Methods, systems, and media for masquerade attack detection by monitoring computer user behavior
作者: Shlomo Hershkop , Salvatore J. Stolfo , Malek Ben Salem
DOI:
关键词:
摘要: Methods, systems, and media for masquerade attack detection by monitoring computer user behavior are provided. In accordance with some embodiments, a method detecting attacks is provided, the comprising: monitoring, using hardware processor, first plurality of actions in computing environment; generating intent model based on actions; second determining whether at least one deviates from generated model; include performing an action file environment that contains decoy information response to alert information.
google.co.uk 参考文章(238)
James Butler, Sherri Sparks, Spyware and Rootkits: The Future Convergence. login Usenix Mag.. ,vol. 29, ,(2004)
Daniel Weber, Jeffrey Gold, Mitigation and mitigation management of attacks in networked systems ,(2005)
Nong Ye, A Markov Chain Model of Temporal Behavior for Anomaly Detection information assurance and security. ,(2000)
Tal Garfinkel, Keith Adams, Jason Franklin, Andrew Warfield, Compatibility is not transparency: VMM detection myths and realities HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems. pp. 6- ,(2007)
Malek Ben Salem, Shlomo Hershkop, Salvatore J Stolfo, A Survey of Insider Attack Detection Research Insider Attack and Cyber Security. pp. 69- 90 ,(2008) , 10.1007/978-0-387-77322-3_5
Philip K. Chan, Rachna Vargiya, Boundary detection in tokenizing network application payload for anomaly detection ,(2003)
K. G. Anagnostakis, S. Sidiroglou, W. Y. Chin, V. T. Lam, P. Akritidis, Proximity breeds danger: emerging threats in metro-area wireless networks usenix security symposium. pp. 22- ,(2007)
Wei-Jen Li, Ke Wang, Salvatore J. Stolfo, Fileprint analysis for Malware Detection 1 ,(2005)
Haym Hirsh, Brian D. Davison, Predicting Sequences of User Actions ,(1998)
Carla E. Brodley, Terran Lane, Sequence Matching and Learning in Anomaly Detection for Computer Security ,(1997)