REPORT DOCUMENTATION PAGEForm Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503 AGENCY USE ONLY (Leave blank)2. REPORT DATE SEPTEMBER 2005 REPORT TYPE AND DATES COVEREDFinal Apr 00 -Jun 04 TITLE AND SUBTITLE PROFILER-2000: ATTACKING THE INSIDER THREAT AUTHOR(S)R. A. Maxion, K. M. C. Tan, S. S. Killourhy and T. N. Townsend FUNDING NUMBERSC -F30602-00-2-0528 PE -62301E PR -IAST TA -00 WU -06 PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES)Carnegie Mellon University 5000 Forbes Avenue Pittsburgh Pennsylvania 15213-3890 PERFORMING ORGANIZATION REPORT NUMBERN/A SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES)Defense 12b. DISTRIBUTION CODE ABSTRACT (Maximum 200 Words)The Profiler project was concerned with fundamental theoretical and measurement issues in the field of anomaly/intrusion detection, particularly as directed at the problem of insiders. Major issues addressed were: scientifically sound foundations for divers anomaly detectors; tools and methods for assessment of detector effectiveness; and controlled benchmark data sets for testing. Major accomplishments of the project were: determining how the interaction between the architectural aspects of a detection algorithm, such as detection mechanism and coverage, can result in unanticipated vulnerabilities that allow an adversary to undermine the detector; production of calibrated test data sets; and rigorous assessment and error analysis of an anomaly detector in an insider-threat environment. Figure 3.1: The detector coverage (detection map) for stide; A comparison of the size of the detector window (rows) with the ability to detect different sizes of minimal foreign sequence (columns). A star indicates detection……………..12 Figure 3.2: The manifestation of each version of the tracerouteexploit plotted on the detector coverage map for stide, assuming that stide has been configured with a detector window size of 6. Each version of the exploit can be detected by fewer and fewer configurations of stide until the last is invisible……………………....22 Figure 4.1: Graph of the relationship between the number of NBSCs and the anomaly score in the mathematical model of the naive Bayes algorithm…………………32 Figure 4.2: Graph of the effect the number of NBSCs has on the percentage of synthetic datasets in which the masquerader block was correctly detected……………..…35 Figure 4.3: Graph of the effect of NBSCs on the anomaly score of a masquer...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.