Decoy Document Deployment for Effective Masquerade Attack Detection
نویسندگان
چکیده
Masquerade attacks pose a grave security problem that is a consequence of identity theft. Detecting masqueraders is very hard. Prior work has focused on profiling legitimate user behavior and detecting deviations from that normal behavior that could potentially signal an ongoing masquerade attack. Such approaches suffer from high false positive rates. Other work investigated the use of trap-based mechanisms as a means for detecting insider attacks in general. In this paper, we investigate the use of such trap-based mechanisms for the detection of masquerade attacks. We evaluate the desirable properties of decoys deployed within a user’s file space for detection. We investigate the trade-offs between these properties through two user studies, and propose recommendations for effective masquerade detection using decoy documents based on findings from our user studies.
منابع مشابه
Towards Effective Masquerade Attack Detection
Towards Effective Masquerade Attack Detection
متن کاملSequence alignment for masquerade detection
The masquerade attack, where an attacker takes on the identity of a legitimate user to maliciously utilize that user’s privileges, poses a serious threat to the security of information systems. Such attacks completely undermine traditional security mechanisms, including strong authentication and intrusion detection, because the trust imparted in user accounts once they have been authenticated. ...
متن کاملDetecting Masqueraders: A Comparison of One-Class Bag-of-Words User Behavior Modeling Techniques
A masquerade attack is a consequence of identity theft. In such attacks, the impostor impersonates a legitimate insider while performing illegitimate activities. These attacks are very hard to detect and can cause considerable damage to an organization. Prior work has focused on user command modeling to identify abnormal behavior indicative of impersonation. In this paper, we investigate the pe...
متن کاملCombining Baiting and User Search Profiling Techniques for Masquerade Detection
Masquerade attacks are characterized by an adversary stealing a legitimate user’s credentials and using them to impersonate the victim and perform malicious activities, such as stealing information. Prior work on masquerade attack detection has focused on profiling legitimate user behavior and detecting abnormal behavior indicative of a masquerade attack. Like any anomaly-detection based techni...
متن کاملAvoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots
Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...
متن کامل