 8th International Conference on Risks and Security of Internet and Systems, CRiSIS 2013 ; Conference date: 23-10-2013 Through 25-10-2013",

}

TY - CONF

T1 - Detection of attack strategies

AU - Alsuhibany, Suliman A.

AU - Morisset, Charles

AU - Van Moorsel, Aad

PY - 2013

Y1 - 2013

N2 - An intrusion and attack detection system usually focuses on classifying a record as either normal or abnormal. In some cases such as insider attacks, attackers rely on feedback from the attacked system, which enables them to gradually manipulate their attempts in order to avoid detection. This paper proposes the notion of accumulative manipulation that can be observed through a number of attempts accomplished by the attacker, which forms the basis of the Attacker Learning Curve (ALC). Based on a controlled experiment, we first show that the ALC for three different attack strategies are consistent between two different groups of subjects. We then define a strategy detection mechanism, which is experimentally shown to be accurate more than 70% of the time.

AB - An intrusion and attack detection system usually focuses on classifying a record as either normal or abnormal. In some cases such as insider attacks, attackers rely on feedback from the attacked system, which enables them to gradually manipulate their attempts in order to avoid detection. This paper proposes the notion of accumulative manipulation that can be observed through a number of attempts accomplished by the attacker, which forms the basis of the Attacker Learning Curve (ALC). Based on a controlled experiment, we first show that the ALC for three different attack strategies are consistent between two different groups of subjects. We then define a strategy detection mechanism, which is experimentally shown to be accurate more than 70% of the time.

KW - Attacker Learning Curve

KW - Intrusion Detection

KW - Strategy Detection

KW - Supervised Learning

KW - Unsupervised Learning

UR - https://www.scopus.com/pages/publications/84899430969

U2 - 10.1109/CRiSIS.2013.6766353

DO - 10.1109/CRiSIS.2013.6766353

M3 - Paper

AN - SCOPUS:84899430969

T2 - 2013 8th International Conference on Risks and Security of Internet and Systems, CRiSIS 2013

Y2 - 23 October 2013 through 25 October 2013

ER -

Detection of attack strategies

Abstract

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this