17 May 2016 On resilience studies of system detection and recovery techniques against stealthy insider attacks
Author Affiliations +
With the explosive growth of network technologies, insider attacks have become a major concern to business operations that largely rely on computer networks. To better detect insider attacks that marginally manipulate network traffic over time, and to recover the system from attacks, in this paper we implement a temporal-based detection scheme using the sequential hypothesis testing technique. Two hypothetical states are considered: the null hypothesis that the collected information is from benign historical traffic and the alternative hypothesis that the network is under attack. The objective of such a detection scheme is to recognize the change within the shortest time by comparing the two defined hypotheses. In addition, once the attack is detected, a server migration-based system recovery scheme can be triggered to recover the system to the state prior to the attack. To understand mitigation of insider attacks, a multi-functional web display of the detection analysis was developed for real-time analytic. Experiments using real-world traffic traces evaluate the effectiveness of Detection System and Recovery (DeSyAR) scheme. The evaluation data validates the detection scheme based on sequential hypothesis testing and the server migration-based system recovery scheme can perform well in effectively detecting insider attacks and recovering the system under attack.
© (2016) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Sixiao Wei, Sixiao Wei, Hanlin Zhang, Hanlin Zhang, Genshe Chen, Genshe Chen, Dan Shen, Dan Shen, Wei Yu, Wei Yu, Khanh D. Pham, Khanh D. Pham, Erik P. Blasch, Erik P. Blasch, Jose B. Cruz, Jose B. Cruz, "On resilience studies of system detection and recovery techniques against stealthy insider attacks", Proc. SPIE 9838, Sensors and Systems for Space Applications IX, 98380G (17 May 2016); doi: 10.1117/12.2225409; https://doi.org/10.1117/12.2225409


Back to Top