Towards Building a Masquerade Detection Method Based on User File System Navigation
نویسندگان
چکیده
Given that information is an extremely valuable asset, it is vital to timely detect whether one’s computer (session) is being illegally seized by a masquerader. Masquerade detection has been actively studied for more than a decade, especially after the seminal work of Schonlau’s group, who suggested that, to profile a user, one should model the history of the commands she would enter into a UNIX session. Schonlau’s group have yielded a masquerade dataset, which has been the standard for comparing masquerade detection methods. However, the performance of these methods is not conclusive, and, as a result, research on masquerade detection has resorted to other sources of information for profiling user behaviour. In this paper, we show how to build an accurate user profile by looking into how the user structures her own file system and how she navigates such structure. While preliminary, our results are encouraging and suggest a number of ways in which new methods can be constructed.
منابع مشابه
Modeling User Search Behavior for Masquerade Detection
Masquerade attacks are a common security problem that is a consequence of identity theft. Masquerade detection may serve as a means of building more secure and dependable systems that authenticate legitimate users by their behavior. Prior work has focused on user command modeling to identify abnormal behavior indicative of impersonation. This paper extends prior work by modeling user search beh...
متن کاملDecoy Document Deployment for Effective Masquerade Attack Detection
Masquerade attacks pose a grave security problem that is a consequence of identity theft. Detecting masqueraders is very hard. Prior work has focused on profiling legitimate user behavior and detecting deviations from that normal behavior that could potentially signal an ongoing masquerade attack. Such approaches suffer from high false positive rates. Other work investigated the use of trap-bas...
متن کاملGPS Jamming Detection in UAV Navigation Using Visual Odometry and HOD Trajectory Descriptor
Auto-navigating of unmanned aerial vehicles (UAV) in the outdoor environment is performed by using the Global positioning system (GPS) receiver. The power of the GPS signal on the earth surface is very low. This can affect the performance of GPS receivers in the environments contaminated with the other source of radio frequency interference (RFI). GPS jamming and spoofing are the most serious a...
متن کاملFinding Peer-to-Peer File-Sharing Using Coarse Network Behaviors
A user who wants to use a service forbidden by their site’s usage policy can masquerade their packets in order to evade detection. One masquerade technique sends prohibited traffic on TCP ports commonly used by permitted services, such as port 80. Users who hide their traffic in this way pose a special challenge, since filtering by port number risks interfering with legitimate services using th...
متن کاملEpisode Based Masquerade Detection
Masquerade detection is one of major concerns of system security research due to two main reasons. Such an attack cannot be detected at the time of access and any detection technique relies on user’s signature and even a legitimate user is likely to deviate from its usual usage pattern. In the recent years, there have been several proposals to efficiently detect masquerader while keeping the fa...
متن کامل