Share Email Print
cover

Proceedings Paper

On resilience studies of system detection and recovery techniques against stealthy insider attacks
Author(s): Sixiao Wei; Hanlin Zhang; Genshe Chen; Dan Shen; Wei Yu; Khanh D. Pham; Erik P. Blasch; Jose B. Cruz
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

With the explosive growth of network technologies, insider attacks have become a major concern to business operations that largely rely on computer networks. To better detect insider attacks that marginally manipulate network traffic over time, and to recover the system from attacks, in this paper we implement a temporal-based detection scheme using the sequential hypothesis testing technique. Two hypothetical states are considered: the null hypothesis that the collected information is from benign historical traffic and the alternative hypothesis that the network is under attack. The objective of such a detection scheme is to recognize the change within the shortest time by comparing the two defined hypotheses. In addition, once the attack is detected, a server migration-based system recovery scheme can be triggered to recover the system to the state prior to the attack. To understand mitigation of insider attacks, a multi-functional web display of the detection analysis was developed for real-time analytic. Experiments using real-world traffic traces evaluate the effectiveness of Detection System and Recovery (DeSyAR) scheme. The evaluation data validates the detection scheme based on sequential hypothesis testing and the server migration-based system recovery scheme can perform well in effectively detecting insider attacks and recovering the system under attack.

Paper Details

Date Published: 17 May 2016
PDF: 10 pages
Proc. SPIE 9838, Sensors and Systems for Space Applications IX, 98380G (17 May 2016); doi: 10.1117/12.2225409
Show Author Affiliations
Sixiao Wei, Intelligent Fusion Technology, Inc. (United States)
Hanlin Zhang, Towson Univ. (United States)
Genshe Chen, Intelligent Fusion Technology, Inc. (United States)
Dan Shen, Intelligent Fusion Technology, Inc. (United States)
Wei Yu, Towson Univ. (United States)
Khanh D. Pham, Air Force Research Lab. (United States)
Erik P. Blasch, Air Force Research Lab. (United States)
Jose B. Cruz, The Ohio State Univ. (United States)


Published in SPIE Proceedings Vol. 9838:
Sensors and Systems for Space Applications IX
Khanh D. Pham; Genshe Chen, Editor(s)

© SPIE. Terms of Use
Back to Top