Name
Abstract | ||
|---|---|---|
A framework for online detection of masquerade attacks is proposed.At the analysis stage, local alignment algorithms are introduced.At the verification stage, a validation scheme based on the U-test is implemented.For mimicry recognition, the parallel analysis of monitored actions is performed.For evaluating the approach, the SEA dataset is applied. Masquerade attackers are internal intruders acting through impersonating legitimate users of the victim system. Most of the proposals for their detection suggested recognition methods based on the comparison of use models of the protected environment. However recent studies have shown their vulnerability against adversarial attacks based on imitating the behavior of legitimate users. In order to contribute to their identification, this article introduces a novel detection method robust against evasion strategies based on mimicry. The proposal described two levels of information processing: analysis and verification. At the analysis stage, local alignment algorithms are implemented. In this way it is possible to score the similarity between action sequences performed by users, bearing in mind their regions of greatest resemblance. On the other hand, a novel validation scheme based on the statistical non-parametric U-test is implemented. Through this it is possible to refine the labeling of sequences to avoid making hasty decisions when their nature is not sufficiently clear. In order to strengthen their effectiveness against mimicry attacks, the analysis of the monitored sequences is performed in concurrency. This involves partitioning long sequences with two purposes: making subsequences of small intrusions more visible and analyzing new sequences when suspicious situations occur, such as the execution of never before seen commands or the discovery of potentially harmful activities. The proposal has been evaluated from the functional standard SEA and mimicry attacks. Promising experimental results have been shown, demonstrating great precision against conventional masqueraders (TPR=98.3%, FPR=0.77%) and a success rate of 80.2% when identifying mimicry attacks, hence outperforming the best contributions of bibliography. |
Year | DOI | Venue |
|---|---|---|
2016 | 10.1016/j.eswa.2016.05.036 | Expert Syst. Appl. |
Keywords | Field | DocType |
Adversarial attacks,Identity theft,Information security,Intrusion detection,Masquerade attacks | Data mining,Information processing,Concurrency,Computer science,Identity theft,Information security,Smith–Waterman algorithm,Artificial intelligence,Intrusion detection system,Mimicry,Machine learning | Journal |
Volume | Issue | ISSN |
61 | C | 0957-4174 |
Citations | PageRank | References |
2 | 0.37 | 48 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Jorge Maestre Vidal | 1 | 31 | 8.39 |
| Ana Lucila Sandoval Orozco | 2 | 174 | 26.45 |
| Luis Javier García-villalba | 3 | 88 | 19.66 |