Model for cyber attacker behavioral analysis

Today the world is under virtually constant attack, targeted by increasingly sophisticated and well funded attackers. The increasing efficacy of cyber threats continues to highlight the inadequacies of traditional defense mechanism such as firewalls and Intrusion Detection System. The security analyst however focuses on finding the technical deficiency but do not consider the adversaries motivations and their diversity in attacking mechanism. The attackers are not analogous; they differ in their motivations, strategies, devices used and potential. In order to analyze and design security system, it is therefore necessary to consider characteristics that ascertain attack strategy, attacker behavior and threats generated by attackers. The attacker behavioral analysis has proved to be an impulsive aid for threat analysis. A generic model is proposed to model the cyber attacker's behavior more accurately by considering the principles behind the attacker's behavior and thereby generating the profile of an attacker.

[1]  Yuan Xue,et al.  Taxonomy for description of cross-domain attacks on CPS , 2013, HiCoNS '13.

[2]  Idris Bharanidharan Shanmugam,et al.  Hybrid intelligent Intrusion Detection System , 2005 .

[3]  Antonio Colella,et al.  Digital scene of crime: technique of profiling users , 2012, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[4]  Anazida Zainal,et al.  A novel intrusion detection framework for Wireless Sensor Networks , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[5]  Zhang Rui A Survey of Intrusion Detection Systems , 2002 .

[6]  Jan Willemson,et al.  TREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster) , 2014, S&P 2014.

[7]  Ray Hunt,et al.  Intrusion detection techniques and approaches , 2002, Comput. Commun..

[8]  Hui Zhang,et al.  Behavior profiling for robust anomaly detection , 2010, 2010 IEEE International Conference on Wireless Communications, Networking and Information Security.

[9]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[10]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[11]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[12]  Alexandros G. Fragkiadakis,et al.  Design and performance evaluation of a lightweight wireless early warning intrusion detection prototype , 2012, EURASIP J. Wirel. Commun. Netw..

[13]  Yuanjie Li,et al.  Signaling game based strategy of intrusion detection in wireless sensor networks , 2011, Comput. Math. Appl..

[14]  Mark Stamp,et al.  Handbook of Information and Communication Security , 2010, Handbook of Information and Communication Security.

[15]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[16]  Biming Tian,et al.  Anomaly detection in wireless sensor networks: A survey , 2011, J. Netw. Comput. Appl..

[17]  Eugene H. Spafford,et al.  An Application of Pattern Matching in Intrusion Detection , 1994 .

[18]  A. Murali,et al.  A Survey on Intrusion Detection Approaches , 2005, 2005 International Conference on Information and Communication Technologies.