Layered Security Architecture for Masquerade Attack Detection

Saljooghinejad, Hamed; Bhukya, Wilson Naik

doi:10.1007/978-3-642-31540-4_19

Cited by 4 publications

(1 citation statement)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Salem and Stolfo model user search behaviors, based on the assumption that masqueraders do not know the file system, and have different search behaviors than the victim user being impersonated . A recent approach using data across multiple applications is proposed in . This new dataset will allow researchers to investigate which characteristics best represent the user profile.…”

Section: Related Workmentioning

confidence: 99%

Sequence‐based masquerade detection for different user groups

Şen

2014

Security Comm Networks

View full text Add to dashboard Cite

Insider threats are one of the biggest threats that organizations are confronted with today. A masquerader who impersonates another user for his malicious activities has been studied extensively in the literature. The approaches proposed on masquerade detection mainly assume that masquerader behavior will deviate from the typical behavior of the victim. This research presents a rigorous evaluation of sequence-based approaches based on this assumption. The main idea underlying sequence-based approaches is that users type similar commands, in a similar order, every time to do a specific job and, these similarities could distinguish users from others. Sequence-based approaches in the literature only consider commands typed in a specific order, at all times. In this research, we also take into account typing similar commands in a command sequence, but in an unordered way, in the newly proposed method, Matching of Unordered Command Sequences. We compare this new technique with another sequence-based approach called Matching of Ordered Command Sequences, and a command-based approach called Matching of Commands. These techniques are evaluated with varying parameters in order to explore how the order of commands, the variations in a command sequence, and the variety of commands affect masquerade detection. Furthermore, the performance of these methods on different types of users and masqueraders is analyzed. We explore what kind of users are easily distinguishable from others, and what kind of masqueraders are difficult to detect.

show abstract

Section: Related Workmentioning

confidence: 99%