Online masquerade detection resistant to mimicry
作者: Jorge Maestre Vidal , Ana Lucila Sandoval Orozco , Luis Javier García Villalba
DOI: 10.1016/J.ESWA.2016.05.036
关键词: Computer science 、 Artificial intelligence 、 Identification (information) 、 Evasion (network security) 、 Information security 、 Intrusion detection system 、 Vulnerability (computing) 、 Machine learning 、 Mimicry
摘要: A framework for online detection of masquerade attacks is proposed.At the analysis stage, local alignment algorithms are introduced.At verification a validation scheme based on U-test implemented.For mimicry recognition, parallel monitored actions performed.For evaluating approach, SEA dataset applied. Masquerade attackers internal intruders acting through impersonating legitimate users victim system. Most proposals their suggested recognition methods comparison use models protected environment. However recent studies have shown vulnerability against adversarial imitating behavior users. In order to contribute identification, this article introduces novel method robust evasion strategies mimicry. The proposal described two levels information processing: and verification. At implemented. way it possible score similarity between action sequences performed by users, bearing in mind regions greatest resemblance. On other hand, statistical non-parametric Through refine labeling avoid making hasty decisions when nature not sufficiently clear. strengthen effectiveness attacks, concurrency. This involves partitioning long with purposes: subsequences small intrusions more visible analyzing new suspicious situations occur, such as execution never before seen commands or discovery potentially harmful activities. has been evaluated from functional standard attacks. Promising experimental results shown, demonstrating great precision conventional masqueraders (TPR=98.3%, FPR=0.77%) success rate 80.2% identifying hence outperforming best contributions bibliography.
acm.org
sci-hub.se 参考文章(75)
Malek Ben Salem, Shlomo Hershkop, Salvatore J Stolfo, A Survey of Insider Attack Detection Research Insider Attack and Cyber Security. pp. 69- 90 ,(2008) , 10.1007/978-0-387-77322-3_5
Kymie M. C. Tan, Kevin S. Killourhy, Roy A. Maxion, Undermining an anomaly-based intrusion detection system using common exploits recent advances in intrusion detection. pp. 54- 73 ,(2002) , 10.1007/3-540-36084-0_4
Haym Hirsh, Brian D. Davison, Predicting Sequences of User Actions ,(1998)
Mizuki Oka, Yoshihiro Oyama, Hirotake Abe, Kazuhiko Kato, Anomaly Detection Using Layered Networks Based on Eigen Co-occurrence Matrix recent advances in intrusion detection. pp. 223- 237 ,(2004) , 10.1007/978-3-540-30143-1_12
William DuMouchel, Computer Intrusion Detection Based on Bayes Factors for Comparing Command Transition Probabilities ,(1999)
Haitao Du, Changzhou Wang, Tao Zhang, Shanchieh Jay Yang, Jai Choi, Peng Liu, Cyber Insider Mission Detection for Situation Awareness Studies in computational intelligence. ,vol. 563, pp. 201- 217 ,(2015) , 10.1007/978-3-319-08624-8_9
Mohamed Bouguessa, A practical outlier detection approach for mixed-attribute data Expert Systems With Applications. ,vol. 42, pp. 8637- 8649 ,(2015) , 10.1016/J.ESWA.2015.07.018
Philip A. Legg, Oliver Buckley, Michael Goldsmith, Sadie Creese, Automated Insider Threat Detection System Using User and Role-Based Profile Assessment IEEE Systems Journal. ,vol. 11, pp. 503- 512 ,(2017) , 10.1109/JSYST.2015.2438442
Sufatrio, Roland H. C. Yap, Improving Host-Based IDS with Argument Abstraction to Prevent Mimicry Attacks Lecture Notes in Computer Science. pp. 146- 164 ,(2006) , 10.1007/11663812_8
Zdenka Sitova, Jaroslav Sedenka, Qing Yang, Ge Peng, Gang Zhou, Paolo Gasti, Kiran S. Balagani, HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users IEEE Transactions on Information Forensics and Security. ,vol. 11, pp. 877- 892 ,(2016) , 10.1109/TIFS.2015.2506542