Attack detection in active queue management within large-scale networks control system with information of network and physical system

Khorrami, Ladan Sadeghi; Afshar, Ahmad

doi:10.1109/iraniancee.2016.7585614

Cited by 3 publications

(2 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dynamic access control [83] is a mechanism that is heavily dependent on malicious node assumption to design advanced collision attacks called random poisoning [84]. Other studies used a mathematical model [85], unknown input observers [86], Dynamic Host Configuration Protocol DHCP starvation attack and Transmission Control Protocol TCP [87][88][89], simple statistical measures [90], and Bayesian network model to predict insider threats [91].…”

Section: Cyber Activity Behaviormentioning

confidence: 99%

“…Most of the previous works did not use both behaviors of the cyber and physical systems in analyzing insider threat detections. The majority of scholars aim to detect insiders by observing behaviors either from the cybersecurity or physical security aspects [86]. However, in terms of detecting physical threats, most of the existing studies applied physical access control mechanisms that may control the physical access of unauthorized users to a certain point.…”

Section: Physical and Cyber Behaviormentioning

confidence: 99%

See 1 more Smart Citation

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

et al. 2020

View full text Add to dashboard Cite

Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.

show abstract