Online masquerade detection resistant to mimicry.
Saved in:
| Title: | Online masquerade detection resistant to mimicry. |
|---|---|
| Authors: | Maestre Vidal, Jorge1 jmaestre@ucm.es, Lucila Sandoval Orozco, Ana1 asandoval@fdi.ucm.es, Javier García Villalba, Luis1 javiergv@fdi.ucm.es |
| Source: | Expert Systems with Applications. Nov2016, Vol. 61, p162-180. 19p. |
| Subjects: | Masqueraders (Computer users), Internet users, Pattern recognition systems, Scheme programming language, Algorithms, Cyberterrorism, Information technology security |
| Abstract: | Masquerade attackers are internal intruders acting through impersonating legitimate users of the victim system. Most of the proposals for their detection suggested recognition methods based on the comparison of use models of the protected environment. However recent studies have shown their vulnerability against adversarial attacks based on imitating the behavior of legitimate users. In order to contribute to their identification, this article introduces a novel detection method robust against evasion strategies based on mimicry. The proposal described two levels of information processing: analysis and verification. At the analysis stage, local alignment algorithms are implemented. In this way it is possible to score the similarity between action sequences performed by users, bearing in mind their regions of greatest resemblance. On the other hand, a novel validation scheme based on the statistical non-parametric U-test is implemented. Through this it is possible to refine the labeling of sequences to avoid making hasty decisions when their nature is not sufficiently clear. In order to strengthen their effectiveness against mimicry attacks, the analysis of the monitored sequences is performed in concurrency. This involves partitioning long sequences with two purposes: making subsequences of small intrusions more visible and analyzing new sequences when suspicious situations occur, such as the execution of never before seen commands or the discovery of potentially harmful activities. The proposal has been evaluated from the functional standard SEA and mimicry attacks. Promising experimental results have been shown, demonstrating great precision against conventional masqueraders (TPR=98.3%, FPR=0.77%) and a success rate of 80.2% when identifying mimicry attacks, hence outperforming the best contributions of bibliography. [ABSTRACT FROM AUTHOR] |
| Copyright of Expert Systems with Applications is the property of Pergamon Press - An Imprint of Elsevier Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Engineering Source |
| FullText | Text: Availability: 0 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 118156658 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Online masquerade detection resistant to mimicry. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Maestre+Vidal%2C+Jorge%22">Maestre Vidal, Jorge</searchLink><relatesTo>1</relatesTo><i> jmaestre@ucm.es</i><br /><searchLink fieldCode="AR" term="%22Lucila+Sandoval+Orozco%2C+Ana%22">Lucila Sandoval Orozco, Ana</searchLink><relatesTo>1</relatesTo><i> asandoval@fdi.ucm.es</i><br /><searchLink fieldCode="AR" term="%22Javier+García+Villalba%2C+Luis%22">Javier García Villalba, Luis</searchLink><relatesTo>1</relatesTo><i> javiergv@fdi.ucm.es</i> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22Expert+Systems+with+Applications%22">Expert Systems with Applications</searchLink>. Nov2016, Vol. 61, p162-180. 19p. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Masqueraders+%28Computer+users%29%22">Masqueraders (Computer users)</searchLink><br /><searchLink fieldCode="DE" term="%22Internet+users%22">Internet users</searchLink><br /><searchLink fieldCode="DE" term="%22Pattern+recognition+systems%22">Pattern recognition systems</searchLink><br /><searchLink fieldCode="DE" term="%22Scheme+programming+language%22">Scheme programming language</searchLink><br /><searchLink fieldCode="DE" term="%22Algorithms%22">Algorithms</searchLink><br /><searchLink fieldCode="DE" term="%22Cyberterrorism%22">Cyberterrorism</searchLink><br /><searchLink fieldCode="DE" term="%22Information+technology+security%22">Information technology security</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: Masquerade attackers are internal intruders acting through impersonating legitimate users of the victim system. Most of the proposals for their detection suggested recognition methods based on the comparison of use models of the protected environment. However recent studies have shown their vulnerability against adversarial attacks based on imitating the behavior of legitimate users. In order to contribute to their identification, this article introduces a novel detection method robust against evasion strategies based on mimicry. The proposal described two levels of information processing: analysis and verification. At the analysis stage, local alignment algorithms are implemented. In this way it is possible to score the similarity between action sequences performed by users, bearing in mind their regions of greatest resemblance. On the other hand, a novel validation scheme based on the statistical non-parametric U-test is implemented. Through this it is possible to refine the labeling of sequences to avoid making hasty decisions when their nature is not sufficiently clear. In order to strengthen their effectiveness against mimicry attacks, the analysis of the monitored sequences is performed in concurrency. This involves partitioning long sequences with two purposes: making subsequences of small intrusions more visible and analyzing new sequences when suspicious situations occur, such as the execution of never before seen commands or the discovery of potentially harmful activities. The proposal has been evaluated from the functional standard SEA and mimicry attacks. Promising experimental results have been shown, demonstrating great precision against conventional masqueraders (TPR=98.3%, FPR=0.77%) and a success rate of 80.2% when identifying mimicry attacks, hence outperforming the best contributions of bibliography. [ABSTRACT FROM AUTHOR] – Name: AbstractSuppliedCopyright Label: Group: Ab Data: <i>Copyright of Expert Systems with Applications is the property of Pergamon Press - An Imprint of Elsevier Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=118156658 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1016/j.eswa.2016.05.036 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 19 StartPage: 162 Subjects: – SubjectFull: Masqueraders (Computer users) Type: general – SubjectFull: Internet users Type: general – SubjectFull: Pattern recognition systems Type: general – SubjectFull: Scheme programming language Type: general – SubjectFull: Algorithms Type: general – SubjectFull: Cyberterrorism Type: general – SubjectFull: Information technology security Type: general Titles: – TitleFull: Online masquerade detection resistant to mimicry. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Maestre Vidal, Jorge – PersonEntity: Name: NameFull: Lucila Sandoval Orozco, Ana – PersonEntity: Name: NameFull: Javier García Villalba, Luis IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 11 Text: Nov2016 Type: published Y: 2016 Identifiers: – Type: issn-print Value: 09574174 Numbering: – Type: volume Value: 61 Titles: – TitleFull: Expert Systems with Applications Type: main |
| ResultId | 1 |