Online masquerade detection resistant to mimicry.

Saved in:
Bibliographic Details
Title: Online masquerade detection resistant to mimicry.
Authors: Maestre Vidal, Jorge1 jmaestre@ucm.es, Lucila Sandoval Orozco, Ana1 asandoval@fdi.ucm.es, Javier García Villalba, Luis1 javiergv@fdi.ucm.es
Source: Expert Systems with Applications. Nov2016, Vol. 61, p162-180. 19p.
Subjects: Masqueraders (Computer users), Internet users, Pattern recognition systems, Scheme programming language, Algorithms, Cyberterrorism, Information technology security
Abstract: Masquerade attackers are internal intruders acting through impersonating legitimate users of the victim system. Most of the proposals for their detection suggested recognition methods based on the comparison of use models of the protected environment. However recent studies have shown their vulnerability against adversarial attacks based on imitating the behavior of legitimate users. In order to contribute to their identification, this article introduces a novel detection method robust against evasion strategies based on mimicry. The proposal described two levels of information processing: analysis and verification. At the analysis stage, local alignment algorithms are implemented. In this way it is possible to score the similarity between action sequences performed by users, bearing in mind their regions of greatest resemblance. On the other hand, a novel validation scheme based on the statistical non-parametric U-test is implemented. Through this it is possible to refine the labeling of sequences to avoid making hasty decisions when their nature is not sufficiently clear. In order to strengthen their effectiveness against mimicry attacks, the analysis of the monitored sequences is performed in concurrency. This involves partitioning long sequences with two purposes: making subsequences of small intrusions more visible and analyzing new sequences when suspicious situations occur, such as the execution of never before seen commands or the discovery of potentially harmful activities. The proposal has been evaluated from the functional standard SEA and mimicry attacks. Promising experimental results have been shown, demonstrating great precision against conventional masqueraders (TPR=98.3%, FPR=0.77%) and a success rate of 80.2% when identifying mimicry attacks, hence outperforming the best contributions of bibliography. [ABSTRACT FROM AUTHOR]
Copyright of Expert Systems with Applications is the property of Pergamon Press - An Imprint of Elsevier Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 118156658
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Online masquerade detection resistant to mimicry.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Maestre+Vidal%2C+Jorge%22">Maestre Vidal, Jorge</searchLink><relatesTo>1</relatesTo><i> jmaestre@ucm.es</i><br /><searchLink fieldCode="AR" term="%22Lucila+Sandoval+Orozco%2C+Ana%22">Lucila Sandoval Orozco, Ana</searchLink><relatesTo>1</relatesTo><i> asandoval@fdi.ucm.es</i><br /><searchLink fieldCode="AR" term="%22Javier+García+Villalba%2C+Luis%22">Javier García Villalba, Luis</searchLink><relatesTo>1</relatesTo><i> javiergv@fdi.ucm.es</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Expert+Systems+with+Applications%22">Expert Systems with Applications</searchLink>. Nov2016, Vol. 61, p162-180. 19p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Masqueraders+%28Computer+users%29%22">Masqueraders (Computer users)</searchLink><br /><searchLink fieldCode="DE" term="%22Internet+users%22">Internet users</searchLink><br /><searchLink fieldCode="DE" term="%22Pattern+recognition+systems%22">Pattern recognition systems</searchLink><br /><searchLink fieldCode="DE" term="%22Scheme+programming+language%22">Scheme programming language</searchLink><br /><searchLink fieldCode="DE" term="%22Algorithms%22">Algorithms</searchLink><br /><searchLink fieldCode="DE" term="%22Cyberterrorism%22">Cyberterrorism</searchLink><br /><searchLink fieldCode="DE" term="%22Information+technology+security%22">Information technology security</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Masquerade attackers are internal intruders acting through impersonating legitimate users of the victim system. Most of the proposals for their detection suggested recognition methods based on the comparison of use models of the protected environment. However recent studies have shown their vulnerability against adversarial attacks based on imitating the behavior of legitimate users. In order to contribute to their identification, this article introduces a novel detection method robust against evasion strategies based on mimicry. The proposal described two levels of information processing: analysis and verification. At the analysis stage, local alignment algorithms are implemented. In this way it is possible to score the similarity between action sequences performed by users, bearing in mind their regions of greatest resemblance. On the other hand, a novel validation scheme based on the statistical non-parametric U-test is implemented. Through this it is possible to refine the labeling of sequences to avoid making hasty decisions when their nature is not sufficiently clear. In order to strengthen their effectiveness against mimicry attacks, the analysis of the monitored sequences is performed in concurrency. This involves partitioning long sequences with two purposes: making subsequences of small intrusions more visible and analyzing new sequences when suspicious situations occur, such as the execution of never before seen commands or the discovery of potentially harmful activities. The proposal has been evaluated from the functional standard SEA and mimicry attacks. Promising experimental results have been shown, demonstrating great precision against conventional masqueraders (TPR=98.3%, FPR=0.77%) and a success rate of 80.2% when identifying mimicry attacks, hence outperforming the best contributions of bibliography. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Expert Systems with Applications is the property of Pergamon Press - An Imprint of Elsevier Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=118156658
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1016/j.eswa.2016.05.036
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 19
        StartPage: 162
    Subjects:
      – SubjectFull: Masqueraders (Computer users)
        Type: general
      – SubjectFull: Internet users
        Type: general
      – SubjectFull: Pattern recognition systems
        Type: general
      – SubjectFull: Scheme programming language
        Type: general
      – SubjectFull: Algorithms
        Type: general
      – SubjectFull: Cyberterrorism
        Type: general
      – SubjectFull: Information technology security
        Type: general
    Titles:
      – TitleFull: Online masquerade detection resistant to mimicry.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Maestre Vidal, Jorge
      – PersonEntity:
          Name:
            NameFull: Lucila Sandoval Orozco, Ana
      – PersonEntity:
          Name:
            NameFull: Javier García Villalba, Luis
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 11
              Text: Nov2016
              Type: published
              Y: 2016
          Identifiers:
            – Type: issn-print
              Value: 09574174
          Numbering:
            – Type: volume
              Value: 61
          Titles:
            – TitleFull: Expert Systems with Applications
              Type: main
ResultId 1