Abstract
Conference Title: 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS) Conference Start Date: 2013, Oct. 23 Conference End Date: 2013, Oct. 25 Conference Location: La Rochelle, France An intrusion and attack detection system usually focuses on classifying a record as either normal or abnormal. In some cases such as insider attacks, attackers rely on feedback from the attacked system, which enables them to gradually manipulate their attempts in order to avoid detection. This paper proposes the notion of accumulative manipulation that can be observed through a number of attempts accomplished by the attacker, which forms the basis of the Attacker Learning Curve (ALC). Based on a controlled experiment, we first show that the ALC for three different attack strategies are consistent between two different groups of subjects. We then define a strategy detection mechanism, which is experimentally shown to be accurate more than 70% of the time. [PUBLICATION ABSTRACT]