Can a good offense be a good defense? Vulnerability testing of anomaly detectors through an artificial arms race
نویسندگان
چکیده
Intrusion detection systems, which aim to protect our IT infrastructure are not infallible. Attackers take advantage of detector vulnerabilities and weaknesses to evade detection, hence hindering the effectiveness of the detectors. To do so, attackers generate evasion attacks which can eliminate or minimize the detection while successfully achieving the attacker’s goals. This work proposes an artificial arms race between an automated ‘white-hat’ attacker and various anomaly detectors for the purpose of identifying detector weaknesses. The proposed arms rac aims to automate the vulnerability testing of the anomaly detectors so that the security experts can be more proactive in eliminating detector vulnerabilities.
منابع مشابه
What is the offense - defense balance and can we measure it ? ( Offense ,
Offense-defense theory offers an optimistic view of international politics based on the argument that war can be prevented if defense gains an advantage over offense. It also argues that an effective arms control can reduce the risk of arms races and war. The theory has been useful in foreign policy analysis and in international relations scholarship since it is used to explain theoretical and ...
متن کاملMission Impossible: Measuring the Offense-Defense Balance with Military Net Assessment
Charles Glaser’s Rational Theory of International Politics argues that state security competition is not an inevitable consequence of international anarchy.1 To be sure, sometimes the attempt by one state to increase its security has the unintended and unavoidable effect of decreasing the security of others—triggering a spiral of arms racing and diplomatic hostility that results in war. At othe...
متن کاملCalculated Security? Mathematical Modelling of Conflict and Cooperation
The pioneering work of Lewis Fry Richardson on modelling the arms race raised expectations that mathematics can contribute to peace and conflict resolution. Based upon Richardson’s model, various extensions are discussed, with a focus on time-discrete nonlinear models showing chaotic behavior. As a general framework for the modelling of conflict and cooperation in international security a multi...
متن کاملBuilding a Persian Gulf Missile Defense Shield and its Impact on Regional Security: (2001-2017)
The gradual development of the US missile defense shield from Europe to the Persian Gulf region over the past decade and the deployment of radar components and defenses of this project, both in the Persian Gulf region and in its floating zone, have plenty implications for regional and international systems and has aggravated the fragile security of the Persian Gulf region. Some issues such as t...
متن کاملCombining Multiple Host-Based Detectors Using Decision Tree
As the information technology grows interests in the intrusion detection system (IDS), which detects unauthorized usage, misuse by a local user and modification of important data, have been raised. In the field of anomaly-based IDS several artificial intelligence techniques are used to model normal behavior. However, there is no perfect detection method so that most of IDSs can detect the limit...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Appl. Soft Comput.
دوره 11 شماره
صفحات -
تاریخ انتشار 2011