Lookup NU author(s): Suliman Alsuhibany,
Dr Charles Morisset,
Professor Aad van Moorsel
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
An intrusion and attack detection system usually focuses on classifying a record as either normal or abnormal. In some cases such as insider attacks, attackers rely on feedback from the attacked system, which enables them to gradually manipulate their attempts in order to avoid detection. This paper proposes the notion of accumulative manipulation that can be observed through a number of attempts accomplished by the attacker, which forms the basis of the Attacker Learning Curve (ALC). Based on a controlled experiment, we first show that the ALC for three different attack strategies are consistent between two different groups of subjects. We then define a strategy detection mechanism, which is experimentally shown to be accurate more than 70% of the time. © 2013 IEEE.
Author(s): Alsuhibany SA, Morisset C, Van Moorsel A
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: 2013 International Conference on Risks and Security of Internet and Systems, CRiSIS 2013
Year of Conference: 2013
Online publication date: 13/03/2014
Publisher: IEEE Computer Society