How to trick the Borg: threat models against manual and automated techniques for detecting network attacks. Issue 81 (March 2019)
- Record Type:
- Journal Article
- Title:
- How to trick the Borg: threat models against manual and automated techniques for detecting network attacks. Issue 81 (March 2019)
- Main Title:
- How to trick the Borg: threat models against manual and automated techniques for detecting network attacks
- Authors:
- Sabottke, Carl
Chen, Daniel
Layman, Lucas
Dumitraş, Tudor - Abstract:
- Abstract: Cyber attackers constantly craft new attacks previously unknown to the security community. There are two approaches for detecting such attacks: (1) employing human analysts who can observe the data and identify anomalies that correspond to malicious intent; and (2) utilizing unsupervised automated techniques, such as clustering, that do not rely on ground truth. We conduct a security analysis of the two approaches, utilizing attacks against a real-world website. Through two experiments—a user study with 65 security analysts and an experimental analysis of attack discovery usingDBSCAN clustering—we compare the strategies and features employed by human analysts and clustering system for detecting attacks. Building on these observations, we propose threat models for the human analysis process and for the unsupervised techniques when operating in adversarial settings. Based on our analysis, we propose and evaluate two attacks against theDBSCAN clustering algorithm and a defense. Finally, we discuss the implications of our insights for hybrid systems that utilize the strengths of automation and of human analysis to complement their respective weaknesses.
- Is Part Of:
- Computers & security. Issue 81(2019)
- Journal:
- Computers & security
- Issue:
- Issue 81(2019)
- Issue Display:
- Volume 81, Issue 81 (2019)
- Year:
- 2019
- Volume:
- 81
- Issue:
- 81
- Issue Sort Value:
- 2019-0081-0081-0000
- Page Start:
- 25
- Page End:
- 40
- Publication Date:
- 2019-03
- Subjects:
- Cyber attack -- Human factors -- Unsupervised learning -- DBSCAN -- Log analysis
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2018.07.022 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 9378.xml