Masquerade Attack Detection Using a Search-Behavior Modeling Approach
作者: Salvatore Stolfo , Malek Ben Salem
DOI: 10.7916/D8X63TSV
关键词:
摘要: Masquerade attacks are unfortunately a familiar security problem that is consequence of identity theft. Detecting masqueraders very hard. Prior work has focused on user command modeling to identify abnormal behavior indicative impersonation. This paper extends prior by presenting one-class Hellinger distance-based and SVM techniques use set novel features reveal intent. The specific objective model search profiles detect deviations indicating masquerade attack. We hypothesize each individual knows their own file system well enough in limited, targeted unique fashion order find information germane current task. Masqueraders, the other hand, will likely not know layout another user’s desktop, would more extensively broadly manner different than victim being impersonated. extend research uses UNIX sequences issued users as audit source relying upon an abstraction commands. devise taxonomies commands Windows applications used abstract actions. also gathered our normal masquerader data sets captured environment for evaluation. datasets publicly available researchers who wish study attack rather author identification much reported work. experimental results show reliably detects all with low false positive rate 0.1%, far better published results. limited huge performance gains over same larger features.
columbia.edu
researchgate.net 
sci-hub.st 参考文章(23)
Haym Hirsh, Brian D. Davison, Predicting Sequences of User Actions ,(1998)
Carla E. Brodley, Terran Lane, Sequence Matching and Learning in Anomaly Detection for Computer Security ,(1997)
Haym Hirsh, Brian D. Davison, Toward an adaptive command line interface international conference on human-computer interaction. pp. 505- 508 ,(1997)
K. S. Killhourhy, R. A. Maxion, Investigating a Possible Flaw in a Masquerade Detection System School of Computing Science Technical Report Series. ,(2004)
Mizuki Oka, Yoshihiro Oyama, Hirotake Abe, Kazuhiko Kato, Anomaly Detection Using Layered Networks Based on Eigen Co-occurrence Matrix recent advances in intrusion detection. pp. 223- 237 ,(2004) , 10.1007/978-3-540-30143-1_12
Brian M. Bowen, Shlomo Hershkop, Angelos D. Keromytis, Salvatore J. Stolfo, Baiting Inside Attackers Using Decoy Documents international conference on security and privacy in communication systems. ,vol. 19, pp. 51- 70 ,(2008) , 10.1007/978-3-642-05284-2_4
Kwong H. Yung, Using Self-Consistent Naive-Bayes to Detect Masquerades Advances in Knowledge Discovery and Data Mining. pp. 329- 340 ,(2004) , 10.1007/978-3-540-24775-3_41
Salvatore Stolfo, Ke Wang, One-Class Training for Masquerade Detection ,(2003) , 10.7916/D89C7455
Deanna D. Caputo, Greg Stephens, Brad Stephenson, Megan Cormier, Minna Kim, An Empirical Approach to Identify Information Misuse by Insiders (Extended Abstract) recent advances in intrusion detection. pp. 402- 403 ,(2008) , 10.1007/978-3-540-87403-4_27
Yehuda Vardi, Martin Theusan, Alan F. Karr, Wen-Hua Ju, William DuMouchel, Matthias Schonlau, Computer Intrusion: Detecting Masquerades Statistical Science. ,vol. 16, pp. 58- 74 ,(2001) , 10.1214/SS/998929476