You are not logged in.

Fool me if you can: mimicking attacks and anti-attacks in cyberspace

Yu, Shui, Guo, Song and Stojmenovic, Ivan 2015, Fool me if you can: mimicking attacks and anti-attacks in cyberspace, IEEE transactions on computers, vol. 64, no. 1, pp. 139-151, doi: 10.1109/TC.2013.191.

Attached Files
Name Description MIMEType Size Downloads

Title Fool me if you can: mimicking attacks and anti-attacks in cyberspace
Author(s) Yu, ShuiORCID iD for Yu, Shui orcid.org/0000-0003-4485-6743
Guo, Song
Stojmenovic, Ivan
Journal name IEEE transactions on computers
Volume number 64
Issue number 1
Start page 139
End page 151
Total pages 13
Publisher IEEE
Place of publication Piscataway, N.J.
Publication date 2015-01-01
ISSN 0018-9340
Keyword(s) Science & Technology
Technology
Computer Science, Hardware & Architecture
Engineering, Electrical & Electronic
Computer Science
Engineering
Mimicking
flash crowd attack
detection
second order metrics
BROWSING BEHAVIOR
SERVICE ATTACKS
DDOS ATTACKS
MARKOV MODEL
WEB
DISTRIBUTIONS
USERS
Summary Botnets have become major engines for malicious activities in cyberspace nowadays. To sustain their botnets and disguise their malicious actions, botnet owners are mimicking legitimate cyber behavior to fly under the radar. This poses a critical challenge in anomaly detection. In this paper, we use web browsing on popular web sites as an example to tackle this problem. First of all, we establish a semi-Markov model for browsing behavior. Based on this model, we find that it is impossible to detect mimicking attacks based on statistics if the number of active bots of the attacking botnet is sufficiently large (no less than the number of active legitimate users). However, we also find it is hard for botnet owners to satisfy the condition to carry out a mimicking attack most of the time. With this new finding, we conclude that mimicking attacks can be discriminated from genuine flash crowds using second order statistical metrics. We define a new fine correntropy metrics and show its effectiveness compared to others. Our real world data set experiments and simulations confirm our theoretical claims. Furthermore, the findings can be widely applied to similar situations in other research fields.
Language eng
DOI 10.1109/TC.2013.191
Field of Research 080109 Pattern Recognition and Data Mining
0803 Computer Software
0805 Distributed Computing
1006 Computer Hardware
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category C1 Refereed article in a scholarly journal
ERA Research output type C Journal article
Copyright notice ©2015, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30077294

Document type: Journal Article
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 3 times in TR Web of Science
Scopus Citation Count Cited 15 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 113 Abstract Views, 1 File Downloads  -  Detailed Statistics
Created: Thu, 10 Mar 2016, 11:12:31 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.