Episode Based Masquerade Detection
نویسندگان
چکیده
Masquerade detection is one of major concerns of system security research due to two main reasons. Such an attack cannot be detected at the time of access and any detection technique relies on user’s signature and even a legitimate user is likely to deviate from its usual usage pattern. In the recent years, there have been several proposals to efficiently detect masquerader while keeping the false alarm rate as low as possible. One of the recent technique, Naive Bayes with truncated command line, has been very successful in maintaining low false alarm rate. This method depends on probability of individual commands. It is more appropriate to consider meaningful groups of commands rather than individual commands. In this paper we propose a method of masquerade detection by considering episodes, meaningful subsequences of commands. The main contributions of the present work are (i) an algorithm to determine episode from a long sequence of commands, and (ii) a technique to use these episodes to detect masquerade block of commands. Our experiments with standard datasets such as SEA dataset reveal that the episode based detection is a more useful masquerade detection technique.
منابع مشابه
Decoy Document Deployment for Effective Masquerade Attack Detection
Masquerade attacks pose a grave security problem that is a consequence of identity theft. Detecting masqueraders is very hard. Prior work has focused on profiling legitimate user behavior and detecting deviations from that normal behavior that could potentially signal an ongoing masquerade attack. Such approaches suffer from high false positive rates. Other work investigated the use of trap-bas...
متن کاملCombining Baiting and User Search Profiling Techniques for Masquerade Detection
Masquerade attacks are characterized by an adversary stealing a legitimate user’s credentials and using them to impersonate the victim and perform malicious activities, such as stealing information. Prior work on masquerade attack detection has focused on profiling legitimate user behavior and detecting abnormal behavior indicative of a masquerade attack. Like any anomaly-detection based techni...
متن کاملMasquerade attacks based on user's profile
There are several problems related to security in computer networks. In this work only detection of masquerade attacks is explored. A masquerade attack occurs when an illegitimate user tries to impersonate a legitimate user; therefore, the masquerade user gets the privileges from the legitime user account. The task of detecting masquerade users is not easy since the masquerade user has yield th...
متن کاملEfficient Masquerade Detection Using SVM Based on Common Command Frequency in Sliding Windows
Masqueraders who impersonate other users pose serious threat to computer security. Unfortunately, firewalls or misuse-based intrusion detection systems are generally ineffective in detecting masqueraders. Anomaly detection techniques have been proposed as a complementary approach to overcome such limitations. However, they are not accurate enough in detection, and the rate of false alarm is too...
متن کاملTowards Building a Masquerade Detection Method Based on User File System Navigation
Given that information is an extremely valuable asset, it is vital to timely detect whether one’s computer (session) is being illegally seized by a masquerader. Masquerade detection has been actively studied for more than a decade, especially after the seminal work of Schonlau’s group, who suggested that, to profile a user, one should model the history of the commands she would enter into a UNI...
متن کامل